Information Security Officer

The OSCE has a comprehensive approach to security that encompasses politico-military, economic and environmental, and human aspects. It therefore addresses a wide range of security-related concerns, including arms control, confidence- and security-building measures, human rights, national minorities, democratization, policing strategies, counter-terrorism and economic and environmental activities. All 57 participating States enjoy equal status, and decisions are taken by consensus on a politically, but not legally binding basis.

The OSCE Secretariat in Vienna assists the Chairmanship in its activities, and provides operational and administrative support to the field operations, and, as appropriate, to other institutions.

The Department of Management and Finance (DMF) is responsible for managing the material and financial resources of the Organization. The objective of DMF is to provide efficient and effective management of non-staff resources in support of OSCE programmatic activities. It provides policy guidance on the management of OSCE financial and material resources and develops and maintains OSCE Financial Regulations and Rules and Financial Administrative Instructions. DMF consists of Budget and Finance Services, Mission Support Section, Information and Communication Technology Section and the Information Security and Co-ordination Unit.

The Information Security and Co-ordination (ISC) Unit assists the Secretary General in his role as Chief Administrative Officer of the OSCE, to protect critical systems and data across all OSCE executive structures. Specifically, ISC is implementing an information security framework and maintaining co-ordination with information security focal points in the executive structures.

Under the supervision of the Chief, Information Security and Co-ordination, the Information Security Officer will be tasked with supporting the Chief, ISC in the management of OSCE-wide information security and developing and maintaining an information security framework, specifically:

1. Establishing common information security policy, vision, objectives and principles across the OSCE;
2. Protecting and managing the integrity, confidentiality and availability of information assets and information systems;
3. Working with executive management to determine acceptable levels of risk for the OSCE;
4. Designing and implementing the program of risk assessment, security assurance (compliance) and monitoring;
5. Acting as the focal point for information security, contributing and coordinating OSCE wide on the approaches needed to secure the OSCE information security and facilitating the sharing of advice and knowledge;
6. Developing and maintaining information security guidelines and policy;
7. Advising on security incident and event management tools and appropriate incident response from cyber-attacks and ensures that ICT strategy and architecture takes into account information security requirements;
8. Representing OSCE in UN inter-agency initiatives (e.g. United Nations Information Security Special Interests Group), working closely with Chief Information Security Officers across the UN;
9. Raising awareness for and training OSCE officials and IT specialists in the application of information security principles;
10. Perform other duties as required.

For more detailed information on the structure and work of the OSCE Secretariat, please see https://www.osce.org/secretariat

• First-level university degree with specialization in Information Systems, Information Security, computer science and/or Business Administration;
• A minimum of six years progressively professional experience in a large public organization, and/or at a senior management level- in a national or international organization or business enterprise;
• Established knowledge of the practical application of Information Systems, Information Security and awareness of financial management and programme budgeting theories;
• Experience in understanding field operations, preferably in information security;
• Experience in proposing and formulating policies and improvements to policies and providing support for internal control with a risk based approach;
• Relevant standing certification in information security area, e.g. CISA, CISM, CISSP, ISO27001 is an asset;
• Detailed knowledge and experience in applying information security management concepts and the ISO27001 management standard would be an advantage;
• Knowledge and experience in ISO31000 risk management standard would be an asset;
• Professional fluency in English with excellent written and oral communication skills; knowledge of other OSCE working languages would be an asset;
• Ability to communicate effectively and offer clear, concise and relevant advice;
• Demonstrated gender awareness and sensitivity, and an ability to integrate a gender perspective into tasks and activities;
• Ability to establish and maintain effective and constructive working relationships with people of different national and cultural backgrounds while maintaining impartiality and objectivity;
• General computer literacy and excellent computer analytical, summarization and presentation abilities, especially in Word, Excel and Power Point.

• Commitment: Actively contributes to achieving organizational goals
• Diversity: Respects others and values their diverse perspectives and contributions
• Integrity: Acts in a manner consistent with the Organization’s core values and organizational principles
• Accountability: Takes responsibility for own action and delegated work

• Communication: Actively works to achieve clear and transparent communication with colleagues and with stakeholders of the Organization
• Collaboration: Works effectively with others on common goals and fosters a positive, trust-based working environment
• Planning: Works towards the achievement of goals in a structured and measured manner
• Analysis and decision-making: Analyses available information, draws well-founded conclusions and takes appropriate decisions
• Initiative-taking: Proposes and initiates new ideas, activities and projects
• Flexibility: Responds positively and effectively to changing circumstances

• Leadership: Provides a clear sense of direction, builds trust and creates an enabling environment
• Strategic thinking: Identifies goals that advance the organizational agenda and develops plans for achieving them
• Managing performance: Helps to maximize team performance by providing active feedback and skill development opportunities

Monthly remuneration is approximately EUR 6,356, depending on post adjustment and family status. OSCE salaries are exempt from taxation in Austria. Social benefits will include possibility of participation in the Cigna medical insurance scheme and the OSCE Provident Fund. Other allowances and benefits are similar to those offered under the United Nations Common System.

Please note that appointments are normally made at step 1 of the applicable OSCE salary scale.

If you wish to apply for this position, please use the OSCE's online application link found under https://jobs.osce.org/vacancies.

  The OSCE retains the discretion to re-advertise/re-post the vacancy, to cancel the recruitment, to offer an appointment at a lower grade or to offer an appointment with a modified job description or for a different duration.

Only those applicants who are selected to participate in the subsequent stages of recruitment will be contacted.

Please note that vacancies in the OSCE are open for competition only amongst nationals of participating States, please see http://www.osce.org/states.

The OSCE is committed to diversity and inclusion within its workforce, and encourages qualified female and male candidates from all religious, ethnic and social backgrounds to apply to become a part of the Organization.

The OSCE is a non-career organization committed to the principle of staff rotation, therefore the maximum period of service in this post is 7 years.

Please be aware that the OSCE does not request payment at any stage of the application and review process.