The individual contractor will be responsible to deliver the following:
• Linux and Windows computing platform devices, network audit report
• Clear, concise and timely vulnerability assessment report, risk assessment report, BCP and DR plan, playbooks
• Compliance and assurance against enterprise standards and international standard such as ISO27001 or NIST 800 series
UN-House ESCWA
6 Months
Under the overall guidance of the Chief, ICTS, and direct supervision by the Head of Cloud, Infrastructure and Cybersecurity Unit, the IT Assistant (Senior Cybersecurity Analyst) will perform the following tasks:
• Lead in defining and executing cybersecurity roadmap to improve cybersecurity controls and compliance objectives.
• Lead and manage the deployment, implementation, operation, support and maintenance of the Information Security Management System (ISMS) based on ISO 27000 series standards.
• Lead to implement enterprise security policies and standards in cloud environment.
• Collaborate with internal and external entities in obtaining and maintaining ISO 27001 certification.
• Lead development, implementation, and maintenance of cybersecurity playbooks, runbooks, procedures and guidelines.
• Lead in the development, maintenance and implementation of enterprise policies and procedures related to cybersecurity
• Collaborate with software developers to ensure the appropriate security requirements are embedded in the correct phases of development.
• Working closely with software developers to improve development cycles, audit and automate release processes and then coordinate with operations to implement pushes and changes
• Lead in annual cybersecurity assessment process and all resulting remediation projects.
• Participate in systems security evaluations and review including development of systems security plans, implementation and maintenance of risk assessments, management of certification and accreditations of systems and security categorizations.
• Identify & communicate vulnerabilities & risks and propose controls and procedures to mitigate them.
• Lead coordination and preparation of formal responses to IT security inquires from internal and external authorities.
• Lead to develop, coordinate, evaluate, and maintain a comprehensive business continuity and disaster recovery plan.
• Conduct threat research and perform periodic risk assessments & penetration tests or security audits.
• Respond to incident investigations, perform triage activities, and utilize structured methodologies to prevent, detect respond to threats.
• Support control and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls, and recommends remedial action
• Audit the configuration of systems and network devices to ensure adherence to security best practices
• Monitor various equipment logs and network traffic to identify suspicious activity and then performs corrective action
• Perform assessments and design reviews to provide risk assurance over existing and future solutions
• Lead cybersecurity monitoring and incident response activities
A First Level University degree in Telecommunication, Information Technology, Computer Science or related area is required.
All candidates must submit a copy of the required educational degree. Incomplete applications will not be reviewed.
A minimum of fifteen years of consulting related work experience in two or more of the following areas: Application security, Information systems security, Network security, IT security auditing, Information security risk assessment or risk management.
Experience in Web Application, Network, Endpoint security, Threat, Vulnerability, Incident Management, and Governance, Risk and Compliance (GRC) is required.
Languages English and French are the working languages of the United Nations Secretariat; and Arabic is a working language of ESCWA.
For this position, fluency in English is required.
Note: “Fluency” equals a rating of ‘fluent’ in all four areas (speak, read, write, and understand) and “Knowledge of” equals a rating of ‘confident’ in two of the four areas.
THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.