Duties and Responsibilities

Under the overall guidance of the Chief, ICTS, and direct supervision by the Head of Cloud, Infrastructure and Cybersecurity Unit, the IT Assistant (Cybersecurity Analyst) will perform the following tasks: • Monitoring ICT Infrastructure, websites, and web applications for security threats and vulnerabilities. • Responding to cybersecurity incidents, such as malware infections or phishing attacks. • Analyzing cybersecurity alerts and determining the appropriate response. • Conducting vulnerability assessments and penetration testing to identify potential weaknesses in the organization’s security posture. • Assisting with the implementation and maintenance of cybersecurity controls, such as firewalls, intrusion detection systems, and antivirus software. • Collaborating with other IT professionals, such as network administrators, system administrators, and software developers to ensure a coordinated approach to cybersecurity. • Assisting with incident response planning and testing to ensure the organization is prepared for cybersecurity incidents. • Assisting with the development and implementation of cybersecurity policies, technical procedures, and guidelines. • Assisting with the identification and assessment of risks and implementing risk management processes and procedures. • Supporting compliance with enterprise cybersecurity policies, relevant laws, regulations, and industry standards. • Assisting with the preparation of reports on governance, risk, and compliance issues for senior management. • Collaborating with other units and stakeholders to ensure a coordinated approach to governance, risk, and compliance. • Participating in continuous improvement efforts to enhance the organization’s governance, risk, and compliance practices.

• Participating in risk assessments and internal audits to identify areas of non-compliance or potential risks. • Assisting with the development and implementation of BCP and DR plans to ensure the organization is prepared for potential disasters or disruptions. • Developing and documenting procedures for responding to disasters or disruptions. • Testing and evaluating BCP and DR plans to ensure they are effective and up-to-date. • Monitoring and reporting on compliance with policies and procedures, including tracking incidents of non-compliance and following up with appropriate parties. • Staying up-to-date on changes in enterprise cybersecurity policies, laws, regulations, and industry standards related to governance, risk, and compliance. • Assisting with the development and implementation of cybersecurity training programs to promote compliance and risk management awareness. • Participating in security awareness training and promoting a culture of cybersecurity within the organization.

Qualifications/special skills

A Bachelor’s degree in Information Technology, Computer Science or related area is required. All candidates must submit a copy of the required educational degree. Incomplete applications will not be reviewed. No previous work experience is required for this job opening. Knowledge in two or more of the following: Governance, Risk, Web Application BCP/DR , Application Security, Information security, Network, and Endpoint security is required. Knowledge of Threat, Vulnerability and Incident Management is required. Knowledge of Governance, Risk and Compliance (GRC) is required.

Languages

English and French are the working languages of the United Nations Secretariat; and Arabic is a working language of ESCWA. For this position, fluency in English is required. Note: “Fluency” equals a rating of ‘fluent’ in all four areas (speak, read, write, and understand) and “Knowledge of” equals a rating of ‘confident’ in two of the four areas.