UN Women: Manager, Information Security and Compliance
New York City (United States of America)
UN Women, grounded in the vision of equality enshrined in the Charter of the United Nations, works for the elimination of discrimination against women and girls; the empowerment of women; and the achievement of equality between women and men as partners and beneficiaries of development, human rights, humanitarian action and peace and security.
The Information Systems and Telecommunication (IST) Office located in the Division of Management and Administration, is responsible for the strategic planning and development of information and telecommunication systems and services, ICT solutions, sourcing of information systems and equipment to support business needs and for the maintenance, availability, reliability and quality of performance of information and telecommunications systems and services globally in all UN Women offices.
The IST Office strategically outsources significant parts of its infrastructure and software development to commercial vendors as well as UN system partners. UN Women is fully leveraging cloud solutions for all core corporate hosting needs, including Office365 and Microsoft Azure. A number of operational information security activities as well as operations of networks and cloud hosted solutions are outsourced to United Nations International Computing Centre (UNICC) and private sector vendors.
This position is currently the only in-house information security role, and will assist the Chief, Information Systems & Telecommunications Office deciding and initiating actions towards Information Security and Compliance across all ICT initiatives for the entire organization, taking overall charge of the information security programme, including definition of the programme, recommending implementation plans and monitoring implementation and compliance with existing policies and standards.
Under the overall guidance and direct supervision of Chief, Information Systems & Telecommunications Office, the incumbent’s key responsibilities include (1) develop, implement and monitor information security programme; (2) conducting continuous assessments of current IT security practices; (3) oversee daily operation and implementation of IT security operations; and (4) coordinate compliance and audit activities within IST section.
Duties and Responsibilities
Develop, implement and monitor information security programme:
- Prepare strategies and plans addressing Information Security and Risk Management Agency wide;
- Develop policies, standards and procedures designed to protect enterprise data/information, communications, systems and assets from both internal and external threats, including cybersecurity threats;
- Develop, manage and monitor the implementation of ICT security policies and procedures in relation to information access, data backup and retention, data protection, data transfer and other relevant ICT physical and environmental security while ensuring regulatory compliance;
- Maintain an Information Security Awareness programme to train staff on the proper handling of information/data to protect the interest of the Agency at all times;
- Coordinate information security collaboration activities with other United Nations organizations, NGOs, Host governments and where necessary, the private sector;
- Contribute technical inputs to the development of corporate ICT strategy and annual workplans to meet the organization's business goals and information technology requirements.
Conduct continuous assessments of current IT security practices:
- Perform IT security risk assessments and recommend on ways to minimise threats;
- Design and conduct vulnerability assessments and audits;
- Make recommendations and develop risk mitigation action plans to address the risk identified during the assessments or audits;
- Monitor security vulnerabilities and hacking threats in network and host systems;
- Track latest IT security innovations and keeping abreast of latest cyber security technologies;
- Implement an effective process for the reporting of security incidents;
- Oversee the investigation of reported security breaches;
- Develop strategies to handle security incidents and trigger investigations;
- Test and evaluate IT security mechanisms and procedures designed to deal with IT security incidents and emergencies, e.g. viruses, system intrusions, or system failures.
Oversee daily operation and implementation of IT security operations:
- Oversee the management of outsourced IT security services;
- Interact and coordinate with infrastructure team on information security related aspects of operations, respecting and giving leadership to the infrastructure team and developing knowledge of infrastructure staff;
- Review daily information security operations, including reviewing reports, dashboards and alerts from monitoring systems;
- Maintain action plans, project plans, incident, issue and risk registers;
- Conduct reviews of IT architecture from security point of view;
- Review project proposals / design documents for new IT initiatives;
- Function as gatekeeper and approver in governance work flows (project initiation, change request sign-off, release management sign-off);
- Provide a monthly status report on information security status;
- Conduct and coordinate quarterly information security management meetings.
Coordinate compliance and audit activities within IST section:
- Function as coordinator and focal point for all interactions between IST section and internal and external audit functions;
- Address and manage responses to all audit requests for information / documentation for the entire IST section;
- Draft responses to queries and audit findings for the entire IST section;
- Track audit findings and the audit follow up schedule;
- Develop and maintain overview of key policies and other regulatory items and assist in developing action plans for compliance;
- Conduct regular compliance monitoring activities to assess compliance.
Key Performance Indicators:
- A clear plan for UN Women’s information security programme is maintained;
- Regularly conducted information security assessments;
- Incident response is planned and tracked on time;
- Timely Delivery of monthly information security reports to IT management.
- Respect for Diversity.
- Awareness and Sensitivity Regarding Gender Issues;
- Creative Problem Solving;
- Effective Communication;
- Inclusive Collaboration;
- Stakeholder Engagement;
- Leading by Example.
Please visit this link for more information on UN Women’s Values and Competencies Framework: https://www.unwomen.org/-/media/headquarters/attachments/sections/about%20us/employment/un-women-values-and-competencies-framework-en.pdf?la=en&vs=637
- Theoretical and proven technical skills in Intranet/Internet technologies, TCP/IP based networking, IT security measures, risk management as it applies to networks, remote support, administration of offsite networks, technical reviews of IT operations, data protection, formulation of policies related to the use of technology and familiarity with business continuity requirements.
- Proficient in critical, in-depth analysis; training IT personnel and the general staff throughout the Organization in sound security practices.
- Thorough knowledge of concepts and technical skills in systems analysis, software development, application security, data migration, systems documentation, and management of systems development projects.
- Strong professional oral and writing skills, including the development of reports, oral presentations, and technical/persuasive documents for consideration at the highest levels of the Organization.
- Deep knowledge of Microsoft Operating Systems (client and server), Network Security (IPS/IDS/Firewalls/Web filters), Anti malware technologies, log management and security analytics systems, threat information gathering and interpretation, cryptography, vulnerability management, Cloud technologies, identity and access management etc
- Knowledge of ISO27001:2013 standard controls and methods of achieving compliance with the standard. UN Women does not plan to acquire the certification.
- General knowledge of gender equality and women’s empowerment issues.
Required Skills and Experience
- Master’s degree in information technology, computer science, business administration or other related discipline; a first-level university degree in combination with 2 additional years of qualifying experience may be accepted in lieu of the advanced university degree.
- Relevant information security certification, such as Certified Information Security Systems Professional (CISSP), Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA).
- Over 7 years of progressively responsible experience most of it at the managerial level in:
- Experience successfully building and maintaining an information security program in a large and complex organization.
- Experience developing a multi-year information security road map and plan, which included metrics to measure performance and can be understood by a variety of audiences.
- Experience with security and compliance as well as internal and external audits.
- Experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Experience working as part of a diverse team of IT specialists delivering global IT services in a highly decentralized environment
- Hands-on-experience in implementing information security technology solutions such as authentication, encryption, intrusion detection or security information and event management systems.
- Fluency in English is required;
- Knowledge of the other UN official working language is an asset.
All applications must include (as an attachment) the completed UN Women Personal History form (P-11) which can be downloaded from https://www.unwomen.org/-/media/headquarters/attachments/sections/about%20us/employment/un-women-p11-personal-history-form.doc?la=en&vs=558. Kindly note that the system will only allow one attachment. Applications without the completed UN Women P-11 form will be treated as incomplete and will not be considered for further assessment.
In July 2010, the United Nations General Assembly created UN Women, the United Nations Entity for Gender Equality and the Empowerment of Women. The creation of UN Women came about as part of the UN reform agenda, bringing together resources and mandates for greater impact. It merges and builds on the important work of four previously distinct parts of the UN system (DAW, OSAGI, INSTRAW and UNIFEM), which focused exclusively on gender equality and women's empowerment.