IT Analyst (Security & Resilience)

The International Fund for Agricultural Development (IFAD) is an international financial institution and a specialized United Nations agency dedicated to eradicating rural poverty and hunger. It does so by investing in rural people. IFAD finances programmes and projects that increase agricultural productivity and raise rural incomes, and advocates at the local, national and international level for policies that contribute to rural transformation.

The Corporate Services Department (CSD), led by the Associate Vice-President, CSD, provides IFAD with the human resources, administrative services, safety and security and information technology resources required to allow IFAD to meet its objectives of enabling rural people overcome poverty. The work of the CSD is undertaken by three divisions (i) Human Resources Division (HRD) 
(ii) Administrative Services Division (ADM) and (iii) Information and Communications Technology Division (ICT), (iv) Security Section and three units: (a) Front Office CSD (b) Field Support Unit and (c) Medical Services Unit.

The Information & Communications Technology Division (ICT) delivers secure, reliable, and integrated technology solutions which enable delivery of business value and provide IFAD with a strategic advantage through technical innovation and agile ICT services, and by streamlining corporate processes using effective ICT solutions. It facilitates access to information, ensures reliable and secure availability of information and communication means, provides a sustainable and secure digital environment, and offers standard ICT services. 

ICT Analysts work under the overall management guidance of the Director, ICT, and the direct supervision of an ICT Manager, or a Senior ICT Specialist, or ICT Specialist.

The incumbent works under the direct supervision of the Senior ICT Specialist (Operational IT Security & Resiliency - Task Force Coordinator).

The Information Communications Technology Analyst is typically an entry level position designed to build expertise in a broad range of ICT occupations. The incumbent works under the overall strategic policy and management guidance of the Director of the Information Communications Technology Division (ICT) and the direct supervision of an ICT manager or specialist. The Analyst independently performs routine and non-routine work within established precedents; complex precedent setting recommendations are developed in consultation with the supervisor or other subject matter expert.

Position specific:

The ICT Analyst (IT Security & Resiliency) is an experienced information security professional with a sound knowledge of business management, and extensive working knowledge of technologies along with an understanding of the broader digital ecosystem, and with experience balancing information security to enable an organization’s advancement.

The incumbent is responsible for maintaining and improving IFAD enterprise information security programs as well as supporting the updating of policies and standards which protect the assets and associated technology, systems, infrastructure, and processes within the digital ecosystem IFAD operates.

1. ICT BUSINESS PARTNER: The ICT Analyst focuses on customer service client outreach. The incumbent provides verbal and written advice and guidance to supervisors and staff on information technology platforms, systems/applications, and procedures, facilitating a mutual understanding of issues and roles in the management of IFAD’s Information Technology environment. The Analyst supports ICT best practices in the Fund through outreach to other private and public sector organizations to identify potential solutions to address IFAD client concerns, as well as maintaining open communications with counterparts in other UN and IFI organizations to further discussions with ICT Specialists, internal committees and/or review boards.

2. INFORMATION AND COMMUNICATION TECHNOLOGY EXPERT: The ICT Analyst builds their knowledge base and expertise in the information technology and/or communications fields as well as in the Fund’s ICT strategy, principles, standards and systems/applications. The incumbent may be assigned to an ICT generalist team providing support to a large, complex group of clients or rotating through the various ICT occupations (Infrastructure, Technical Support, Customer Service/Change Management, Solution Development) to develop an in-depth knowledge of individual ICT activities. The Analyst is assigned routine and non-routine casework and system implementation requiring the analysis and synthesis of issues and problems and interpretation of established, formal guidelines to address and recommend solutions or further actions required. Work at this level is carried out with a higher level Professional and involves the planning, design, development, implementation and maintenance of computer information systems, and includes responsibility for independently completing parts of work related to specific areas, such as undertaking feasibility studies, analyzing and modifying existing applications, maintaining systems software, designing and writing components of computer programs. 

3. MANAGERIAL FUNCTIONS: Accountable for integrity, transparency, and equity in the personal use of assigned IFAD resources, including equipment, supplies and, as applicable, supervised staff.

Position specific:
The ICT Analyst (IT Security & Resiliency):
1.    Supports implementation, management, and monitoring the enterprise strategy, and program for Information Security and IT risk management
2.    Helps drives down cyber risk within the context of the IFAD risk appetite whilst improving efficient delivery of the enterprise security programs.
3.    Supports the alignment of the enterprise information security program with organizational priorities and enables the organization's business objectives.
4.     Supports ICT teams to design and implement security controls that enable cost-effective business initiatives and reduce risk in IFAD products and platforms.
5.    Implements the establishment and continuous execution of mechanisms for the development, maintenance and enforcement of the information security policies, technical standards, procedures, and control techniques to address information security risks.
6.    Participates in the implementation of the enterprise-wide cybersecurity culture and awareness program.
7.    Participates in the development, implementation, and execution of information security incident response management.
8.    Supports departments and offices, providing recommendations on remediation of cyber risks.
9.    Under the guidance of the supervisor, the incumbent will liaise with external entities, such as cybersecurity advisory bodies, cyber threat intelligence entities, law enforcement agencies (in coordination with Legal Department), etc. as necessary, to ensure that the organization maintains a strong security posture and is kept well abreast of the relevant threats identified by these external entities.
10.    Liaises with business and technical teams to review information security conflicts/gaps between functional goals and existing capabilities. Participates in the design of end-to-end enterprise IT security solutions and contributes to decision / design impact of IT service delivery while effectively assigning and managing Segregation of Duties (SoD).
11.    Participates in vulnerability management practices; drives appropriate actions to ameliorate.
12.    Participates in the governance of InfoSec policy, controls, and training, and develops plans and processes for compliance with internal and external requirements e.g. the SWIFT CSP, EU Pillar 9 Assessment.
13.    Participates in the maintenance and implementation of IT business continuity and disaster recovery strategies and solutions to ensure organizational resiliency for the organization.

The work requires analysis of individual cases, systems and processes.  While the type of analysis and decision-making varies among different ICT specialties, typical examples include: interpreting customer requirements, performing analysis of solutions available and recommending courses of action designed to solve client IT-related issues and opportunities.

Position specific: The ICT Analyst (IT Security & Resiliency) impacts:
•    Training: ensuring user awareness training is effective
•    Vulnerability management: maintaining a secure and trusted computer environment
•    Incident response: ensuring effective incidence response

The working relationships of ICT Analysts involve both written and verbal communications to obtain and provide information regarding decisions on specific cases or to explain why an action has been taken or to obtain information needed to take decisions or to further support ICT processes. Internal Fund contacts extend to supervisors and staff throughout the Fund to seek understanding and obtain the assistance or cooperation of persons who are mainly involved in routine ICT matters. This requires skill in building constructive, effective relationships. External contacts are predominantly with colleagues in the professional community in such areas as use of language and software and with vendors to collect/exchange information on technology.

Position specific:
The ICT Analyst (IT Security & Resiliency) works with ICT Technical teams as well as with Business stakeholders in IFAD.

Organizational Competencies:

Level 1:

• Building relationships and partnerships - Builds and maintains effective working relationships
• Communicating and negotiating - Communicates effectively; creates understanding between self and others
• Demonstrating leadership - Personal leadership and attitude to change
• Focusing on clients - Focuses on clients
• Learning, sharing knowledge and innovating - Continuously seeks to learn, shares knowledge & innovates
• Managing performance and developing staff -
• Managing time, resources and information - Manages own time, information and resources effectively
• Problem-solving and decision-making - Demonstrates sound problem-solving and decision-making ability
• Strategic thinking and organizational development - Personal influence
• Team working - Contributes effectively to the team

Education:

• Level – Advanced university degree from an accredited institution in a technically relevant area. In lieu of an advanced university degree, a first university degree (Bachelor or equivalent) plus at least four (4) additional years of relevant professional experience over and above the minimum number of years of experience requirement may be considered;
• Areas - Computer science, information technology, mathematics or other job-related field
• Degree must be an accredited institution listed on https://www.whed.net/home.php .

Certifications: 
Required: CISSP, CISM, CISA, OSCP or similar

Experience:

• Minimum of two (2) years of progressively relevant experience is required. 
   
• Position-specific experience: Progressively responsible professional experience in the support of planning, design, development/implementation and maintenance of information security technology and governance systems, in any of the following roles: information security governance, security solutions administration, secure coding and agile development. 
• Solid knowledge of Secure System and Infrastructure design and principles; knowledge of information security attacks and defences. 
• Knowledge of principles and best practices: NIST Cybersecurity Framework, CIS Controls, CSA, cloud security controls, MITRE ATT&CK Cloud Matrix, demonstrated by relevant certifications where applicable. 
• Hands-on Knowledge of Information Security Technology (SIEM/SOAR, EDR, WAF, FW) security tools (Kali, Burp, Wireshark, Metasploit, nmap) and monitoring (ELK, Splunk, Hive, Sentinel).
• Knowledge of cloud security services and technologies: Key management, Monitoring, Information Storage, Database security, IAM, Backup/Resiliency, Cloud and hybrid Networking. O365 and Azure implementation and administration skills, specifically: Conditional access policies, sensitivity labels, Manage Data Loss Prevention (DLP), Azure security center, O365 security portal.
• Hands on experience in SIEM management and planning and deployment of monitoring infrastructure (Splunk, QRadar, ElasticSearch) including scripting and providing reports at the appropriate level of detail for a given audience. 
• Essential knowledge of networking protocols, networking architectures and security principles, including IP networking, VPNs, DNS, load balancing and firewalling, demonstrated by relevant certifications where applicable. 
• Scripting and automation skills: PowerShell, Python, AzureO365 LogicApp, Power Automate for security use cases.

Languages:

• Required English (4 – Excellent) 
• Desirable: French, Spanish, and/or Arabic 

Skills:

• Project coordination: Identification of key priorities, ability to work with others, coordinate and structure work to meet deadlines and adjustment of workplan/resource allocation when needed, identification and management of project-related risks
• Time management: Adherence to deadlines under time constraints and pressure (e.g., to deliver governing body documents on time); ability to coordinate and manage complex workflows and in-house and external teams
• Agile ICT services: Use various agile methods, such as daily stand-ups, sprints and hackathons, to generate end products early on
• Basic ICT & digital fluency: Expertise relevant to the specific role (e.g. in-depth, computer information systems, including micro-computer operating systems software, hardware and applications software and other office technology equipment), end-user computing configuration management
• Cyber security: Expertise specific to cyber security principles, tools, systems and applications
• Data analysis/architecture: Know-how in the analysis and interpretation of data needs and sources taking into account its operational context, using systems and models to disseminate ensuring integrity, availability to meet reporting and business analytics needs
• Emerging technologies: Expertise to evaluate and identify business and technical opportunities in emerging technologies including methodologies, tools, systems and applications (including Blockchain, Artificial Intelligence, Predictive Analytics and Machine Learning, Virtual Reality, Robotics, GIS Analytics, etc.)
• System and Database Administration: Expertise in the provisioning, configuration, management, tuning and performance monitoring of systems and databases
• Training skills: Ability to develop and provide trainings
• User experience: Strong focus on the delivery of a positive and intuitive user experience, building on a proactive clarification of user needs and requirements
• User technology enablement and support: Advanced configuration and endpoint management, digital mobile communication, seam IT monitoring and backup, incident response and endpoint management
• Client orientation: Strong critical thinking combined with communication skills to liaise between the business and technologies to understand business problems and needs, document requirements and identify solutions
• Problem solving: Strong systemic and structured thinking, ability to identify and dissect problems into components and formulate a comprehensive set of creative viable and sustainable solutions and strategies

IFAD staff members are international civil servants subject to the authority of the President of IFAD. In accordance with IFAD's Human Resources Policy, the President can decide to assign them to any of the activities of the Fund. All International Professional staff members are required to be geographically mobile and positions in the professional category are subject to changes in location at any time in line with strategic priorities and reform initiatives in IFAD.

IFAD is an Equal Opportunity Employer and does not discriminate on the basis of ethnic, social or political background, colour, nationality, religion, age, gender, disability, marital status, family size or sexual orientation.

Please be aware of fraudulent job offers. IFAD does not charge any fees at any stage of the recruitment process. Official communication from IFAD will always come from e-mails ending in @ifad.org.

In the interest of making most cost-effective use of funds and resources, we are only able to respond to applicants who are short-listed for interview. Candidates who do not receive any feedback within three months should consider their application unsuccessful.