This selection exercise may be used to generate a roster of pre-approved candidates to address future staffing needs for similar functions in any of the Departments and Offices of the Organization.
IMPORTANT NOTICE REGARDING APPLICATION DEADLINE: Please note that the closing date for submission of applications is indicated in local time as per the time zone of the applicant's location.
Organizational Setting
The Division of Information Technology provides support to the IAEA in the field of information and communication technology (ICT), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises hardware and software platforms, and cloud and externally-hosted services. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.
Main Purpose
The purpose of the post is to help MTIT define and create repeatable and consistent processes to strengthen IAEA information security. The Information Security Officer participates in the development and delivery of a comprehensive information security program for the IAEA. He/she also manages/participates in implementation of information security projects, and the administration and verification of security controls.
Role
The Information Security Officer is (a) an operator for the Agency Information Security Management System (ISMS); (b) the Departmental information Security Officer (DISO) for the department of Management; (c) a risk manager managing security risks identified though set processes; (d) a project manager/coordinator, soliciting inputs from other specialists and assisting in defining, planning and executing information security projects; and (e) a CISG and MTIT team member.ย
ย
Functions / Key Results Expected
Contribute as a key player to ensuring the confidentiality, integrity and availability of information systems and data through developing and implementation of mature information security policies, procedures and guidance.ย
Operate the Agency ISMS in order to obtain and maintain the Agency's ISO 27001 certification.ย
Develop, implement and maintain a state-of-the-art risk management system, focusing on latest threat landscape, appropriate mitigating controls on technical and organisational level.ย
Participate in the information security risk assessment program, identify and analyse risks, make recommendations for corrective actions and monitor implementation and remediation.ย
Participate in the comprehensive awareness program, including provision of face-to-face or online training, phishing exercise, ad-hoc newsletter, regular intranet information and other relevant information.ย
Participate in IT projects on behalf of the CISO to ensure that security is embedded.ย
Produce high-quality oral and written reports, presenting complex technical matters clearly and concisely.ย
Maintain proficiency in industry standard tools and practices and in IAEA policies and procedures.
Competencies and Expertise
Core Competencies(Competency Framework)NameDefinitionย ย Planning and OrganizingPlans and organizes his/her own work in support of achieving the team or Sectionโs priorities. Takes into account potential changes and proposes contingency plans.ย ย CommunicationCommunicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions.ย ย Achieving ResultsTakes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Divisionโs programme. Evaluates his/her results realistically, drawing conclusions from lessons learned.ย ย TeamworkActively contributes to achieving team results. Supports team decisions.
Functional CompetenciesNameDefinitionย ย Client orientationHelps clients to analyse their needs. Seeks to understand service needs from the clientโs perspective and ensure that the clientโs standards are met.ย ย Commitment to continuous process improvementPlans and executes activities in the context of quality and risk management and identifies opportunities for process, system and structural improvement, as well as improving current practices. Analyses processes and procedures, and proposes improvements.ย ย Technical/scientific credibilityEnsures that work is in compliance with internationally accepted professional standards and scientific methods. Provides scientifically/technically accepted information that is credible and reliable.
Required ExpertiseFunctionNameExpertise Descriptionย ย ย Information TechnologyIT SecurityExperience in the design and architecture of IT security systems, with a strong understanding of secure infrastructure and system integration.ย ย ย Information TechnologyInformation SecurityExperience in design, implementation and operation of Identity and Access Management solutions;ย ย ย Information TechnologyInformation Security and Risk ManagementExperience in assessing information security risks and delivering effective technical solutions to mitigate identified vulnerabilities. Proven expertise in the design, implementation, and operation of Information and IT Security Risk Management solutions.ย ย ย Information TechnologyInformation Security and Risk ManagementExperience in design, implementation and operation of Information and IT Security Risk Management solutions;
Asset ExpertiseFunctionNameExpertise Descriptionย ย ย Information TechnologyProject ManagementExperience in IT project management using the established project management methodology; eExperience in managing IT projects using best practice project management methodologies such as PMP and/or Prince2.
ย
Qualifications, Experience and Language skills
Bachelor's Degree in computer science, information management, IT Security or a related field.
Accredited information or IT security relevant certification, such as CISSP, CISM, CISA or GIAC.
Accredited certification in Project Management such as PMP, Prince2 as an asset.
Minimum of five years of professional experience managing information security programs in enterprise IT environments, applying standardized frameworks, such as ISO/IEC 27000.ย
Demonstrated expertise in IT risk management, policy development, writing and implementation, compliance monitoring, and stakeholder engagement, with a strong background in IT Project Management.ย
Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.
Remuneration
The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $70212 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 39249*, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; Other benefits include 6 weeks' annual leave, home leave travel, pension plan and health insurance. More information on the conditions of employment can be found at: https://www.iaea.org/about/employment/professional-staff/conditions
General Information
The IAEA's paramount consideration in the recruitment of staff member is to secure employees of the highest standards of efficiency, technical competence and integrity.Staff Members shall be selected without any unfair treatment or arbitrary distinction based on a person's race, sex, gender, sexual orientation, gender identity, gender expression, religion, nationality, ethnic origin, disability, age, language, social origin or other similar shared characteristic or trait.The IAEA is committed to gender equality and to promoting a diverse workforce. Applications from qualified women and candidates from developing countries are strongly encouraged.Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values): Integrity, Professionalism and Respect for diversity.The IAEA has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and the IAEA, including sexual harassment, abuse of authority and discrimination.Evaluation process
The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the selection criteria stated in the vacancy announcement. Applicants must provide complete and accurate information. Evaluation of qualified candidates may include an assessment exercise, which may be followed by a competency-based interview.Candidates under serious consideration for selection may be subject to reference and background checks as part of the recruitment process.Appointment information
Appointment is subject to a satisfactory medical report.Staff members may be assigned to any location.Candidates appointed to posts in the Professional and higher categories are subject to IAEA rotation policy and their maximum tour of service shall normally be seven years.The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above.