ICT Specialist (Cloud Configuration and Vulnerability Management)

The International Fund for Agricultural Development (IFAD) is an international financial institution and a specialized United Nations agency dedicated to eradicating rural poverty and hunger. It does so by investing in rural people. IFAD finances programmes and projects that increase agricultural productivity and raise rural incomes, and advocates at the local, national and international level for policies that contribute to rural transformation.

The Corporate Services Department (CSD), led by the Associate Vice-President, CSD, provides IFAD with the human resources, administrative services, safety and security, information technology resources  and medical support services required to allow IFAD to meet its objectives of enabling rural people overcome poverty. The work of the CSD is undertaken by three divisions (i) Human Resources Division (HRD) (ii) Administrative Services Division (ADM) and (iii) Information and Communications Technology Division (ICT) and three units: (a) Front Office CSD (b) Field Support Unit and (c) Medical Services Unit.

The Information & Communications Technology Division (ICT) delivers secure, reliable, and integrated technology solutions which enable delivery of business value and provide IFAD with a strategic advantage through technical innovation and agile ICT services, and by streamlining corporate processes using effective ICT solutions. It facilitates access to information, ensures reliable and secure availability of information and communication means, provides a sustainable and secure digital environment and offers standard ICT services.

ICT Specialists work under the overall strategic, policy and management guidance of the ICT Director and the direct supervision of an ICT Manager/Senior ICT Specialist.

Information and Communications Technology (ICT) Specialists at this level are seasoned professionals reflecting an in-depth, complete understanding of ICT systems and applications development. The applications development work is original or involves major modifications requiring the development of specifications in consultation with diverse users who have diverse needs.

When tasked with supervision, they are typically supervisors of general service (GS) staff. Frequently ICT Specialists will coordinate the work of and provide technical guidance to external consultants and/or other temporary staff.

Position specific: The Cloud configuration & Vulnerability Management specialist is a well-rounded professional with a sound knowledge of business management, an extensive working knowledge of technologies along with the understanding of a broader digital ecosystem and experience balancing information security to enable an organization’s advancement.

The specialist is responsible for maintaining and improving IFAD’s enterprise information security program as well as refining the policies and standards which protect the assets and associated technology, systems, infrastructure, and processes in the digital ecosystem which IFAD operates.

1. ICT BUSINESS PARTNER: ICT Specialists are credible, trusted partners to the client offices served and the Division where assigned, serving as a responsive and constructive service provider with a focus on results. They participate in the development, implementation and achievement of established ICT Service Level Objectives (SLOs). The incumbent supports the Fund’s ICT strategy and plans as well as models a commitment to systems integrity. ICT Specialists provide seasoned verbal and written advice and guidance to supervisors and staff on the functionality of information and communication technology systems and applications as well as on the requirement for modifications or enhancements/extensions.

2. ICT MANAGEMENT: ICT Specialists are seasoned professionals accountable for development, design, implementation and management of complex, interrelated applications and/or components of major ICT systems. Representative accountabilities/key results include (a) undertaking feasibility studies, systems analysis and design for specific systems, applications and/or for components of the more complex systems of the Fund’s ICT System; (b) translating user requirements into functional and technical specifications for new applications, developing integrating existing modules, developing local enhancements, etc.; (c) configuring systems/application environments and leading the installation, maintenance, problem resolution/trouble shooting, optimization and system/applications upgrades; (d) monitoring transactions to measure the performance and continuing effectiveness of assigned systems and working with systems software personnel to resolve operational problems; (e) writing scripts to extract and transfer data from databases, ensuring security measures to protect confidentiality; (f) developing strategy for specific applications and participating in developing an overall strategy for major systems including addressing interfacing and/or integration requirements; (g) developing training materials, technical and user documentation, and publicity information and training staff in information/data systems; and ensuring that all the necessary technical knowledge and procedures for area of assignment are documented, up-to-date and shared across ICT teams.

3. AGENT OF CHANGE: ICT Specialists understand and apply the principles of change management and proactively serve as a role model for transformation with capacity for acceptance of change. They use a seasoned knowledge of enterprise resource planning (ERP) and other information technology to develop, analyze and promote acceptance of new methods of work and automated workflows. At this level ICT Specialists manage change through consultations with ICT colleagues and outreach to client offices to build an understanding of and to ensure open and regular communications pertaining to current and planned changes in the Fund’s information and communications technology strategy, standards, regulations and rules.

4. MANAGERIAL FUNCTIONS: Accountability for integrity, transparency, and equity in the personal use of assigned IFAD resources, including equipment, supplies and, as applicable, supervised staff.

Position specific:

1. Implements, manages, and monitors the enterprise strategy and program on cloud and on Information Security configuration management, together with related compliance requirements and accepted IT standards.
2. Drives down cyber risk within the context of the IFAD risk apetite whilst improving efficient delivery of the enterprise security program.
3. Ensures alignment of the enterprise information security program with organizational priorities and enables the organization's business objectives. Participates in annual IT planning and budgeting process to advocate and plan for cybersecurity needs of IFAD in alignment with the enterprise cybersecurity strategy and program. Ensures proper implementation of the Information Security Governance, Risk Management & Compliance Framework to ensure proper management and balance of cybersecurity risks, while maintaining strong partnership relevant stakeholders in IFAD.
4. Coordinates within ICT teams to design and implement security controls that enable cost effective business initiatives and reduce risk in IFAD products and platforms.
5. Manages an independent assurance program for cybersecurity to assess, monitor and report on the operating effectiveness of security controls.
6. Implements the establishment and continuous execution of mechanisms for the development, maintenance and enforcement of the information security policies, technical standards, procedures, and control techniques to address information security risks.
7. Participates in the implemention of the enterprise-wide cybersecurity culture and awareness program.
8. Manages the development, implementation, and execution of information security incident response management.
9. Coordinates with departments and offices, providing advice and recommendations on remediation of cyber risks.
10. Liaises with external entities, such as cybersecurity advisory bodies, cyber threat intelligence entities, law enforcement agencies (in coordination with Legal Department), etc. as necessary, to ensure that the organization maintains a strong security posture and is kept well abreast of the relevant threats identified by these external entities.
11. Leads collaboration with business and technical teams to review information security conflicts/gaps between functional goals and existing capabilities. Creates, drives, and realizes end to end enterprise IT security solutions and how decision / design impact IT service delivery while effectively assigning and managing Segregation of Duties (SoD).
12. Oversees vulnerability management practices; drives appropriate actions to ameliorate.
13. Governs the InfoSec policy, controls, and training and develops plans and processes for compliance to internal and external requirements e.g., the SWIFT CSP, EU Pillar 9 Assessment.
14. Oversees the maintenance and implementation of IT business continuity and disaster recovery strategies and solutions to ensure organizational resiliency for the organization

The work of ICT Specialists involves several component parts and requires resolving problems of integration and interface. Thus the work at this level directly impacts the processing work of systems and application users and the overall services provided by the ICT Division; their technical decisions affect the internal structures of the assigned applications and indirectly impact the accomplishment of the Fund’s overall objectives, goals and functions.

The key performance indicators for ICT Specialists at this level include effective design and accurate performance of assigned application development and relevance to client requirements.

Position specific:

Cloud Management: of available and resilient cloud services via initial and ongoing configuration, monitoring and mitigation management

Vulnerability management: to maintain a secure and trusted computing environment

Incident response: to ensure readiness of the organization and effective incident response

Successful delivery of Information Security projects on time and on budget

Quantitative impact on IFAD security and resiliency posture, as expressed in vulnerability management and external cyber ratings

Information security and resiliency culture within the organization: level of change and evolution towards increased maturity.

Internally ICT Specialists at this level are required to explain, clarify and train users on new information and communications technology functionality and operations as well as to develop and clarify user requirements. They persuade users to accept limitations or modifications of applications and provide advice relating to requirements or capabilities requirements. Within the ICT Division: contacts are there for obtaining assistance from other specialists as required to solve exceptionally complex problems and persuading others to accept modifications of specifications. External contacts involve a professional exchange of information with colleagues in the information and communications technology community to collect/exchange information on emerging technology. They may also negotiate with external service providers and/or vendors regarding services and new hardware/software and in the technical evaluation and selection of the same. ICT Specialists at this level are delegated authority to make commitments on routine aspects of the assignment.

Position specific: The Specialist is coordinating within ICT Technical teams as well as with Business stakeholders within and outside of IFAD.

Organizational Competencies:

Level 1:

• Strategic thinking and organizational development: Personal influence
• Demonstrating Leadership: Personal leadership and attitude to change
• Learning, sharing knowledge and innovating: Continuously seeks to learn, shares knowledge and innovates
• Focusing on clients: Focuses on clients
• Problem solving and decision making: Demonstrates sound problem solving and decision-making ability
• Managing time, resources and information: Manages own time, information and resources effectively
• Team Work: Contributes effectively to the team
• Communicating and negotiating: Communicates effectively: creates understanding between self and others
• Building relationships and partnerships: Builds and maintains effective working relationships
• Managing performance and developing staff: Manages staff and teams effectively

Education:

• Level – Advanced university degree from an accredited institution in a technically relevant area. In lieu of an advanced university degree, a first university degree (Bachelor or equivalent) plus at least four (4) additional years of relevant professional experience over and above the minimum number of years of experience requirement may be considered;
• Areas - Computer science, information technology, mathematics or other job related field
• Degree must be an accredited institution listed on https://www.whed.net/home.php .

Certifications: 

Required - One or more of the following: CISSP, CISM, CISA, SANS, CCSP, AZ certifications, CCSK

Experience:

• At least five (5) years of progressively responsible professional experience in information technology, network infrastructure and/or communications technology in a multi-cultural organization or national organization providing support on a global scope.
• Position-specific experience:  Solid knowledge of Secure System and Infrastructure design and principles; knowledge of information security attacks and defenses;
• Knowledge of principles and best practices: NIST Cybersecurity Framework, CIS Controls, CSA, cloud security controls, MITRE ATT&CK Cloud Matrix, demonstrated by relevant certifications where applicable
• Knowledge of cloud security services and technologies: Key management, Monitoring, Information Storage, Database security, IAM, Backup/Resiliency, Cloud and hybrid Networking.
• O365 and Azure implementation and administration skills, specifically: Conditional access policies, sensitivity labels, Manage Data Loss Prevention (DLP), Azure security center, O365 security portalScripting and automation skills: PowerShell, Python, AzureO365 LogicApp, Power Automate for security use cases

Languages:

• Required English (4 – Excellent)
• Desirable: French, Spanish and/or Arabic

Skills:

Job role specific

• Data analysis/architecture, Know-how in the analysis and interpretation of data needs and sources taking into account its operational context, using systems and models to disseminate ensuring integrity, availability to meet reporting and business analytics needs;
• Basic ICT & digital fluency, Expertise relevant to the specific role (e.g. in-depth, computer information systems, including micro-computer operating systems software, hardware and applications software and other office technology equipment), end-user computing configuration management;
• Emerging technologies, Expertise to evaluate and identify business and technical opportunities in emerging technologies including methodologies, tools, systems and applications (including 
• Blockchain, Artificial Intelligence, Predictive Analytics and Machine Learning, Virtual Reality, Robotics, GIS Analytics, etc.);
• Cyber-security, Expertise specific to cyber-security principles, tools, systems and applications;   
• Project/Programme management , Identification of key-priorities, ability to structure work to meet deadlines and adjustment of workplan/resource allocation when needed; Programme management: overall management of portfolio of work (including PMO interaction) with expertise to identify dependencies or bottlenecks between projects, managing changes and risks;
• Agile ICT services, Use various agile methods, such as daily stand-ups, sprints and hackathons, to generate end products early on;
• User experience, Strong focus on the delivery of a positive and intuitive user experience, building on a proactive clarification of user needs and requirements;   
• User technology enablement and support, Advanced configuration and endpoint management, digital mobile communication, seam IT monitoring and backup, incident response and endpoint management;  
• Devops, Expertise in continuous integration, configuration management, deployment automation, infrastructure orchestration and monitoring and analytics; 
• Network and Infrastructure Administration, Expertise in the provisioning, configuration, management, tuning and performance monitoring of the IFAD network and the infrastructure of the IFAD datacentre;
• System and Database Administration, Expertise in the provisioning, configuration, management, tuning and performance monitoring of systems and databases;
• Technical enablement of data analytics and data mining tools, Expertise in the design, development, deployment, maintenance and management of Data Warehouse, data visualization, data analysis, data mining and reporting tools;  3IT Vendor and Contract Management (incl. cloud),  Expertise in contract and vendor management of IT Software, hardware and services (including cloud);  
• Analytical skills, Outstanding  ability to analyse and synthesize qualitative and/or quantitative information from a variety of sources and filter out key insights and recommendations;
• Data Management, Data collection, cleaning, transformation and consolidation ; data-base architecture & development ; data presentation;  3Strategy implementation, Ability to lead and manage the development and implementation of medium to longer-term strategies for IFAD / for respective divisions; 
• Client Orientation, Strong critical thinking combined with communication skills to liaise between the business and technologies to understand business problems and needs, document requirements and identify solutions; 
• Leadership, Group thought leader, sought out by others and providing mentorship and effective guidance to others; Ability to build trust, inside and outside the organization by acting as a role model for IFAD’s core values and competencies, and to provide a clear sense of direction, mentorship and effective guidance to the team, strategizing the IFAD’s goals, giving the vision, empowering the team and ensuring a positive environment for all;
• Change management, Role modelling, anticipation of key risks and conflicts and formulation of contingency plans/solutions, action-oriented; 
• Planning, Know-how in the planning of human, financial and material management of IFAD resources; 
• Budgeting, resource management, Know-how in budget administration and accounting, resource allocation and planning at divisional level; 

Position specific

• Hands-on experience with organisations managing Cloud and Infrastructure services in hybrid environments, both from a datacenter sys admin perspective and also from the perspective of leading cloud providers, covering install, configure, automate, and monitoring of various Cloud Services (IaaS, PaaS, and SaaS)
• Contributes to the infrastructure and Services for all on premises solutions as well as the Cloud Strategy, Op Model Transformation, Cloud Development, Cloud integration and APIs; Cloud Migration, Cloud Infrastructure & Engineering and Cloud Managed Services
• Identifies new tools and processes to improve the cloud platform and automate processes relating to vulnerability management, monitoring and DevSecOps
• Applies innovative methodologies and approaches (including agile) to translate big picture vision to technical solutions through business process, information flow, solution and technical architecture domains
• Manages the relationships with the Business Process Owners (BPO’s), Software Vendors and Hosting Partners to ensure alignment.
• Monitors and maintains together with relevant teams on multiple (DevSecOps) environments based on client requirements
• Understanding of DevOps/Automation tools and familiarity with large-scale ICT architectures and automated deployment techniques in virtual environments; experience in continuous integration and development tools and CI/CD pipelines such as Jenkins; JIRA; Nexus; GitHub Actions; Maven; Gradle; Ansible; Terraform; Packer;
• Strong analytical thinking and problem solving abilities paired with strong implementation skills and the ability to manage multiple assignments simultaneously; Ability to explain technical cyber security concepts and risks to non-technical audiences
• Ability to work under stress and exude a constructive yet focused approach during cyber security incidents and related mitigating phases; propose relevant mitigating decisions rapidly and act accordingly following a structured, organised approach on risk management
• Capacity to manage and coordinate remote teams, and to build constructive relationships with other IT Ops technical teams
• Capacity to communicate effectively with different stakeholders level within ICT as well as with Business stakeholders
• Capacity to coordinate implementation of complex security controls or technical initiatives requiring coordination among different teams (Cloud, Infrastructure, Network, Change management, …)
• Strong experience in the use of Office suite including drafting documents, presentations, data presentation.

IFAD staff members are international civil servants subject to the authority of the President of IFAD. In accordance with IFAD's Human Resources Policy, the President can decide to assign them to any of the activities of the Fund. All International Professional staff members are required to be geographically mobile and positions in the professional category are subject to changes in location at any time in line with strategic priorities and reform initiatives in IFAD.

IFAD is an Equal Opportunity Employer and does not discriminate on the basis of ethnic, social or political background, colour, nationality, religion, age, gender, disability, marital status, family size or sexual orientation.

Please be aware of fraudulent job offers. IFAD does not charge any fees at any stage of the recruitment process. Official communication from IFAD will always come from e-mails ending in @ifad.org.

In the interest of making most cost-effective use of funds and resources, we are only able to respond to applicants who are short-listed for interview. Candidates who do not receive any feedback within three months should consider their application unsuccessful.