Senior Information Security Officer

THE OECD – Who we are, what we do

The Organisation for Economic Co-operation and Development (OECD) is an international organisation comprised of 38 member countries, that works to build better policies for better lives. Our mission is to promote policies that will improve the economic and social well-being of people around the world.  Together with governments, policy makers and citizens, we work on establishing evidence-based international standards, and finding solutions to a range of social, economic and environmental challenges. From improving economic performance and creating jobs to fostering strong education and fighting international tax evasion, we provide a unique forum and knowledge hub for data and analysis, exchange of experiences, best-practice sharing, and advice on public policies and international standard-setting.

THE EXECUTIVE DIRECTORATE (EXD)

The Executive Directorate (EXD) is the steward of OECD resources, on behalf of the Secretary-General.  Our focus is on people and their wellbeing; the effective and efficient management of the budget; the safety and security of staff, Delegations, visitors, and of the OECD’s data; maintaining and sustaining physical and digital infrastructure; and enabling the convening power of the OECD through conferences, meetings and events, whether virtual, physical or hybrid.  As well as providing corporate services, functions and management support to our staff and Members, we provide integrated, strategic and expert advice on corporate policies and management issues to the Secretary-General, to Council and to Standing Committees, to which we regularly report on corporate matters. We also provide compliance and risk management functions (for management areas under our purview). Ours is a fast-paced environment focused on delivering management excellence across all of our functions.

THE DIGITAL, KNOWLEDGE AND INFORMATION SERVICE (EXD/DKI)

Within the Executive Directorate, working closely with business partners, the Digital, Knowledge and Information Service (EXD/DKI) designs and provides secure digital solutions, IT and information management services and the technologies to deliver efficient corporate services, meet business partners’ needs and to support and enhance the OECD’s global role in building knowledge, communicating with the world and interacting with governments to inform and influence policy-making.

The Digital Security Office (EXD/DKI/DSO) leads the OECD’s cyber security capability\: it develops and implements corporate information security policies and technical compliance frameworks, conducts security audits and risk assessments, supports user awareness campaigns, and performs security operations and related compliance monitoring to safeguard the digital assets of the Organisation.

THE POSITION

The Senior Information Security Officer operates with a high level of autonomy and authority, provides technical leadership and heads a core team to shape security strategy and capability development. They manage the OECD’s information security operations and compliance monitoring.  Working in partnership, they report to the Head of the Digital Security Office and serve as their deputy.

Main Responsibilities

Digital Security

• Contribute to the development and implementation of the Organisation’s digital security programme, identifying, evaluating and shaping the response to information security risks. 
• Provide technical security leadership for the Organisation, exercising an advice and control function to ensure that OECD IT products and services comply with corporate security policies.
• Provide smooth and effective information security operations and compliance monitoring, ensuring the timely evolution of capability and adopting industry best practices; provide regular reporting to the Head of the Digital Security Office.
• Manage strategic relationships with institutional and commercial partners to maintain currency on threats and technology developments and shape the OECD’s security capability.
• Conduct regular security audits and risk assessments, propose and implement appropriate remediation measures to safeguard the information security posture of the Organisation.
• Keep abreast of and evaluate information security innovation, solutions, trends and best practices to respond to the continually evolving need to protect the digital assets of the Organisation.
• Manage the core team of information security specialists to protect the Organisation from sophisticated cyber threats.
• Support the drafting and implementation of digital security policies aligned to the risk tolerance of the Organisation, propose and organise effective user awareness campaigns.

Management

• Assist in the management of the Digital Security Office and the preparation and delivery of the Programme of Work and Budget. 
• Manage the core technical team to deliver the Programme of Work and ensure staff development.
• Manage the work programme, plan and report to the Head of the Digital Security Office on budget and project status define and provide related Key Performance Indicators.
• Manage the operational budget related to solutions maintenance and investments.
• Build effective working relationships with other teams to ensure an integrated cross-practice comprehension of corporate security policies, technical compliance frameworks and adopted methodologies. Participate in post-deployment reviews.
• Advise on digital security related matters as necessary.

Ideal Candidate Profile

Academic Background

• An advanced university degree in information security, information technology or a related field, is preferred.

Professional Background

• Solid relevant professional experience and proven capacity in the successful management of information security programmes. Proven industry expertise with strong business acumen. Industry certification would be preferred.
• Extensive experience guiding, managing and developing diverse staff and their career objectives.
• Thorough knowledge of IT project management methodologies and industry frameworks.
• Substantial experience advising on digital strategy and IT trends, and drafting related recommendations or policies.
• Broad knowledge of current and emerging technologies, industry trends and best practices together with demonstrated experience evaluating their strategic value.
• Experience in cloud security risk management
• Experience advising on cyber security strategy and trends, and drafting related recommendations of policies
• Experience in an international cross-cultural setting would be useful, but not mandatory.

Languages

• Fluency in one of the two OECD official languages (English and French) and a knowledge of, or a willingness to learn, the other.
• Knowledge of other languages would be an asset.

Core Competencies

• For this role, the following competencies would be particularly important\: Achievement focus, Analytical thinking,

Managing resources, Teamwork and Team leadership, Client focus, Diplomatic sensitivity, Influencing,

Developing talent, Organisational alignment, Strategic thinking.

• Please refer to the level 4 indicators of the OECD Core Competencies.

Contract Duration

• Three-year fixed term appointment, with the possibility of renewal.

What the OECD offers

• Monthly base salary starting from 9 567 EUR, plus allowances based on eligibility, exempt of French income tax. 
• Please note the appointment may be made at a lower grade based on the qualifications and professional experience of the selected applicant.
• Click here to learn more about what we offer and why the OECD is a great place to work.
• Click here to browse our People Management Guidebook and learn more about all aspects relating to people at the OECD, our workplace environment and many other policies supporting staff in their daily life.

Selection Process

For retained candidates, video interviews, technical tests and panel interviews are foreseen for Q2 2023.

Please note that our Rules and Regulations stipulate that the mandatory retirement age is 65.

The OECD is an equal opportunity employer and welcomes the applications of all qualified candidates [who are nationals of OECD member countries], irrespective of their racial or ethnic origin, opinions or beliefs, gender, sexual orientation, health or disabilities.

The OECD promotes an optimal use of resources in order to improve its efficiency and effectiveness. Staff members are encouraged to actively contribute to this goal.