Information Security Assistant (G-6)

18663 | Registry 

A roster of suitable candidates may be established for this post as a result of this selection process for both fixed-term established and general temporary assistance posts.

Important:

Recruitment for this post in the General Service category is done on a local basis. As a result, staff are generally recruited from the area in which the particular office is located but could be of any nationality.  Candidates applying to a post in the General Services category shall meet the relevant employment and immigration requirements in the country of the duty station, including fulfilling residence and work permit conditions.

Applicants will be responsible for any expenses incurred in relation to: visa, travel to and from, and relocation to and from the duty station, in the event of an employment offer.

A staff member in the General Service category who has been locally recruited shall not be eligible for the entitlements and/or benefits exclusively applicable to internationally recruited staff.

Organisational Context

Under the direct supervision of the Director of Judicial Services, the Information Management Services Section ensures that the Registry puts in place adequate Information Management (IM) services, for the benefit of all Organs and activities of the Court. The Information Management Services Section will also provide services to other Registry clients, including external parties relying on the policies and technology of the Court. Information services consist of: 

• Information management activities which include: developing policies and best practices for the management of (digital) documents, records and archives; library services and knowledge management, whether technology based or not.
• Information Systems support including systems development, administration and integration.
• Technology Services Operations support, including end-user services, communications and networking technology, audio-visual technology
• Information security activities, including developing policies and best practices, implementing information security standards and managing risk related to information, whether technology based or not.

The Information Management Services Section provides:

• Advice on best practices addressing the needs of its clients and the Court’s and Registry’s strategic objectives.
• Integrated solutions (i.e. systems, policies and processes) relying on industry best-practices on all aspects of information services related to capturing, storing, preserving, delivering, securing and managing information and communication.
• Leadership and dialogue with clients in relation to the innovation, awareness and adoption of new information practices, tools and technology-enabled processes and practices that will improve productivity, effectiveness, information sharing and availability.
• Strategic input and support for the implementation of a continuous change management process harnessing the use of information and technologies.

The Information Security Unit provides:

• Management of the Court's information security objectives through the close alignment of security strategies with business outcomes.
• Coordination of the management of information risk through continuous evaluation of business activities, technologies and close liaison with stakeholders.
• A central source of reference for information security policies, standards and procedures, offering dependable advice and guidance on good security practices and information risk management.
• Centralised cyber security and threat management capabilities coupled with incident detection and response.
• Security awareness training and education to end users and business units.

Duties and Responsibilities

• Records and documents security compliance issues according to the issue management procedure and identifies issues that cannot be resolved within the existing security policies.
• Monitors internal operational security and control measures, including all applications on the ICC network to identify vulnerabilities, anomalies, incidents or suspicious behaviour.
• Participates in identifying and resolving information security incidents, assessing information on incidents and taking appropriate action.
• Identifies and assesses risks to information systems and proposes measures to manage the risks.
• Contributes to the development of enhanced security policies, procedures, processes and systems.
• Assists in the implementation of new/enhanced security solutions (infrastructure and/or application) including the design, configuration, development, testing and deployment of security-related technologies such as next generation firewalls, identity & access management systems, data loss prevention, network access control, vulnerability management, threat intelligence,  security information & event monitoring (SIEM) solutions, etc.
• Administers and maintains information security systems and technologies.
• Provides technical security assistance and training to clients as required.
• Participates in digital forensic activities.
• Prepares related documentation, reports and statistics.
• Contributes to the development of knowledge and information sharing within the unit.

Essential Qualifications

Education:

Diploma of secondary education.

Experience:

• A minimum of 8 years of progressively responsible relevant experience in the information security field with a strong practical emphasis on operating information security-related technologies. An advanced or a first-level university degree may be considered as a substitute for two years' working experience only to determine eligibility.
• Certification or experience in implementing information security systems and services according to a formal management framework (ISO 27001, COBIT, ITIL or similar) would be a strong asset.
• Current relevant certification via an internationally recognised information security certification body in at least one of the following: GSEC, SSCP, HISP, CompTIA Security+, CEH, CISSP or similar would be a strong asset.

Knowledge, skills, and abilities:

• The ability to work harmoniously in a multi-cultural environment and deal with the pressures of changing priorities and rapidly escalating incidents.
• The ability to analyse, assess and balance options and to prioritise work effort.

Knowledge of languages:

Proficiency in one of the working languages of the Court (French or English) is required. Working knowledge of the other is an asset. Knowledge of another official language of the Court (Arabic, Chinese, Russian and Spanish) would be considered an asset.