Org. Setting and Reporting

This position is located in the Office of Information and Communication Technology; Cyber Security Service, United Nations Headquarters, New York. The incumbent reports to the Deputy Chief, Cyber Security Service. The Cyber Security Officer, Security Architecture specialist is responsible for implementing the cyber security architecture of an organization, ensuring that the organization's systems and data are protected from cybersecurity threats. The security architecture specialist also monitors and evaluates the effectiveness of the security architecture and provides guidance and recommendations for improvement. Additionally, this person works closely with other Information and Telecommunication Technology (ICT) and business stakeholders to ensure that security is integrated into all aspects of the organization's operations. The Office of Information and Communications Technology (OICT) is leading the digital transformation of the Organization to enable a better, safer, more sustainable future through secure, reliable, and innovative technology solutions. OICT is committed to achieving 50/50 gender balance and geographical diversity in its staff, and female candidates are strongly encouraged to apply for this position. OICT supports the principles of work-life balance and flexible work arrangements.

Responsibilities

Within limits of delegated authority, the Cyber Security Officer will be responsible for the following duties: • Research, design, and implement cyber security framework architecture that complies with all applicable UN internal regulatory requirements, policies, standards, guidelines, and strategies. • Assist in the review and update of cyber security policies, architectures, and standards. • Coordinate the implementation of the cybersecurity defence mechanisms initiated by the organization. • Manage a continuous monitoring program on assigned systems to ensure compliance with the security architecture principles, including reporting metrics to governance committees. • Design, develop and maintain cyber security procedures, guidelines for secure Information Communications and Technology as required for compliance. • Ensure that the design, development, and procurement of business solutions (e.g. ICT services and products) meet secure architecture principles and standards. • Review regularly the security architecture principles, capture and analyse market trends as well as industry standards and identify potential business cases for their adoption into the security architecture. • Support Cybersecurity activities related to assigned systems, such as supporting regular systems tests and breach of security assessments, identify the gaps based on the evaluation of security incidents and provide recommendations on post event analyses, provide advice on the framework for establishing disaster recovery procedures. • Provide input to the security awareness trainings and other communications to increase personnel understanding of cyber security policies, procedures and regulatory requirements set by the UN. • Ensure that ICT assets are managed and monitored for performance to ensure effective security measures are in place. • Handle coordinated incident response, digital forensics, and authorized investigation efforts through close collaboration with internal business units and external partners. • Ensure compliance to the organization and relevant industry standards are maintained for all Information Technology, Communication and Data systems and assets. • Perform regular assessments of the entity's infrastructure to identify potential vulnerabilities, prioritizing and categorizing the risks, and developing implementation plans to remediate or mitigate them. • Identify, analyse, evaluate, and mitigate risks to Information Technology, Communications and Data systems in close coordination with stakeholders. • Communicate cyber security procedures and standards to employees, contractors, and other relevant stakeholders. • Participate in cybersecurity investigations and events related to Information Technology, Communications and Data systems, networks and devices. • Keep abreast of the current and emerging security issues, risks, threats, vulnerabilities, and advancements in cyber security techniques and technologies.

Competencies

Professionalism: Knowledge of cyber threats, network and application security principles, common vulnerabilities, and exploits. Knowledge of cyber security Risk Management principles, methodologies, and frameworks [such as Factor Analysis of Information Risk (FAIR), OCTAVE Allegro, ISO31000, NIST 800-30, CAS or COSO, etc] and their application. Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. Shows pride in work and in achievements. Demonstrates professional competence and mastery of subject matter. Is conscientious and efficient in meeting commitments, observing deadlines and achieving results. Is motivated by professional rather than personal concerns. Shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. Communication: Speaks and writes clearly and effectively. Listens to others, correctly interprets messages from others and responds appropriately. Asks questions to clarify, and exhibits interest in having two-way communication. Tailors language, tone, style and format to match the audience. Demonstrates openness in sharing information and keeping people informed. Commitment to continuous learning: Keeps abreast of new developments in own occupation/profession. Actively seeks to develop oneself professionally and personally. Contributes to the learning of colleagues and subordinates. Shows willingness to learn from others. Seeks feedback to learn and improve.

Education

Advanced university degree (Master's degree or equivalent degree) in computer science, information systems, mathematics, statistics, information security, cyber security, or a related field. A first-level university degree in combination with qualifying experience or an active certificate may be accepted in lieu of the advanced university degree.

Job - Specific Qualification

• An active level certificate in Information Security (e.g., CISM, CISSP) or equivalent is desirable and may be accepted as substantiation of candidates’ proficiency in the requisite knowledge, skills, and abilities for this position.

Work Experience

• A minimum of five years of progressively responsible experience demonstrating the knowledge, skills, and abilities indicated below is required (excluding non-required criteria). • Demonstrated knowledge of enterprise architecture principles, methodologies, and frameworks is required. • Demonstrated knowledge of cyber security standards and concepts, frameworks, and best practices is required. • Demonstrated knowledge of computer systems architecture, operating systems, and network security technologies is required. • Demonstrated knowledge of common programming languages (such as Python and C/C++/C#) scripting [such as bash, PowerShell scripts], and database languages [such as SQL] and ability to read and understand them is required. • Demonstrated knowledge of current, new, and emerging information and cybersecurity technologies, and ability to adapt changes is required.

Languages

English and French are the working languages of the UN Secretariat. For the position advertised, fluency in English is required; knowledge of French is desirable. Knowledge of another UN official language is an advantage.

Assessment

Evaluation of qualified candidates may include an assessment exercise which may be followed by competency-based interview.

Special Notice

• Appointment or assignment against this position is for an initial period of one year. • The appointment or assignment and renewal thereof are subject to the availability of the post or funds, budgetary approval or extension of the mandate. • The United Nations Secretariat is committed to achieving 50/50 gender balance and geographical diversity in its staff. Female candidates are strongly encouraged to apply for this position. • Applicants, who successfully go through a competitive recruitment process and are recommended for selection and/or inclusion in the roster of pre-approved candidates for subsequent job openings at the same level and with similar functions, may have their application information and roster status shared with other UN Organizations. Such applicants may be contacted by other UN Organizations for similar job openings, subject to the confirmation of their interest. Placement on the roster is no guarantee of a future selection. • Pursuant to section 7.11 of ST/AI/2012/2/Rev.1, candidates recruited through the young professionals programme who have not served for a minimum of two years in the position of their initial assignment are not eligible to apply to this position. • For this position, applicants from the following Member States, which are unrepresented or under-represented in the UN Secretariat as of 29 Feb 2024, are strongly encouraged to apply: Andorra, Angola, Antigua and Barbuda, Bahrain, Belize, Brunei Darussalam, China, Cuba, Democratic People's Republic of Korea, Dominica, Equatorial Guinea, Germany, Grenada, Guinea-Bissau, Hungary, Indonesia, Israel, Japan, Kiribati, Kuwait, Lao People's Democratic Republic, Libya, Liechtenstein, Malta, Marshall Islands, Micronesia (Federated States of), Monaco, Nauru, Oman, Palau, Panama, Papua New Guinea, Paraguay, Qatar, Republic of Korea, Saint Lucia, Saint Vincent and the Grenadines, Sao Tome and Principe, Saudi Arabia, Singapore, Solomon Islands, Somalia, Thailand, Timor-Leste, Tuvalu, United Arab Emirates, United States of America, Vanuatu. • At the United Nations, the paramount consideration in the recruitment and employment of staff is the necessity of securing the highest standards of efficiency, competence and integrity, with due regard to geographic diversity. All employment decisions are made on the basis of qualifications and organizational needs. The United Nations is committed to creating a diverse and inclusive environment of mutual respect. The United Nations recruits and employs staff regardless of gender identity, sexual orientation, race, religious, cultural and ethnic backgrounds or disabilities.

United Nations Considerations

According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term “sexual exploitation” means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term “sexual abuse” means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term “sexual harassment” means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator’s working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment. Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process. By accepting a letter of appointment, staff members are subject to the authority of the Secretary-General, who may assign them to any of the activities or offices of the United Nations in accordance with staff regulation 1.2 (c). Further, staff members in the Professional and higher category up to and including the D-2 level and the Field Service category are normally required to move periodically to discharge functions in different duty stations under conditions established in ST/AI/2023/3 on Mobility, as may be amended or revised. This condition of service applies to all position specific job openings and does not apply to temporary positions. Applicants are urged to carefully follow all instructions available in the online recruitment platform, inspira, and to refer to the Applicant Guide by clicking on “Manuals” in the “Help” tile of the inspira account-holder homepage. The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application. Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.