Org. Setting and Reporting

The Independent Investigative Mechanism for Myanmar (IIMM) was established by the Human Rights Council in its resolution 39/2, adopted on 27 September 2018. The creation of the Mechanism was welcomed by the General Assembly in its resolution 73/264, adopted on 22 December 2018. This position is located within the Information Systems Management Section (ISMS), Geneva, Switzerland. The incumbent will be under the direct supervision of the Chief, ISMS. The incumbent is responsible for performing general cyber security responsibilities such as protecting the organisation’s computer systems, networks, and data from cyber threats such as hacking, malware, and cyber espionage. This involves a range of activities, including risk assessment and management, development, and implementation of Standard Operating Procedures (SOPs) and guidelines, vulnerability testing and management, incident response, security monitoring and analysis and training and awareness programmes on cyber security.

Responsibilities

Within delegated authority, the incumbent will be responsible for the following duties: – Coordinate the implementation of the cyber security defence mechanisms initiated by the Organisation. – Identify, analyse, evaluate, and mitigate risks to Information Technology, Communications and Data systems in close coordination with stakeholders. Collaborate with risk management team on risk register and the associated risk treatment plan. – Design, develop and maintain cyber security procedures, guidelines for secure Information Communications and Technology (ICT) as required for compliance. – Communicate cyber security procedures and standards to employees, contractors, and other relevant stakeholders. – Perform regular assessments of the entity’s infrastructure to identify potential vulnerabilities, prioritizing and categorizing the risks, and developing implementation plans to remediate or mitigate them. – Generate and communicate vulnerability reports to relevant stakeholders. – Coordinate the implementation of the cyber security advisories to mitigate vulnerabilities. – Participate in cyber security investigations and events related to Information Technology, Communications and Data systems, networks and devices. – Handle coordinated incident response, digital forensics, and authorized investigation efforts through close collaboration with internal business units and external partners. – Coordinate the implementation and testing of Disaster Recovery Plan (DRP). – Ensure compliance to the Organisation and relevant industry standards are maintained for all Information Technology, Communication and Data systems and assets. – Ensure that ICT assets are managed and monitored for performance to ensure effective security measures are in place. – Advise the Unit/Section Chief continuously on cyber security posture of the Organisation and compliance to the defence procedures. – Serve as focal point on matters of cyber security for stakeholders within the UN Secretariat and outside. – Keep abreast of the current and emerging security issues, risks, threats, vulnerabilities, and advancements in cyber security techniques and technologies. – Provide input to the security awareness trainings and other communications to increase personnel understanding of cyber security policies, procedures and regulatory requirements set by the UN. – Design and/or deliver trainings and workshops on cyber security tailored to diverse audiences as appropriate. – Provide security guidance and advice to users and ICT specialists to ensure the security of the Organisation and achieve compliance. – Maintain confidentiality and integrity and handle sensitive information with discretion ensuring compliance with the UN data privacy, security requirements, and standards. – Participate in the activities related to changes to the Organisation, business processes, information processing facilities, and systems to ensure that effective internal controls are in place. – Collect and analyse data to identify trends or patterns and provide insights through graphs, charts, tables, and report using data visualization methods to enable data-driven planning, decision-making, presentation, and reporting. – Manage and coordinate the activities of the cyber security team, including hiring, training, assigning tasks and responsibilities, and ensuring that deadlines are met. – Plan and manage required resources to implement the responsibilities, projects, and activities. – Provides guidance to team members to promote professional development and a robust team culture. – Collaborate with senior management, ICT leaders, business units, and other stakeholders to ensure that cyber security is effectively integrated into all aspects of the Organisation’s operations, processes, and communications.

Competencies

PROFESSIONALISM: Knowledge of current and emerging cyber security threat landscape, attack methodologies, tools, technologies, and mitigation / remediation methods. Skill in designing and implementing a cyber security strategy. Ability to design and implement risk management processes. Skills to communicate complex and technical matters to diverse audiences, orally and in writing. Excellent analytical capacity. Knowledge of information technology/information management, particularly in systems analysis, database design and programming. Knowledge of several high level programming languages and significant exposure to and demonstrated proficiency in all aspects of programming and analysis, including structured/object-oriented design, relational systems, scripting and query languages, document design and management, hardware and software requirements, systems facilities and execution protocols. Strong analytical and problem-solving skills, to include proficiency in the development and implementation of systems of moderate size/complexity. Knowledge of interactive systems; good knowledge of organization’s information infrastructure and IT strategy as it relates to user area(s); independently maintains assigned systems and develops innovative approaches to resolve a wide range of issues/problems. Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matter; is conscientious and efficient in meeting commitments, observing deadlines, and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. PLANNING & ORGANIZING: Develops clear goals that are consistent with agreed strategies; identifies priority activities and assignments; adjusts priorities as required; allocates appropriate amount of time and resources for completing work; foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary; uses time efficiently. TECHNOLOGICAL AWARENESS: Keeps abreast of available technology; understands applicability and limitation of technology to the work of the office; actively seeks to apply technology to appropriate tasks; shows willingness to learn new technology.

Education

An advanced university degree (Master’s degree or equivalent) in computer science, information systems, mathematics, statistics, information security, cyber security, or a related field is required. A first-level university degree (Bachelor’s degree or equivalent) in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree.

Job – Specific Qualification

An active certificate in Information Security (e.g., CISM, CISSP) or equivalent is desirable.

Work Experience

A minimum of five years of progressively responsible experience demonstrating knowledge of cyber security industry standards, methodologies and frameworks and ability to adapt and integrate subsequent changes is required. Demonstrated knowledge of cyber threats, network and application security principles, common vulnerabilities, and exploits is required. Demonstrated knowledge of computer systems architecture, operating systems, and network security technologies is desirable. Demonstrated knowledge of common programming [such as Python and C/C++/C#], scripting [such as bash, PowerShell scripts], and database languages [such as SQL] and ability to read and understand them is desirable. Demonstrated knowledge of cyber security Risk Management principles, methodologies, and frameworks [such as Factor Analysis of Information Risk (FAIR), OCTAVE Allegro, ISO31000, NIST 800-30, CAS or COSO, etc] and their application is desirable.

Languages

English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in English is required.

Assessment

Evaluation of qualified candidates may include an assessment exercise which may be followed by competency-based interview.

Special Notice

Appointment or assignment against this position is for an initial period of one year. The appointment or assignment and renewal thereof are subject to the availability of the post or funds, budgetary approval or extension of the mandate. The United Nations Secretariat is committed to achieving 50/50 gender balance and geographical diversity in its staff. Female candidates are strongly encouraged to apply for this position. At the United Nations, the paramount consideration in the recruitment and employment of staff is the necessity of securing the highest standards of efficiency, competence and integrity, with due regard to geographic diversity. All employment decisions are made on the basis of qualifications and organizational needs. The United Nations is committed to creating a diverse and inclusive environment of mutual respect. The United Nations recruits and employs staff regardless of gender identity, sexual orientation, race, religious, cultural and ethnic backgrounds or disabilities. Reasonable accommodation for applicants with disabilities may be provided to support participation in the recruitment process when requested and indicated in the application. An impeccable record for integrity and professional ethical standards is essential. Pursuant to section 7.11 of ST/AI/2012/2/Rev.1, candidates recruited through the young professionals programme who have not served for a minimum of two years in the position of their initial assignment are not eligible to apply to this position.

United Nations Considerations

According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term “sexual exploitation” means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term “sexual abuse” means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term “sexual harassment” means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator’s working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment. Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process. By accepting a letter of appointment, staff members are subject to the authority of the Secretary-General, who may assign them to any of the activities or offices of the United Nations in accordance with staff regulation 1.2 (c). Further, staff members in the Professional and higher category up to and including the D-2 level and the Field Service category are normally required to move periodically to discharge functions in different duty stations under conditions established in ST/AI/2023/3 on Mobility, as may be amended or revised. This condition of service applies to all position specific job openings and does not apply to temporary positions. Applicants are urged to carefully follow all instructions available in the online recruitment platform, inspira, and to refer to the Applicant Guide by clicking on “Manuals” in the “Help” tile of the inspira account-holder homepage. The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application. Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.