By continuing to browse this site, you agree to our use of cookies. Read our privacy policy

Deputy Chief Information Security Officer

New York City

  • Organization: UNDP - United Nations Development Programme
  • Location: New York City
  • Grade: Mid level - P-4, International Professional - Internationally recruited position
  • Occupational Groups:
    • Operations and Administrations
    • Information Technology and Computer Science
    • Security and Safety
    • Managerial positions
  • Closing Date: Closed

Background

Job Purpose and Organizational Context

The United Nations Development Programme is the global development network of the United Nations system that is on the ground in 177 countries, with its Headquarters in New York, USA. The Bureau for Management Services (BMS) is a central Bureau tasked with the development of corporate strategies, policies, tools and systems in key cross-cutting management areas. Drawing on sound analytics and a risk-management approach, BMS supports the achievement of development results through management advice, innovative business solutions, and other corporate services in line with international best practices and evolving needs and expectations of development partners. BMS also ensures policy adherence in operations management within UN Rules & Regulations, safeguarding UNDP’s accountability vis-à-vis Member States and other stakeholders.

UNDP is an operational backbone to the UN system: providing payroll, financial transactions, common premises, treasury investment, procurement, legal services to UN agencies. UNDP provides IT support for 13 UN entities with 40,000 United Nations and external users of the UNDP’s Atlas ERP system, as well as information and communication technology (ICT) and application solutions for the United Nations field presence. To support the UNDP Digital Strategy 2019-2021 and enable the digital transformation of the organization, the Office of Information Management and Technology (OIMT) is tasked with developing and operating the enabling corporate technology platforms and providing related services that power the digital transformation including: (1) advice, administration and acceleration services to promote delivery of maximum business value of each platform; (2) a global service desk operation; (3) and outreach services to promote knowledge sharing and effective, agile planning and governance of technology development and utilization.

Under the supervision of the Chief Information Security Officer (CISO), the incumbent is the second-in-command of UNDP’s cybersecurity unit. 

Impact of Results:

Errors, omissions, or lapses in this function could lead to serious cyber security incidents not properly detected, responded and contained significantly degrading organization’s productivity, finance or reputation.

Duties and Responsibilities

Under the direction of the CISO the incumbent is responsible for:

Implementing ICT security strategies and policies

  • Identifying, developing, and coordinating the implementation of UNDP’s global ICT Security strategies and, policies.
  • Providing cybersecurity awareness and training to UNDP staff and units, as needed.
  • Provide advice and guidance to UNDP offices on technical disaster recovery arrangements to ensure compliance with organization’s standards.

Organising cybersecurity programmatic assistance

  • Assist in formulating security requirements for new ICT projects. Validate whether security requirements are met for specific ICT implementations or changes to existing infrastructure and applications.
  • Collect feedback from UNDP IT personnel in HQ, COs as well as end users about the effectiveness of cyber security controls, prepare and share reports about effectiveness with teammates and management.
  • Providing oversight on the compliance of the business units with the approved ICT Security policies and programmes.
  • Provide subject matter expertise in reviews and audits performed by the organization.
  • Performing risk and vulnerabilities assessments
  • Chairs the UNDP cyberincident response team.
  • Performing risk and vulnerability assessments and recommending mitigating actions, operating cyber security systems like SIEM and IDS and responding to security incidents.
  • Assess ICT systems of the organization for existing security vulnerabilities or possible cyber security risks and proposes remediations or security controls to mitigate risks of high severity.
  • Suggest improvements to cyber security architecture. Implement security controls to mitigate related risks for the organization.
  • Monitor and evaluate events, alerts and notifications from the cyber security infrastructure for indications of suspicious/unauthorized activity. Responds to detected or reported cyber security incidents.
  • Monitor vendor and industry alerts, warnings and security advisories, and follow up with appropriate system and service owners within the organization to ensure that corresponding risks are mitigated.

Maintaining disaster recovery and business continuity plans

  • Maintaining the disaster recovery and business continuity plans of OIMT and providing annual training and testing to OIMT personnel.
  • Assist in Service Continuity and Availability and Business Continuity planning of the Office of Information Management and Technology (OIMT).
  • Help develop security awareness trainings and periodic advisory communications to ICT professionals and broader user community.
  • Prepare and present other related in-house trainings on security best practices and related topics for broad range of audiences.

Improving ISO 27001 Information Security Management System 

  • Assists the CISO with maintaining the ISO 27001 certification and the overall implementation of the Information Security Management System.
  • Maintain a variety of cloud-native security solutions, including but not limited to: Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), intrusion detection, vulnerability discovery and network monitoring devices. Develop automation pipelines and custom scripts to reduce manual labor and minimize human error. Create and maintain appropriate documentation.

Competencies

Core     

Innovation

  • Ability to make new and useful ideas work.         

Leadership

  • Ability to persuade others to follow        

People Management

  • Ability to improve performance and satisfaction.              

Communication

  • Ability to listen, adapt, persuade and transform.

Delivery

  • Ability to get things done while exercising good judgement.         

Technical/Functional     

  • Strong ability to adapt and learn quickly in a changing organizational environment.
  • Strong analytical skills and familiarity with the analysis of competing hypotheses. Demonstratable practical knowledge in the field of Cyber Threat Intelligence is desired.
  • Ability to deliver results under minimal supervision and work effectively in a geographically distributed team environment.
  • Knowledge of international standards and best practices in cybersecurity, risk and service management (ISO 27001:2005, 9001:2015, 20000:2011).
  • Capable of developing solutions to automate cybersecurity tasks using Python.
  • Strong knowledge of the modern cloud-native application technologies like containers, microservices, service mesh. Practical knowledge of Kubernetes and Microsoft Azure are desired.

 

Knowledge Management and Learning

  • Ability to efficiently handle and share information and knowledge.           

Development and Operational Effectiveness

  • Knowledge of development effectiveness concepts, principles and issues and the ability to apply to strategic and/or practical situations, covering the economic, social and environmental dimensions. 

Resource mobilization

  • Ability to identify and organize programmes and projects to implement solutions and generate resources

Corporate Competencies:

  • Demonstrates integrity by modeling the UN’s values and ethical standards;
  • Promotes the vision, mission, and strategic goals of UNDP;
  • Displays cultural, gender, religion, race, nationality and age sensitivity and adaptability;
  • Treats all people fairly without favoritism.

Required Skills and Experience

Education:

  • Master’s in Information Systems, Computer Science, or other Computer Engineering field with 7 years of experience or Bachelor’s degree in the relevant areas with 9 years of specialized relevant experience.
  • Professional cybersecurity certifications like CISSP, CISA, GCIH, GCFA, GCTI or related certifications.

Experience:

  • Minimum 7 years of relevant experience in a large enterprise setting like UNDP;
  • Experience working in the culture of an international setting is an asset.
  • Demonstrated experience and exposure in the international cyber security arena;
  • Experience in directing cyber-incident response activities.
  • Experience of working with cybersecurity constituencies at the enterprise scale and familiarity with on-duty incident response arrangements.

Language Requirements:

  • Fluency in English (Strong communication skills - both oral and written);
  • Working knowledge of another UN language is desired.

Other:

  • Non-Smoking environment.

Disclaimer

Important information for US Permanent Residents ('Green Card' holders)

Under US immigration law, acceptance of a staff position with UNDP, an international organization, may have significant implications for US Permanent Residents. UNDP advises applicants for all professional level posts that they must relinquish their US Permanent Resident status and accept a G-4 visa, or have submitted a valid application for US citizenship prior to commencement of employment. 

UNDP is not in a position to provide advice or assistance on applying for US citizenship and therefore applicants are advised to seek the advice of competent immigration lawyers regarding any applications.

Applicant information about UNDP rosters

Note: UNDP reserves the right to select one or more candidates from this vacancy announcement.  We may also retain applications and consider candidates applying to this post for other similar positions with UNDP at the same grade level and with similar job description, experience and educational requirements.

Workforce diversity

UNDP is committed to achieving diversity within its workforce, and encourages all qualified applicants, irrespective of gender, nationality, disabilities, sexual orientation, culture, religious and ethnic backgrounds to apply. All applications will be treated in the strictest confidence.

Scam warning

The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.

 

This vacancy is now closed.
However, we have found similar vacancies for you: