Integrity, Professionalism, Respect for Diversity
•The temporary position is intended to fill the functions for a period of three months with possibility of extension, to start as soon as possible.
•The duration of the appointment is subject to the availability of funds.
•Candidates should have no expectation of any fixed-term appointment possibility after the end of this temporary assignment. If the selected candidate is an internal staff member of the UN Secretariat, the selection will be recorded as a temporary assignment.
•Subsequent to the initial temporary appointment, new and successive temporary appointments may be granted for service in the same office or in a different office any number of times, for any duration, provided that the length of service does not exceed the period of 364 calendar days.
•Upon separation from service, including, but not limited to, expiration or termination of, or resignation from, a fixed-term, continuing or permanent appointment, a former staff member will be ineligible for re-employment on the basis of a temporary appointment for a period of 31 days following the separation. In the case of separation from service on retirement, a former staff member will be ineligible for re-employment for a period of three months following the separation. This equally applies, mutatis mutandis, with respect to a former or current staff member who has held or holds an appointment in another entity applying the United Nations Staff Regulations and Rules and who applies for a temporary position with the Secretariat.
•A current staff member who holds a fixed-term, permanent or continuing appointment may apply for temporary positions no more than one level above his or her current grade. However, a current staff member who holds an appointment at the G-6 or G-7 level may also apply to temporary positions in the Professional category up to and including the P-3 level, subject to meeting all eligibility and other requirements for the position.
•A staff member holding a temporary appointment shall be regarded as an external candidate when applying for other positions, and may apply for other temporary positions at any level, subject to section 5.7 below and staff rule 4.16 (b) (ii). Therefore, a staff member holding a temporary appointment in the General Service or related categories may only apply to positions within those categories. For full information on eligibility requirements, please refer to section 5 of ST/AI/2010/4Rev.1 on Temporary Appointments. In its resolution 66/234, the General Assembly further “stressed that the Secretary-General should not recur to the practice of temporarily filling posts in the Professional and higher categories with General Service staff members who have not passed the General Service to Professional category examination other than on an exceptional basis, and requests the Secretary-General to ensure that temporary occupation of such posts by the General Service staff shall not exceed a period of one year, effective 1 January 2013…” Consequently, eligible candidates in the General Service or related categories for temporary job openings in the Professional category that have not passed the competitive examination may be selected only on an exceptional basis endorsed by the Office of Human Resources Management where no other suitable candidate could be identified.
•While this temporary assignment may provide the successful applicant with an opportunity to gain new work experience, the selection for this position is for a limited period and has no bearing on the future incumbency of the post. An external candidate selected for this position is bound by the prevailing condition of the staff selection system under ST/AI/2010/3, as amended, and ST/AI/2010/4/Rev.1. A staff member holding a temporary appointment who is recruited in the Professional and above categories on a temporary appointment, and placed on a position authorized for one year or longer may not apply for or be reappointed to his/her current position within six months of the end of his/her current service. This provision does not apply to staff members holding temporary appointments and placed on positions authorized for one year or more in duty stations authorized for peacekeeping operations or special political missions.
•The expression “Internal candidates”, shall mean staff members who have been recruited after a competitive examination under staff rule 4.16 or after the advice of a central review body under staff rule 4.15.
•For more details on the administration of temporary appointments please refer to ST/AI/2010/4/Rev.1.
•For information on special post allowance, please refer to ST/AI/1999/17. The Staff Regulations, Staff Rules and administrative issuances governing staff appointments can be viewed at: http://www.un.org/hr_handbook/English
This position is located within the Information Systems Management Section (ISMS) of the International, Impartial and Independent Mechanism to Assist in the Investigation and Prosecution of Persons Responsible for the Most Serious Crimes under International Law Committed in the Syrian Arab Republic since March 2011 (IIIM) located in Geneva, Switzerland. The Cyber Security Officer will be under the direct supervision of the Chief of the ISMS. The Cyber Security Officer is responsible for protecting and defending the information systems of the IIIM, developing and implementing an Information Governance Plan in conjunction with key stakeholders, and participating in other technical and strategic activities.
Within delegated authority, the Cyber Security Officer will be responsible for the following duties:
1) Actively defend the information systems of the IIIM by:
•Documenting and advising all staff of known, likely, and potential security threats with particular responsibility for cyber threats, including directly advising the Head;
•Making critical, timely decisions regarding practices, tools, policies, and other areas to protect and defend the IIIM's information systems;
•Providing metrics and reports regarding the performance and value of all information security tools;
•Conducting the investigation, communication, documentation, and resolution of information security incidents and assessing and correcting those incidents, performing driving root cause analysis to prevent future occurrences;
•Ensuring audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements;
•Adopting appropriate standards regarding information security issues arising from the use, development and implementation of information and communications systems, software applications and IT infrastructure;
•Responding in real-time to attacks, breaches, vulnerabilities, and threats;
•Working with software and hardware vendors to ensure prompt updating of products with appropriate patches, fixes, and upgrades, as needed;
•Developing and ensuring compliance with policies for information security;
•Coordinating with external security auditors and penetration testers to verify security of the Mechanism’s information systems and to identify and remedy vulnerabilities.
2) Collaborate with other key stakeholders to develop a comprehensive Information Governance Plan by:
•Designing a security architecture for the software, database, and information systems required by the IIIM;
•Developing a data protection policy and ensuring compliance with applicable data protection regulations;
•Implementing and enforcing the Information Governance Plan and related policies.
3) Participate in other technical and strategic activities by:
•Participating in selecting, recruiting, and hiring IIIM technical staff;
•Designing and directing a Cyber Security Operations Center, including developing and implementing hiring plan;
•Participating in procurement process, including making recommendations to Information Systems Manager and Head about software, hardware, and technology.
PROFESSIONALISM: Knowledge of systems design, and development, management, implementation and maintenance of complex information systems. Has leadership ability and expertise in cyber security at an enterprise level. Has understanding of current threat modeling and risk assessment techniques. Possess in-depth knowledge of state actor attack capabilities, hacking tools, and monitoring capabilities. Has knowledge of information technology security architecture across a variety of platforms, including: firewalls, intrusion prevention systems, SSL certificates, proxy and content filtering technologies, databases, and third party storage providers (“cloud services”). Has knowledge of tools and techniques used for threat and risk assessment (e.g., CRAM or COBRA). Possesses knowledge of IT-governance best practices, such as ITIL. Has excellent analytical capacity. Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matter; is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work.
TEAMWORK: Works collaboratively with colleagues to achieve organizational goals; solicits input by genuinely valuing others’ ideas and expertise; is willing to learn from others; places team agenda before personal agenda; supports and acts in accordance with final group decision, even when such decisions may not entirely reflect own position; shares credit for team accomplishments and accepts joint responsibility for team shortcomings.
PLANNING & ORGANIZING: Develops clear goals that are consistent with agreed strategies; identifies priority activities and assignments; adjusts priorities as required; allocates appropriate amount of time and resources for completing work; foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary; uses time efficiently.
TECHNOLOGICAL AWARENESS: Keeps abreast of available technology; understands applicability and limitation of technology to the work of the office; actively seeks to apply technology to appropriate tasks; shows willingness to learn new technology.
A minimum of seven years of progressively responsible work experience in cyber security with a minimum of two years in cyber security management, planning, or system design comprising experience in enterprise-level cyber security under extreme threat models; experience in applied security techniques such as defense against potential and actual cyber attacks; and experience detecting network incursions, is required. Experience designing cyber security policies at an enterprise level and experience deploying technology and policies to defend against risks, both in advance and in real time, is required. Experience designing, maintaining, and enforcing data protection policies, including compliance with the GDPR is desirable. Experience selecting and procuring software in an enterprise-level organization is an asset.
Advanced university degree (Master’s or equivalent degree), computer science, information security, network administration, or a related area. A first level university degree in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree. Certification from a recognized professional body or authority in cyber security (Certifications such as CISSP, CISM, or CISM-equivalent) and on-the-job training in cyber security is desirable. Certification in Penetration Testing, such as the Global Information Assurance Certified Penetration Tester (GPEN; GIAC) is an asset.
Fluency in written and spoken English is required. Knowledge of Arabic is desirable.
Evaluation of qualified candidates may include a desk review, an assessment exercise and /or a competency-based interview.応募する