By continuing to browse this site, you agree to our use of cookies. Read our privacy policy

Chief Information Security Officer - CISO

Copenhagen

  • Organization: UNOPS - United Nations Office for Project Services
  • Location: Copenhagen
  • Grade: P-4, International Professional - Internationally recruited position
  • Occupational Groups:
    • Communication and Public Information
    • Information Technology and Computer Science
    • Security and Safety
    • Managerial positions
  • Closing Date: 2022-09-30

Background Information - Job-specific

The United Nations Office for Project Services (UNOPS) is an operational arm of the United Nations, supporting the successful implementation of its partners' peacebuilding, humanitarian and development projects around the world. Mandated as a central resource of the United Nations, UNOPS provides sustainable project management, procurement and infrastructure services to a wide range of governments, donors and United Nations organisations.  

UNOPS Risk Unit, led by the Chief Risk Officer (CRO), is in charge of the enterprise-wide framework for risk management, internal control and information security and facilitating and overseeing its effective implementation across regions and functions. The CRO reports to the Chief Financial Officer and Director of Administration of UNOPS.

Under the overall guidance of the CRO, the CISO is responsible for shaping UNOPS approach to information security and related risks and associated responses. The CISO will collaborate closely with key stakeholders such as UNOPS leadership, corporate functions and regional organization. Key duty of the CISO is to ensure appropriate standards, mechanisms and improvement plans are in place to effectively manage information security and cyber risks to UNOPS operational performance, compliance and reputation. The CISO will be expected to:

  • Bring in proven expertise in implementing effective information security strategies and solutions fit to an industry, operating model, organizational culture and inherent risks within.

  • Partner with leadership to establish a holistic and integrated approach for managing  information security risks to strategy and global portfolio delivery. Setting, reviewing, communicating and training related Policies and evaluating their effectiveness as well as driving their implementation. Establishing security KPIs and KRIs.

  • Using a risk-based approach, define information security priorities and enable decisions on risk tolerance and allocation of resources for control, mitigation, risk transfer and recovery.

  • Establish and manage capabilities to track and analyze current, emerging and future cyber threats and vulnerabilities, and recommend how to manage them effectively.

  • Drive a culture of openness and accountability, resulting in proactive risk escalation and effective mitigation with clear ownership allocation. Lead by example.

  • Ensure that sound governance is in place to continuously improve UNOPS security posture and benchmark it against relevant peers. Empower and train the organization on effective methods to take ownership over risk assessment, mitigation and continuity planning.

  • Provide advice and recommendations on managing information security threats and incidents. This includes helping to improve UNOPS systems, IT security practices, due diligence, crisis management and related enabling capabilities.

  • Provide leadership with timely reporting on information security risks, issues and mitigations and their implications to the organization. Ensure alignment with the overall risk management framework, reporting principles and expectations of UNOPS’s governing bodies

  • Provide assurance on the implementation of plans/recommendations, working closely with relevant stakeholders (such as Internal Control and Internal Audit). This includes verifying that controls work effectively: e.g. system vulnerabilities and security breaches can be detected and responded to effectively within a reasonable time frame.

  • Across the activities, raise awareness of and ensure alignment with applicable international standards for information security, risk management, business continuity and incident management.


Functional Responsibilities

Summary of functions:

  • Strategic information security advice and insights

  • Capability building and communication

  • Information security management, assurance and oversight

Strategic information security advice and insights

  • Define the vision for an optimized information security capability, in line with UNOPS operational model, project portfolio, risk appetite, IT strategy,applicable regulation and international good practice standards. 

  • Partner with leadership to establish a holistic and integrated approach for managing  information security risks to UNOPS strategy and global portfolio delivery.

  • Review existing roadmaps to ensure they are in alignment with the vision and approach.

  • Identify and advise on mechanisms for driving the culture of accountability and information security becoming part of UNOPS organizational DNA.

  • Provide subject matter expertise into the UNOPS digitalization agenda, ensuring “security by design”.

  • Build business cases for security investments and manage associated budgets.

Capability building and communication

  • Forge collaborative relationships and partner with relevant senior stakeholders in order to:

    • Grow awareness, capability and mechanisms for improving organizational security posture in relation to the threat landscape and maturity benchmarks.

    • Support offices across the regions in assessing their maturity and addressing gaps identified. Transfer knowledge on good practice and related international standards.

    • Build organizational resilience capability cross-functionally.

  • Be an advocate for the benefits of a risk-based approach, mapping of organizational assets and proactive threat assessment. Promote holistic security across people, processes, technology and human aspects and empower business units and employees to take ownership of their role in securing UNOPS. 

  • Build a 24/7 Security Operations Center, and onboard an associated team of IS specialists.

  • Develop a security integration model by designating, training and coordinating cyber risk champions within the regional organization. Prepare and update an annual employee training and awareness plan, as well as induction training for new employees, on information security.

  • Provide innovative solutions to align, and where fit also integrate, 2nd and 3rd Line of Defense work plans, collecting synergies with e.g. Ethics, Risk Management, IT, Internal Control, Business Continuity Management, Insurance, Internal Audit and Investigations.

  • As part of UNOPS digitalization journey, establish continuous horizon scanning and control automation capabilities.

  • Maintain, update, and effectively share knowledge of good practice and relevant benchmarks/case studies with selected focus groups.

  • Recognise exemplary security behavior and address disciplinary action needs for information and system security breaches.

  • Leverage professional networks for knowledge sharing and benchmarking. 

  • Grow personal and IS team’s competence, and ensure that everyone in the team has up-to-date skills through training and professional certifications.

Information security management, assurance and oversight
  • Work in collaboration with the regions and corporate functions (e.g. Partnerships, Implementation Practices & Standards and Integrated Practice Advice & Support) in embedding information security into engagement development, contracting and delivery. Support associated due diligence and identify de-risking and business growth opportunities.

  • Partner with relevant process owners to ensure embedding of information security standards, appropriate management approaches and reporting mechanisms. Propose corrective actions for non-compliance with information security Policies and monitor their implementation.

  • Act as lead expert on securing specific technology solutions and platforms including but not limited to Google Cloud Platform and ERP systems, and deploying dedicated security solutions (e.g. SIEM, DLP, MDM, IAM). Work closely with IT in ensuring that secure system development protocols and competences are effectively in place.

  • Provide advice on the application of international standards (e.g. ISO, NIST and COBIT).

  • Provide advice to a broad range of stakeholders on data classification, data loss prevention, asset inventory, security architecture, vulnerability management, patch management, incident and problem management related protocols, methods and tools.

  • Oversee the work of the Security Operations Center and its performance.

  • Ensure that  phishing tests are performed regularly to verify awareness. Build associated initiatives working closely with the CRO and UNOPS communications team. Consult leadership for the most effective and appropriate communication strategy.

  • Continuously improve the organisation’s capacity to detect and respond to cyber attacks (multi-vector across technology, process, human and physical), including developing metrics to track the effectiveness of defensive capabilities.

  • Support reviewing, testing and improving business continuity and disaster recovery plans.

  • Address potential “false sense of security” through security testing (e.g. internal and external penetration testing, red & purple teaming and war-gaming), verifying that countermeasures work effectively across technology, people, processes and physical domains.

  • Maintain ongoing intelligence on the cyber threat landscape. Advice leadership on associated risks to operations. Use scenario analysis, case studies, bow ties and exposure quantification to articulate complex, technical themes in “business language”, enabling decision making.

  • Define information security risk metrics that “tell stories” to which business leaders can relate, moving beyond compliance and audit focused to a risk-driven approach to security.

  • Implement robust governance mechanisms for monitoring information security practices, surfacing risks, reporting them and monitoring progress in mitigating against them. Ensure timely risk and incident escalation that follows a threshold-based approach.

  • Oversee the implementation of information security related roadmaps and KPI achievement.

  • Provide assurance over the implementation of recommendations/improvements, including their effectiveness in addressing the information and system security threats.

  • Provide status updates of any open roadmap, audit and regulatory items.

  • Support Internal Audit in operating an effective IT Audit capacity that provides independent assurance over the effectiveness of Information Security Management System and management of key security risk exposures.  

  • Optimize portfolio of service providers with accountability for quality assurance.


Competencies

Develops and implements sustainable business strategies, thinks long term and externally in order to positively shape the organization. Anticipates and perceives the impact and implications of future decisions and activities on other parts of the organization.
Treats all individuals with respect; responds sensitively to differences and encourages others to do the same. Upholds organizational and ethical norms. Maintains high standards of trustworthiness. Role model for diversity and inclusion.
Acts as a positive role model contributing to the team spirit. Collaborates and supports the development of others. For people managers only: Acts as positive leadership role model, motivates, directs and inspires others to succeed, utilizing appropriate leadership styles.
Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first. Builds and maintains strong external relationships and is a competent partner for others (if relevant to the role).
Efficiently establishes an appropriate course of action for self and/or others to accomplish a goal. Actions lead to total task accomplishment through concern for quality in all areas. Sees opportunities and takes the initiative to act on them. Understands that responsible use of resources maximizes our impact on our beneficiaries.
Open to change and flexible in a fast paced environment. Effectively adapts own approach to suit changing circumstances or requirements. Reflects on experiences and modifies own behavior. Performance is consistent, even under pressure. Always pursues continuous improvements.
Evaluates data and courses of action to reach logical, pragmatic decisions. Takes an unbiased, rational approach with calculated risks. Applies innovation and creativity to problem-solving.
Expresses ideas or facts in a clear, concise and open manner. Communication indicates a consideration for the feelings and needs of others. Actively listens and proactively shares knowledge. Handles conflict effectively, by overcoming differences of opinion and finding common ground.

Education/Experience/Language requirements

Education:
  • A Master’s degree in computer sciences, telecommunications, mathematics, physics or related fields. A bachelor's degree with a combination of two additional years of relevant experience may be accepted  in lieu of the master's degree.
  • One or more of the following certifications would be critical to success in the role and should be possessed entering the role or within the first 6 months in it:

CISA, CISM, CRISC (or other ISACA certs) 

CISSP (or other ISC2 certs) 

OSCP (or other Offensive Security certs)

The following would be considered as an asset:
  • A University degree in Business Administration will be an asset.
  • Experience with any of the following type work:

Solution developer

System and/or network administrator

Penetration tester

Risk manager

Security consultant

Enterprise Architect

IT manager

IT security manager

IT auditor

Incident responder

Project manager

Team leader

Experience
  • A minimum of 7 years of progressively responsible experience in technical and/or managerial roles in information technology and/or information-security management in a large international and/or corporate organization is required.
  • Within these 7 years, a minimum of 4 years’ responsibility in managing information-security systems or programs of complex organizations in diverse geographic settings is required.
Language requirements:
  • Full working knowledge of English. 
  • Knowledge of another official UN language is an asset.


Background Information - UNOPS

UNOPS is an operational arm of the United Nations, supporting the successful implementation of its partners’ peacebuilding, humanitarian and development projects around the world. Our mission is to help people build better lives and countries achieve sustainable development.

UNOPS areas of expertise cover infrastructure, procurement, project management, financial management and human resources.

Working with us

UNOPS offers short- and long-term work opportunities in diverse and challenging environments across the globe. We are looking for creative, results-focused professionals with skills in a range of disciplines.

Diversity

With over 4,000 UNOPS personnel and approximately 7,000 personnel recruited on behalf of UNOPS partners spread across 80 countries, our workforce represents a wide range of nationalities and cultures. We promote a balanced, diverse workforce — a strength that helps us better understand and address our partners’ needs, and continually strive to improve our gender balance through initiatives and policies that encourage recruitment of qualified female candidates.

Work life harmonization

UNOPS values its people and recognizes the importance of balancing professional and personal demands.


Additional Considerations

  • Please note that the closing date is midnight Copenhagen time
  • Applications received after the closing date will not be considered.
  • Only those candidates that are short-listed for interviews will be notified.
  • Qualified female candidates are strongly encouraged to apply.
  • UNOPS seeks to reasonably accommodate candidates with special needs, upon request.
  • Work life harmonization - UNOPS values its people and recognizes the importance of balancing professional and personal demands. We have a progressive policy on work-life harmonization and offer several flexible working options. This policy applies to UNOPS personnel on all contract types
  • For staff positions only, UNOPS reserves the right to appoint a candidate at a lower level than the advertised level of the post
  • For retainer contracts, you must complete a few Mandatory Courses (around 4 hours) in your own time, before providing services to UNOPS.
  • The incumbent is responsible to abide by security policies, administrative instructions, plans and procedures of the UN Security Management System and that of UNOPS.  

It is the policy of UNOPS to conduct background checks on all potential recruits/interns. Recruitment/internship in UNOPS is contingent on the results of such checks.

Contract type, level and duration

Contract type: staff

Contract level: P4, ICS 11

Contract duration: One year initially, renewable subject to satisfactory performance and funding availability


For more details about United Nations staff contracts, please follow this link: https://www.unops.org/english/Opportunities/job-opportunities/what-we-offer/Pages/UN-Staff-Contracts.aspx

We do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify.
Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.
Apply