Org. Setting and Reporting

The Independent Institution on Missing Persons in the Syrian Arab Republic (IIMP) was established by the General Assembly in its resolution 77/301, adopted on 29 June 2023. This position is based in Geneva, Switzerland. The Cyber Security Officer works within the Search and Data Analysis Section and reports to the Senior Information Management Officer, or his/her designee. The Cyber Security Officer is responsible for developing a cyber security risk management framework to ensure the risks are identified, analysed and managed efficiently. This position is also responsible to develop and implement the Cyber Security governance framework. This role establishes mechanisms to identify and evaluate the risks, develops and implements mitigation strategies, collaborates with cross-functional teams and provides guidance on cyber security to the personnel of the IIMP.

Responsibilities

– Develop and update a comprehensive cyber security risk management framework, including policies, standards, and instructions to ensure that risks are identified, analysed, and managed effectively. – Implement and maintain the cyber security risk management framework. – Analyse, recommend, and implement process improvements within the context of cyber security risk management. – Monitor and analyse respective cyber security-related metrics, key risk indicators (KRIs) and key performance indicators (KPIs) to ensure that the organisation is meeting its cyber security goals. – Communicate and report on risk assessment findings, risk metrics, and other relevant information to respective stakeholders. – Establish and maintain risk management processes for performing cyber security risk assessments (Certification and Accreditation) of projects, new technologies, external service providers, and changes to Information and Communication Technology (ICT). – Lead risk assessments, and gap analyses between current and desired states of the ICT risk environment, to identify potential vulnerabilities and weaknesses and recommend risk response strategies. – Develop risk treatment plan taking into account the risk appetite of the Organisation. – Ensure that cyber security risk register is up to date and accessible for consultation as needed for incident response planning and exercises in collaboration with Enterprise Risk Management (ERM) team. – Participate in review of the cyber security programmes in collaboration with Governance and Compliance and provide advice to ensure that they are aligned with organisational requirement. – Develop and maintain policies, processes, procedures, and guidelines related to cyber security, ensuring that they are aligned with organisational goals. – Define and implement the cyber security governance framework to meet the organisational and regulatory requirements, and key performance indicators related to governance. – Develop cyber security strategies and implementation plans of protective measures for information assets. – Keep abreast of the current and emerging security issues, risks, threats, vulnerabilities, and advancements in cyber security techniques and technologies. – Design and/or deliver trainings and workshops on governance tailored to different audiences as appropriate. – Provide security guidance and advice to users and ICT specialists to ensure the security of the Organisation and achieve compliance. – Ensure the confidentiality, integrity, and discreet handling of sensitive information in compliance with the UN data privacy, security requirements, and standards. – Participate in the activities related to changes to the Organisation, business processes, information processing facilities, and systems to ensure that effective internal controls are in place. – Plan and manage required resources to implement the responsibilities, projects, and activities.

Competencies

Professionalism: Ability to perform cyber security risk assessments including external third-party systems and providers. Knowledge in cyber security management controls including cyber security policies, standards, and processes. Knowledge of current and emerging cyber security threat landscape, attack methodologies, tools, technologies, and mitigation / remediation methods. Ability to develop and deliver tailored trainings and workshops. Project management skills. Knowledge of systems design, and development, management, implementation and maintenance of complex information systems. Ability to develop and oversee large centralized or decentralized institutional systems; conceptual and strategic analytical capacity to understand information system and business operational issues so as to thoroughly analyze and evaluate critical systems matters. Knowledge of a range of computer languages and development paradigms, knowledge of organization’s information infrastructure and IT strategy as it relates to user area(s). Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matter; is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. Able to analyze and interpret data in support of decision-making and convey resulting information to management. Communication: Speaks and writes clearly and effectively; listens to others, correctly interprets messages from others and responds appropriately; asks questions to clarify, and exhibits interest in having two-way communication; tailors language, tone, style and format to match audience; demonstrates openness in sharing information and keeping people informed. Planning and Organizing: Develops clear goals that are consistent with agreed strategies; identifies priority activities and assignments; adjust priorities as required; allocates appropriate amount of time and resources for completing work; foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary; uses time efficiently. Managing Performance: Delegates the appropriate responsibility, accountability and decision-making authority; makes sure that roles, responsibilities and reporting lines are clear to each staff member; accurately judges the amount of time and resources needed to accomplish a task and matches task to skills; monitors progress against milestones and deadlines; regularly discusses performance and provides feedback and coaching to staff; encourages risk-taking and supports creativity and initiative; actively supports the development and career aspirations of staff; appraises performance fairly.

Education

An advanced university degree (Master’s degree or equivalent) in computer science, information systems, mathematics, statistics, information security, cyber security, or a related field. A first-level university degree (Bachelor’s degree or equivalent) in combination with two additional years of qualifying work experience may be accepted in lieu of the advanced university degree.

Job – Specific Qualification

An active certificate in Information Security (e.g., CISM, CISSP) or equivalent is desirable and may be accepted as substantiation of candidates’ proficiency in the requisite knowledge, skills, and abilities for this position.

Work Experience

Demonstrate a minimum of seven (7) years of progressively responsible experience only for the knowledge, skills, and abilities below labelled with is required. Demonstrated ability to perform cyber security risk assessments including external third-party systems and providers is required. Demonstrated knowledge in cyber security management controls including cyber security policies, standards, and processes is required. Demonstrated knowledge of current and emerging cyber security threat landscape, attack methodologies, tools, technologies, and mitigation / remediation methods is required. Demonstrated knowledge of cyber security risk management principles, methodologies, and frameworks [such as Factor Analysis of Information Risk (FAIR), OCTAVE Allegro, ISO31000, NIST 800-30, CAS or COSO etc] and their application is required. Demonstrated ability to develop and deliver tailored trainings and workshops is desirable. Demonstrated project management skills is desirable.

Languages

English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in English is required. Knowledge of Arabic is desirable.

Assessment

Evaluation of qualified candidates may include an assessment exercise which may be followed by competency-based interview.

Special Notice

THIS POSITION IS TEMPORARILY AVAILABLE UNTIL 31 DECEMBER 2024, WITH POSSIBILITY OF EXTENSION – SUBJECT TO AVAILABILITY OF FUNDS. • If the selected candidate is a staff member from the United Nations Secretariat, the selection will be administered as a temporary assignment. • While this temporary assignment may provide the successful applicant with an opportunity to gain new work experience, the selection for this position is for a limited period and has no bearing on the future incumbency of the post. • Subject to the funding source of the position, the eligibility for this temporary job opening may be limited to candidates based at the duty station. • This temporary job opening may be limited to “internal candidates,” who have been recruited through a competitive examination administered according to staff rule 4.16 or staff selection process including the review of a central review body established according to staff rule 4.15. • Staff members of the United Nations common system organizations who will reach the mandatory age of separation or retirement within the duration of the current temporary need period are not eligible to apply. Submitting an application or selection for the current temporary job opening does not delay or increase the mandatory age of separation. • Retirees above the mandatory age of separation who wish to be considered for the current temporary job opening must indicate the reason for their last separation as “retirement.” Such retirees shall not be employed by the Organization, unless (a) the operational requirements of the Organization cannot be met by staff members who are qualified and available to perform the required functions; and (b) the proposed employment would not adversely affect the career development or redeployment opportunities of other staff members and represents both a cost-effective and operationally sound solution to meet the needs of the service. At the United Nations, the paramount consideration in the recruitment and employment of staff is the necessity of securing the highest standards of efficiency, competence and integrity. All employment decisions are made on the basis of qualifications and organizational needs. The United Nations is committed to creating a diverse and inclusive environment of mutual respect. The United Nations recruits and employs staff regardless of gender identity, sexual orientation, race, religious, cultural and ethnic backgrounds or disabilities. Reasonable accommodation for applicants with disabilities may be provided to support participation in the recruitment process when requested and indicated in the application.

United Nations Considerations

According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term “sexual exploitation” means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term “sexual abuse” means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term “sexual harassment” means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator’s working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment. Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process. By accepting a letter of appointment, staff members are subject to the authority of the Secretary-General, who may assign them to any of the activities or offices of the United Nations in accordance with staff regulation 1.2 (c). Further, staff members in the Professional and higher category up to and including the D-2 level and the Field Service category are normally required to move periodically to discharge functions in different duty stations under conditions established in ST/AI/2023/3 on Mobility, as may be amended or revised. This condition of service applies to all position specific job openings and does not apply to temporary positions. Applicants are urged to carefully follow all instructions available in the online recruitment platform, inspira, and to refer to the Applicant Guide by clicking on “Manuals” in the “Help” tile of the inspira account-holder homepage. The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application. Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.