Job Opening

Posting Title: Information Security Auditor
Department/Office: Office of the IIIM-SYRIA
Duty Station: GENEVA
Posting Period: 29 September 2021 - 30 October 2021
Job Opening Number: 21-Syria International, Impartial and Independent Mechanism-164737-Consultant
Staffing Exercise N/A
United Nations Core Values: Integrity, Professionalism, Respect for Diversity

Result of Service

Identifying possible solutions to the audit findings related to the design, governance and/or current application of the existing Information Security Management System. The solutions and recommendations identified ought to be concrete, implementable and in alignment with the needs, the regulatory framework and the environment under which the IIIM operates.

Work Location

Remotely

Expected duration

> From November 1, 2021 to December 31, 2021 (two months)

Duties and Responsibilities

This position is located in the Information Systems Management Section (ISMS) of the International, Impartial and Independent Mechanism for Syria (IIIM). The Information Security Auditor will report to the Head of the Information Security Unit and will be responsible for the following duties:

> Develop and execute a detailed information security audit plan and programme in close cooperation with the Head of the Information Security Unit.

> Develop a comprehensive methodological approach for the information security audit.

> Validate the scope and details of the audit testing and the selection of:
- key individuals / stakeholders to be interviewed / consulted; and
- other entities (UN/non-UN) to be included during the course of the audit.

> Analyze the current state of the Information Security Management System in IIIM vis-à-vis ISO27001 and other industry best practices.

> Evaluate and determine the adequacy of existing information security controls (general and application controls) and services in effectively supporting the needs of IIIM:
- Test of design and implementation;
- Test of operating effectiveness.

> Identify concrete opportunities (and suggested ways forward) for improving the application, alignment, and integration of the Information Security Management System across the Organization.

> Submit an evaluation report on Information Security Management System and internal controls of the existing information systems and related ICT infrastructure which includes:
- an overall assessment of the areas for improvement in the IIIM’s Information Security Management System, including a detailed account of the main control deficiencies, the cause of the deficiencies, and their potential impact on the Organization; and
- a comprehensive description of existing gaps against ISO27001.

> Validate and discuss with the senior management, identifying possible solutions to the audit findings related to the design, governance and/or current application of the existing Information Security Management System. The solutions and recommendations identified ought to be concrete, implementable and in alignment with the needs, the regulatory framework and the environment under which the IIIM operates.

> Finalize the draft report reflecting feedback received from the key stakeholder meeting(s) and submit it to the Head of the Information Security Unit.

The candidate will perform the work remotely.

Qualifications/special skills

Licenses & Certificates: Professional qualifications and certifications in Information Systems auditing; Information/Cyber Security auditing.
Academic Qualifications: Advanced degree in Computer Science, Information Technology, Information Science, Information Systems, Information Security or a related field from a recognized university or First degree in Computer Science, Information Technology, Information Science, Information Systems, Information Security or a related field from a recognized university in combination with qualifying experience
Experience: Minimum of five years extensive work experience in auditing Information Systems in International Organizations or seven years of similar work experience for a candidate with first degree.
Language: Fluency in English is required

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.

Home | Privacy notice | Site map | Fraud alert | Contact Us
Copyright 2021 United Nations. All rights reserved