Safeguards Security Specialist(P4)
The Department of Safeguards (SG) is the organizational hub for the implementation of IAEA safeguards. The IAEA implements nuclear verification activities for some 180 States in accordance with their safeguards agreements. The safeguards activities are undertaken within a dynamic and technically challenging environment including advanced nuclear fuel cycle facilities and complemented by the political diversity of the countries.
The Department of Safeguards consists of six Divisions\: three Operations Divisions\: A, B and C, for the implementation of verification activities around the world; three Technical Divisions\: Division of Concepts and Planning, Division of Information Management, and Division of Technical and Scientific Services; as well as three Offices\: the Office for Verification in Iran, the Office of Safeguards Analytical Services and the Office of Information and Communication Services.
The main objective of the Department is to maintain and further develop an effective and efficient verification system in order to draw independent, impartial and timely safeguards conclusions, thus providing credible assurances to the international community that States are in compliance with their safeguards obligations. The departmental operating environment is interactive, participative and dynamic with continuous inputs received from the Board of Governors, the General Conference, policy- and decision-makers, as well as counterparts in Member States and in the international development community.
Within the Department of Safeguards, the Office of Information and Communication Systems (SGIS) is the centre of competence for the specification, development and maintenance of information and communication technology (ICT) systems and for the management of all ICT infrastructure and services to support safeguards. In partnership with other organizational entities, SGIS is responsible for planning and implementing an ICT strategy as well as enforcing ICT standards.
Reporting to the Director, SGIS, the Safeguards Security Specialist is responsible for delivering the Departments security programmes in the areas of information security; physical security; business continuity and disaster recovery. The incumbent achieves security outcomes through the management of security projects; developing processes, procedures, policies; managing risk assessments and the resultant risk treatment plans; contributing towards improving and delivering security operations; and managing security awareness programmes. The incumbent takes a leading role in all aspects of the security of Departmental staff and information in headquarters, non-headquarters locations, and for staff in the field. The incumbent assists with planning for and responding to issues such as serious incidents and threats to safety of staff and their dependents, as well as threats to the security of Safeguards information.
The Safeguards Security Specialist is\:
a) a technical expert in the design and formulation of security measures, architectures, tools, and policies on all aspects of security, with special emphasis on Information Security and security awareness;
b) a solution provider, coordinating the delivery of the Departments security programme, security awareness programmes, and security operations;
c) a facilitator, soliciting inputs from other specialists and assisting in defining, planning, and executing projects and products;
d) an advisor, championing innovation, new approaches and best practices for security throughout the Departments business activities.
Functions / Key Results Expected
- Manage various aspects of the Departments security programme in accordance with Safeguards security policies as described below and as directed by management.
- Implement, monitor, evaluate, and operate a wide range of Safeguards security management policies and procedures and assist in developing clear goals that are consistent with agreed strategies.
- Ensure that clear and timely expert advice and notifications are provided to management and staff on security issues through meetings, workshops, websites, and other communications mechanisms.
- Strengthen risk-based strategy and planning for the Departments security programmes and conduct security assessments and reviews to ensure that appropriate security controls are in place and continuously improved and to report on risk to various stakeholders.
- Create security policies, procedures, standards and guidelines for the Department regarding security and publish them in accordance with the Departments established procedures.
- Serve as a focal point for security incidents and recovery of an incident within the Department and, as appropriate, with other IAEA incident response teams, as well as documenting, evaluating and monitoring the appropriate follow up actions
- Author technical documents for Member States, internal audiences, and external partners with regard to security.
- Participate in meetings where security and security architectural concerns must be appropriately considered as a subject matter expert; participate in the assignment and follow up of actions.
- Determine the level of classification of information assets and ensure the protection thereof.
- Create and publish innovative training courses related to security and provide end-user training on security awareness and related topics for staff and stakeholders.
- Plan and execute security projects, participate in continuous security improvement activities.
Competencies and Expertise
|Planning and Organizing||Plans and organizes his/her own work in support of achieving the team or Sectionâs priorities. Takes into account potential changes and proposes contingency plans.|
|Communication||Communicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions.|
|Achieving Results||Takes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Divisionâs programme. Evaluates his/her results realistically, drawing conclusions from lessons learned.|
|Teamwork||Actively contributes to achieving team results. Supports team decisions.|
|Client orientation||Helps clients to analyse their needs. Seeks to understand service needs from the clientâs perspective and ensure that the clientâs standards are met.|
|Commitment to continuous process improvement||Plans and executes activities in the context of quality and risk management and identifies opportunities for process, system and structural improvement, as well as improving current practices. Analyses processes and procedures, and proposes improvements.|
|Technical/scientific credibility||Ensures that work is in compliance with internationally accepted professional standards and scientific methods. Provides scientifically/technically accepted information that is credible and reliable.|
|Information Technology||Guidance Development||Experience in developing security guidance for various audiences including developers, infrastructure teams, systems engineers, technical staff, non-technical staff, and business partners.|
|Information Technology||IT Disaster Recovery Frameworks||Exposure to and working with disaster recovery and business continuity efforts.|
|Information Technology||IT Security||Expert in security aspects of IT systems with demonstrated experience.|
|Information Technology||Information Security and Risk Management||Expert in information security and risk management concepts and practice with demonstrated experience with technical security controls and technical information security activities such as incident response.|
|Management and Programme Analysis||Partnership Development||Work across teams, divisions, departments and with external stakeholders in order to achieve results both within and externally to the organization.|
|Management and Programme Analysis||Programme Management||Experience managing security projects and delivering complex, multi-stakeholder products that reduce risk or bring about new capabilities.|
|Information Technology||Application Architecture||Expertise in services-oriented application architecture and concepts and the ability to understand how complex, data-intensive information systems interact at the application and services layers.|
|Information Technology||Systems Development||Software development experience and/or automation, scripting, and data transformation experience.|
|Information Technology||Systems Engineering||Engineering systems for security, infrastructure, communications, and information technology services.|
|Training||Training Design||Demonstrated experience with designing and delivering training, security awareness programmes, and representing security interests in meetings and workshops.|
Qualifications, Experience and Language skills
- An advanced university degree in IT security, information security, computer security, computer science, information systems management or other related field. A first level degree in IT security, information security, computer security, computer science, information systems management with additional 3 years of relevant work experience will be considered in lieu of the advanced university degree.
- Certifications in disaster recovery, business continuity, or crisis management are an asset. Certifications in information security is an asset
- At least 7 years of progressively responsible relevant experience in the field of security, with a demonstrated capabilities in technical security controls.
- Experience in project management and strategic planning.
- Strong communications and presentation skills, including the ability to present to internal and external stakeholders and to both technical and non-technical audiences.
- Knowledge of international safeguards would be an asset.
- Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.
The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $72637 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 29854, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave, pension plan and health insurance
Applications from qualified women and candidates from developing countries are encouraged
Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values)\: Integrity, Professionalism and Respect for diversity. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process