Senior Information Security Officer

Position Title: Senior Information Security Officer

Duty Station: Valencia, Spain

Classification: Professional Staff, Grade P4

Type of Appointment: Fixed term, one year with possibility of extension

Estimated Start Date: As soon as possible

Closing Date: 18 April 2024

Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.

IOM is committed to a diverse and inclusive work environment. Read more about diversity and inclusion at IOM at www.iom.int/diversity.

Applications are welcome from first- and second-tier candidates, particularly qualified female candidates as well as applications from the non-represented member countries of IOM. For all IOM vacancies, applications from qualified and eligible first-tier candidates are considered before those of qualified and eligible second-tier candidates in the selection process.

For the purpose of this vacancy, the following are considered first-tier candidates:

1. Internal candidates
2. External female candidates:
3. Candidate from the following non-represented member states: Antigua and Barbuda; Barbados; Botswana; Cabo Verde; Comoros; Congo (the); Cook Islands; Dominica; Fiji; Grenada; Guinea-Bissau; Holy See; Iceland; Kiribati; Lao People's Democratic Republic (the); Madagascar; Marshall Islands; Micronesia (Federated States of); Namibia; Nauru; Palau; Saint Kitts and Nevis; Sao Tome and Principe; Solomon Islands; Suriname; The Bahamas; Tonga; Tuvalu; Uzbekistan; Vanuatu

Second-tier candidates include:

All external candidates, except candidates from non-represented member states of IOM and female candidates.

Context:

Under the overall supervision of the Chief Information Officer/ Director, Department of ICT and direct supervision of Chief Information Security Officer (CISO) and in close collaboration with relevant Information and Communications Technology (ICT) Units at Headquarters (HQ) and worldwide ICT Teams, the Senior Information Security Officer will be responsible and accountable for supporting the Global Cybersecurity Strategy, in the area of Information Security and Risk Management including application security, data security, threat, vulnerability, risk, and compliance management.

Core Functions / Responsibilities:

1. Supervise and lead the development, design, implementation and management of cybersecurity Blue Team function and processes.
2. Supervise and lead the development, implementation, and management of information security and risk management function, processes, procedures, training, and playbooks.
3. Ensure the improved maturity level of data security to the defined higher level; and measure and report the progress regularly by developing Key Performance Indicators (KPI)/metrics for performance and risk monitoring.
4. Review and ensure the consistent implementation and compliance-monitoring of IOM-wide information security policies, operating procedures standards, and guidelines.
5. Coordinate and/or provide expert support to the security audit requests and ensure the implementation of recommendations (including FISMA/NIST 800-53 controls, ISO 27001).
6. Provide expert support to the implementation of the Global Cybersecurity Strategy, including the support of awareness-related activities and coordinating global workshops / webinars.
7. Monitor and audit information security controls while measuring results and responding to new risks. Gathers, develops, and organizes evidence for security audit.
8. Conduct various threat, vulnerability, risk and compliance assessments.
9. Manage cyber security projects.
10. Provide expert advice and support in investigation and audit.
11. Provide advice to request/tickets related to data security, rotation and access.
12. Provide expert guidance and advisory to support decision-making activities related to information security topics.
13. Perform such other duties as may be assigned.

Required Qualifications and Experience:

Education

• Master’s degree in Computer Science, Information Systems, Mathematics, Statistics or related field from an accredited academic institution with seven years of relevant professional experience; or,
• University degree in the above fields with nine years of relevant professional experience.
• Professional certification such as Certified Information Systems Security Professional (CISSP),Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO), Certified Secure Software Lifecycle Professional (CSSLP), Governance, Risk, and Compliance Professional (GRCP), Project Management Professional (PMP), or related will be a distinct advantage in addition to leaders.
• Information Technology Infrastructure Library (ITIL) and Prince2 Foundation are added advantages.

Experience

• Extensive experience in building a cybersecurity defensive team (BLUE TEAM);
• Extensive experience in building a cybersecurity governance, risk, and compliance practices;
• Extensive experience in creating policies, standards, and guide;
• Extensive experience in all aspects of application / data security (definition, implementation and validation);
• Extensive experience in simulating cyber-attacks and data breaches;
• Experience managing projects; and,
• Experience defining security strategies aligned with business and strategic objectives.

Skills

• Sound and Proven interpersonal skills;
• Solid organization and document, project management;
• Demonstrated investigative skills;
• Proven ability to continue to learn and grow;
• Basic knowledge of reporting tools (e.g., MS Excel, Power BI, Power BI Report Builder);
• Ability to translate technical security vulnerabilities into business risk/impact to applications;
• Demonstrated skill in creating security policies and procedures based on ISO27001, NIST

800-53 and Computer Information System (CIS) controls;

• Proven analytical and problem-solving skills and proactive thinking skills;• Able to articulate complex, technical concepts to non-technical audiences; and,
• Demonstrated English oral and written communications skills.

Languages

IOM’s official languages are English, French, and Spanish. All staff members are required to be fluent in one of the three languages.

For this position, fluency in English is required (oral and written). Working knowledge of French and/or Spanish and/or another official UN language (Arabic, Chinese, and Russian) is an advantage.

Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.

Notes

1

Accredited Universities are the ones listed in the UNESCO World Higher Education Database (https://whed.net/home.php).

Required Competencies:

Values - all IOM staff members must abide by and demonstrate these five values:

• Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.
• Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
• Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges. • Courage: Demonstrates willingness to take a stand on issues of importance.
• Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.

Core Competencies – behavioural indicators level 3

• Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
• Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
• Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.
• Accountability: Takes ownership for achieving the Organization’s priorities and assumes responsibility for own actions and delegated work.
• Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.

Managerial Competencies – behavioural indicators level 3

• Leadership: Provides a clear sense of direction, leads by example and demonstrates the ability to carry out the Organization’s vision. Assists others to realize and develop their leadership and professional potential.
• Empowering others: Creates an enabling environment where staff can contribute their best and develop their potential.
• Building Trust: Promotes shared values and creates an atmosphere of trust and honesty.
• Strategic thinking and vision: Works strategically to realize the Organization’s goals and communicates a clear strategic direction.
• Humility: Leads with humility and shows openness to acknowledging own shortcomings.

IOM’s competency framework can be found at this link.

https://www.iom.int/sites/default/files/about-iom/iom_revised_competency_framework_external.p df

Competencies will be assessed during a competency-based interview.

Other:

Internationally recruited professional staff are required to be mobile.

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

This selection process may be used to staff similar positions in various duty stations. Recommended candidates endorsed by the Appointments and Postings Board will remain eligible to be appointed in a similar position for a period of 24 months.

The list of NMS countries above includes all IOM Member States which are non-represented in the Professional Category of staff members. For this staff category, candidates who are nationals of the duty station’s country cannot be considered eligible.

Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, and background verification and security clearances. Subject to certain exemptions, vaccination against COVID-19 will in principle be required for individuals hired on or after 15 November 2021. This will be verified as part of the medical clearance process.

Vacancies close at 23:59 local time Geneva, Switzerland on the respective closing date. No late applications will be accepted.