Background
Diversity, Equity and Inclusion are core principles at UNDP: we value diversity as an expression of the multiplicity of nations and cultures where we operate, we foster inclusion as a way of ensuring all personnel are empowered to contribute to our mission, and we ensure equity and fairness in all our actions. Taking a ‘leave no one behind’ approach to our diversity efforts means increasing representation of underserved populations. People who identify as belonging to marginalized or excluded populations are strongly encouraged to apply. Learn more about working at UNDP including our values and inspiring stories.
UNDP does not tolerate sexual exploitation and abuse, any kind of harassment, including sexual harassment, and discrimination. All selected candidates will, therefore, undergo rigorous reference and background checks.
Office/Unit/Project Description
The United Nations Volunteers (UNV) programme is administered by UNDP and follows all UNDP rules and regulations. UNV is the UN system common service that promotes volunteerism to support peace and development worldwide. Volunteerism can transform the pace and nature of development and it benefits both, society at large and the individual volunteer. UNV contributes to peace and development by advocating for volunteerism globally, encouraging partners to integrate volunteerism into development programming, and mobilizing volunteers.
UNV’s Management Services hold the responsibility for the strategic planning, managerial leadership, oversight, and quality control of an integrated platform of operational services ensuring timely, effective and efficient delivery according to corporate performance standards and in compliance with the UN Regulations and Rules and UNDP´s accountability framework.
The Information and Communication Technology Section (ICTS) is responsible for the running operations of all ICT on-premises and cloud datacenters, cloud platforms and services, business applications, corporate websites, helpdesk, videoconferences, security services, hardware, software, network, and telecommunications services. This includes application system analysis, design, development and maintenance, local and global telecommunication networks, commercial hardware and software installation and operation (at both desktop and network levels), internet, and email. ICTS is also providing network and support services to other UN Agencies in UN Bonn Campus. ICTS is working in close collaboration with UNDP ITM department.
Duties and Responsibilities
Under the Supervision of the Team Leader ICT Infrastructure, the ICT Analyst, Cybersecurity is responsible for comprehensive incident handling in accordance with policy and guidelines which includes how incidents are defined, reported, verified, tracked, contained, and recovered. Specifically, the incumbent will be involved in the following duties:
- Developing solutions to automate cybersecurity tasks.
- Maintaining a variety of cloud-native security solutions, including but not limited to: Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), develop automation pipelines and custom scripts to reduce manual labor and minimize human error.
- Monitoring and evaluating events, alerts, and notifications from the cyber security infrastructure for indications of suspicious/unauthorized activity.
- Responding to detected or reported cyber security incidents.
- Monitoring vendor and industry alerts, warnings, and security advisories, and follow up with appropriate system and service owners within the organization to ensure that corresponding risks are mitigated.
- Promoting security best practices and plan security awareness trainings.
- Collaborate with development teams to integrate security best practices into all phases of the SDLC.
- Conduct security risk assessments, code reviews, and vulnerability assessments for UNV applications.
- Develop (where not exist) and enforce UNDP security policies, standards, training and guidelines for team members and staff.
- Perform threat modeling and security architecture reviews to identify potential risks.
- Coordinate vulnerability scans with provider(s).
- Coordinate “Red Teaming” exercises with all stakeholders.
- Ensure incident response readiness for all UNV services.
- Lead initiatives to improve overall UNV Cybersecurity posture, including automation of security testing.
- Keep an update inventory of UNV digital assets and make sure all measures are taken to make them available to legitimate authorized users and untampered with (Availability, Confidentiality, Integrity).
- Coach Application owners, Data owners, and Service owners on Backup and restore procedures and business continuity measures.
- Work closely with UNDP security team to implement ISO27001/2 Information Management certification for UNV.
The incumbent performs other duties within their functional profile as deemed necessary for the efficient functioning of the Office and the Organization.
Institutional Arrangement
The ICT Analyst, Cybersecurity will work under the direct supervision of the Team Leader of ICT Infrastructure.
Competencies
Core Competencies
- Achieve Results: LEVEL 1: Plans and monitors own work, pays attention to details, delivers quality work by deadline
- Think Innovatively: LEVEL 1: Open to creative ideas/known risks, is pragmatic problem solver, makes improvements
- Learn Continuously: LEVEL 1: Open minded and curious, shares knowledge, learns from mistakes, asks for feedback
- Adapt with Agility: LEVEL 1: Adapts to change, constructively handles ambiguity/uncertainty, is flexible
- Act with Determination: LEVEL 1: Shows drive and motivation, able to deliver calmly in face of adversity, confident
- Engage and Partner: LEVEL 1: Demonstrates compassion/understanding towards others, forms positive relationships
- Enable Diversity and Inclusion: LEVEL 1: Appreciate/respect differences, aware of unconscious bias, confront discrimination
Cross-Functional & Technical competencies
Business Direction & Strategy- System Thinking
- Ability to use objective problem analysis and judgement to understand how interrelated elements coexist within an overall process or system, and to consider how altering one element can impact on other parts of the system
Business Direction & Strategy- Effective Decision Making
- Take decisions in a timely and efficient manner in line with one’s authority, area of expertise and resources and take into consideration potential wider implications
Information Management & Technology – IT Security Management
- Knowledge of Cyber Security technologies, processes, techniques and tools. Apply practical innovations to solve cybersecurity problems. Capability to keep UNDP systems and data safe. Knowledge of ISO 27001, ISO 27701 and ISO 22301 principles. CSSIP, CISM, CISA or equivalent certification desirable
Digital & Innovation – Data governance
- Knowledge of data science, skills to develop data management tools, organize and maintain databases and operate data visualization technologies
Digital & Innovation – Digital identity & wellbeing
- Knowledge of issues around digital identity and digital wellbeing and the ability to advise safe/healthy practices in regards to these areas
Information Management & Technology – IT Customer Support
- Ability to support customers on IT related issues and generate and contribute to continuous improvement processes to deliver a great user experience. Knowledge of ISO 9001 desirable. ITIL of ISO 20000 certification or similar is desirable
Required Skills and Experience
Education:
- Advanced university degree (master’s degree or equivalent) in Information Technology, Computer Science or Engineering, or related discipline is required. Or
- A first-level university degree (bachelor’s degree) in the areas mentioned above, in combination with an additional two years of qualifying experience will be given due consideration in lieu of the advanced university degree.
Experience:
- Applicants with a master’s degree (or equivalent) in a relevant field of study are not required to have professional work experience.
- Applicants with a bachelor’s degree (or equivalent) are required to have a minimum of two (2) years of relevant professional experience in the areas of data management, computer science, DevOps, or related field at national or international level.
Required skills
- ISO20071 certification or similar.
- Participated-in or lead Threat Risk Assessments (TRA).
Desired additional skills and competencies
- Experience in the field of Cyber Threat Intelligence is desired.
- Operational experience working with threat detection and incident response systems is desired.
- Knowledge of international standards and best practices in cybersecurity, risk, and service management (ISO 27001:2022, 9001:2015, 20000:2011, 22301:2012, 27701:2020) is desired.
- Experience in providing security related training to users in the form of webinars is desired.
- UN work experience is desired.
Required Language(s)
- Fluency in English is required.
- Working knowledge of another UN language is desired.
Disclaimer
Under US immigration law, acceptance of a staff position with UNDP, an international organization, may have significant implications for US Permanent Residents. UNDP advises applicants for all professional level posts that they must relinquish their US Permanent Resident status and accept a G-4 visa, or have submitted a valid application for US citizenship prior to commencement of employment.
UNDP is not in a position to provide advice or assistance on applying for US citizenship and therefore applicants are advised to seek the advice of competent immigration lawyers regarding any applications.
Applicant information about UNDP rosters
Note: UNDP reserves the right to select one or more candidates from this vacancy announcement. We may also retain applications and consider candidates applying to this post for other similar positions with UNDP at the same grade level and with similar job description, experience and educational requirements.
Non-discrimination
UNDP has a zero-tolerance policy towards sexual exploitation and misconduct, sexual harassment, and abuse of authority. All selected candidates will, therefore, undergo rigorous reference and background checks, and will be expected to adhere to these standards and principles.
UNDP is an equal opportunity and inclusive employer that does not discriminate based on race, sex, gender identity, religion, nationality, ethnic origin, sexual orientation, disability, pregnancy, age, language, social origin or other status.
Scam warning
The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.