Cyber Security Officer

3 settimane fa


Bari, Puglia, Italia United Nations Global Service Centre A tempo pieno

Org. Setting and Reporting

The United Nations Global Service Centre (UNGSC) provides critical Supply Chain, Geospatial, Information and Telecommunications Technologies services and Training to all Secretariat Entities, Peacekeeping and Special Political missions, Agencies, Funds and Programmes of the UN system worldwide. This position is located in the Digital Compliance and Assurance Unit (DCAU) within the Service and Information Security Management Section (SISMS) of the Service for Geospatial, Information Technology and Telecommunication (SGITT) at the UNGSC, Brindisi, Italy. The incumbent will report to the Chief SISMS or other designated officer. Specialty: Vulnerability Management - Introduction and Work Interactions. Vulnerability Management is the process of proactively identifying and remediating known vulnerabilities in the Organization. The Cyber Security Vulnerability Management Specialist is responsible for identifying, analyzing, and mitigating vulnerabilities in an organization's computer systems, networks, and applications. This involves performing regular scans and assessments of the organization's infrastructure to identify potential vulnerabilities, prioritizing and categorizing the risks, and developing and implementing plans to remediate or mitigate them. The Cyber Security Vulnerability Management Specialist establishes and maintains relationships with the cyber security team members and other relevant staff within the same entity, as well as with the office of Information and Communications Technology. The specialist reports on activities, gets instructions, coordinates, exchanges information, collects data, and provides specific and thematic information.

Responsibilities

  • Manage the entire lifecycle of vulnerabilities from discovery, triage, assessment, monitoring, remediation, and validation.
  • Develop procedures for the Organization on patch and vulnerability management, including automated patch deployment, assessment procedures, and procedures for remediation.
  • Perform comprehensive vulnerability assessments and continuous monitoring across the organization to identify weaknesses and determine the need for security updates and fixes and advise risk management leadership team.
  • Work with different units to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified vulnerabilities.
  • Coordinate with appropriate teams to ensure prioritization of patching and mitigations to vulnerabilities.
  • Coordinate with external security auditors and penetration testers to verify security of information systems and to identify and remedy vulnerabilities.
  • Create and maintain inventory reports and alerts using inventory, vulnerability, and patch management systems.
  • Perform cyber security self-assessments based on Organization standards in preparation for audits, security assessments, or penetration tests.
  • Work together with the Threat and Incident management team in case of purple teaming exercises e.g., simulate security breaches, test detection and response capabilities.
  • Keep abreast of the current and emerging security issues, risks, threats, vulnerabilities, and advancements in cyber security techniques and technologies.
  • Participate in the activities related to changes to the Organization, business processes, information processing facilities and systems to ensure that effective internal controls are in place.
  • Collect and analyze data to identify trends or patterns and provide insights through graphs, charts, tables and reports using data visualization methods to enable data-driven planning, decision-making, presentation and reporting.

Competencies

Professionalism: Shows pride in work and in achievements. Demonstrates professional competence and mastery of subject matter. Is conscientious and efficient in meeting commitments, observing deadlines and achieving results. Is motivated by professional rather than personal concerns. Shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Gender: Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. Knowledge of Cyber Security industry standards, methodologies and frameworks and ability to adapt and integrate subsequent changes. Knowledge of and ability to apply cyber security and privacy principles and requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation); Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of cyber threats, network and application security principles, common vulnerabilities, and exploits. Ethics. Working collaboratively. Ability to give constructive feedback. Ability to analyze and interpret data in support of decision-making and convey resulting information to management. Technological Awareness: Keeps abreast of available technology; understands applicability and limitation of technology to the work of the office; actively seeks to apply technology to appropriate tasks; shows willingness to learn new technology. Judgement/Decision Making: Identifies the key issues in a complex situation and comes to the heart of the problem quickly. Gathers relevant information before making a decision. Considers positive and negative impacts of decisions prior to making them. Takes decisions with an eye to the impact on others and on the Organization. Proposes a course of action or makes a recommendation based on all available information. Checks assumptions against facts. Determines that the actions proposed will satisfy the expressed and underlying needs for the decision. Makes tough decisions when necessary.

Education

An advanced university degree (Master's degree or equivalent) in computer science, information systems, mathematics, statistics, information security, cyber security, or a related field is required. A first-level university degree (Bachelor's degree or equivalent) in combination with additional two years of qualifying experience may be accepted in lieu of the advanced university degree.

Job - Specific Qualification

An active certificate in Certified Information Systems Security Professional (CISSP) is required. Successful completion of both degree and non-degree programs in data analytics, business analytics or data science programs is desirable.

Work Experience

Demonstrate a minimum of seven years of progressively responsible experience only for the knowledge, skills, and abilities below labelled with is required. Demonstrated ability to identify systemic security issues based on the analysis of vulnerability and configuration data is required. Demonstrated skill in using network analysis tools to identify vulnerabilities (e.g., fuzzing, Nmap, etc.) and penetration testing tools and techniques is required. Experience in data analytics or related areas is desirable.

Languages

English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in English is required.

Assessment

Evaluation of qualified candidates may include an assessment exercise which may be followed by competency-based interview.

Special Notice

  • This position is temporarily available until 30 June 2025. If the selected candidate is a staff member from the United Nations Secretariat, the selection will be administered as a temporary assignment.
  • While this temporary assignment may provide the successful applicant with an opportunity to gain new work experience, the selection for this position is for a limited period and has no bearing on the future incumbency of the post.
  • Subject to the funding source of the position, the eligibility for this temporary job opening may be limited to candidates based at the duty station.
  • This temporary job opening may be limited to "internal candidates," who have been recruited through a competitive examination administered according to staff rule 4.16 or staff selection process including the review of a central review body established according to staff rule 4.15.
  • Staff members of the United Nations common system organizations who will reach the mandatory age of separation or retirement within the duration of the current temporary need period are not eligible to apply. Submitting an application or selection for the current temporary job opening does not delay or increase the mandatory age of separation.
  • Retirees above the mandatory age of separation who wish to be considered for the current temporary job opening must indicate the reason for their last separation as "retirement." Such retirees shall not be employed by the Organization, unless (a) the operational requirements of the Organization cannot be met by staff members who are qualified and available to perform the required functions; and (b) the proposed employment would not adversely affect the career development or redeployment opportunities of other staff members and represents both a cost-effective and operationally sound solution to meet the needs of the service.

United Nations Considerations

According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term "sexual exploitation" means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term "sexual abuse" means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term "sexual harassment" means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator's working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment. Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process. By accepting a letter of appointment, staff members are subject to the authority of the Secretary-General, who may assign them to any of the activities or offices of the United Nations in accordance with staff regulation 1.2 (c). Further, staff members in the Professional and higher category up to and including the D-2 level and the Field Service category are normally required to move periodically to discharge functions in different duty stations under conditions established in ST/AI/2023/3 on Mobility, as may be amended or revised. This condition of service applies to all position specific job openings and does not apply to temporary positions. Applicants are urged to carefully follow all instructions available in the online recruitment platform, inspira, and to refer to the Applicant Guide by clicking on "Manuals" in the "Help" tile of the inspira account-holder homepage. The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application. Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS' BANK ACCOUNTS.

#J-18808-Ljbffr
  • Cyber Security Engineer

    3 settimane fa


    Bari, Puglia, Italia Aubay Italia A tempo pieno

    Aubay è una società leader in Europa nelle aree di consulenza direzionale e ICT, quotata al mercato NYSE Euronext di Parigi. La nostra proposta: Siamo alla ricerca di una figura di Cyber Security Engineer da inserire nell'ambito di progetti del nostro Centro di competenza Security. La risorsa inserita nel team di Operations (SOC) del cliente sara'...


  • Bari, Puglia, Italia Aubay Italia A tempo pieno

    Aubay è una società leader in Europa nelle aree di consulenza direzionale e ICT, quotata al mercato NYSE Euronext di Parigi. La nostra proposta: Siamo alla ricerca di una figura di Cyber Security Engineer da inserire nell'ambito di progetti del nostro Centro di competenza Security. La risorsa inserita nel team di Operations (SOC) del cliente sara'...

  • Cyber Security Engineer

    3 settimane fa


    Bari, Puglia, Italia Aubay Italia A tempo pieno

    Aubay è una società leader in Europa nelle aree di consulenza direzionale e ICT, quotata al mercato NYSE Euronext di Parigi. La nostra proposta: Siamo alla ricerca di una figura di Cyber Security Engineer da inserire nell'ambito di progetti del nostro Centro di competenza Security. La risorsa inserita nel team di Operations (SOC) del cliente sara'...


  • Bari, Puglia, Italia TN Italy A tempo pieno

    About UsTN Italy offers a supportive work environment that fosters growth and development. We provide a platform for professionals to learn from experienced colleagues and contribute to our ongoing efforts to protect our clients' data and applications.Job ResponsibilitiesThe successful candidate will be responsible for proactively assessing and identifying...


  • Bari, Puglia, Italia Aubay Italia A tempo pieno

    Aubay è una società leader in Europa nelle aree di consulenza direzionale e ICT.La nostra proposta:Stiamo cercando un Esperto di Cyber Security da inserire nel nostro team di progetti.La risorsa ideale avrà il compito di configurare e gestire le soluzioni di sicurezza del network.La figura ideale ha maturato almeno 3 anni di esperienza nel ruolo.Le...


  • Bari, Puglia, Italia Teia Technologies S.R.L A tempo pieno

    **Descrizione Azienda**:**THE DIGITAL EVOLUTION COMPANY OF TODAY AND TOMORROW**Progettiamo soluzioni end-to-end per la **Digital Evolution** gestendone ogni area, grazie alle nostre sei anime tecnologiche: Lutech**Consulting**, Lutech**Solutions**, Lutech**Digital**, Lutech**Cybersecurity**, Lutech**Services** e Lutech**Cloud**.Siamo motivati da una passione...


  • Bari, Puglia, Italia Lutech Group A tempo pieno

    **THE DIGITAL EVOLUTION COMPANY OF TODAY AND TOMORROW**Progettiamo soluzioni end-to-end per la **Digital Evolution** gestendone ogni area, grazie alle nostre sei anime tecnologiche: Lutech**Consulting**, Lutech**Solutions**, Lutech**Digital**, Lutech**Cybersecurity**, Lutech**Services** e Lutech**Cloud**.Siamo motivati da una passione inesauribile per...


  • Bari, Puglia, Italia Aubay Italia A tempo pieno

    Aubay è una società leader in Europa nelle aree di consulenza direzionale e ICT, quotata al mercato NYSE Euronext di Parigi. La nostra proposta: Siamo alla ricerca di una figura di Cyber Security Engineer da inserire nell'ambito di progetti del nostro Centro di competenza Security. La risorsa inserita nel team di Operations (SOC) del cliente sara'...


  • Bari, Puglia, Italia Avature A tempo pieno

    Cyber Transformation ManagementDeloitte is a leading global network of professional services firms with over 457,000 people in over 150 countries. We offer innovative and sustainable solutions in various fields. As a Cyber Transformation Management Specialist, you will be part of our team that helps our financial services clients align with new DORA...


  • Bari, Puglia, Italia Avature A tempo pieno

    Stiamo cercando una figura consultant da inserire nel team Application Security di Deloitte NextHub nella sede di Bari, che lavorerà in modalità Hybrid. Nel team NextHub Application Security avrai la possibilità di condividere la tua esperienza e le tue conoscenze con i colleghi più giovani, iniziando a sviluppare capacità di leadership e individuando...

  • Cyber Architect

    2 settimane fa


    Bari, Puglia, Italia Experis A tempo pieno

    ***Descrizione**Experis, brand di ManpowerGroup, leader in 54 paesi nella Ricerca e Selezione del personale, sviluppo di Career & Skills, Consulenza IT and Engineering e System Integration, per la propria divisione RAILWAY è alla ricerca di un/una:**CYBER ARCHITECT**La persona, sarà inserito all'interno di un team internazionale e nell'esercizio delle...


  • Bari, Puglia, Italia TN Italy A tempo pieno

    Experienced – Cyber Digital Identity - NextHub Bari, BariClient:Location:Job Category:Other EU work permit required:Yes Job Reference:2bb400fb9840 Job Views:3 Posted:08.02.2025 Expiry Date:25.03.2025 Job Description:What impact will you make? Stiamo cercando una figura consultant da inserire nel team Digital Identity di Deloitte NextHub nella sede di...


  • Bari, Puglia, Italia TN Italy A tempo pieno

    Experienced – Cyber Digital Identity - NextHub Bari, BariClient:Location:Job Category:Other EU work permit required:Yes Job Reference:2bb400fb9840 Job Views:3 Posted:08.02.2025 Expiry Date:25.03.2025 Job Description:What impact will you make? Stiamo cercando una figura consultant da inserire nel team Digital Identity di Deloitte NextHub nella sede di...


  • Bari, Puglia, Italia Avature A tempo pieno

    Location Bari Business Area DNH - CYBER Seniority Junior Business Function NEXTHUB - TECHNOLOGY & TRANSFORMATION What impact will you make?We are seeking a junior to join the Cyber Transformation Management FS team at NextHub in Bari working in a Hybrid mode. The Cyber Transformation Management FS team helps our financial services clients align with new...


  • Bari, Puglia, Italia Aubay Italia A tempo pieno

    **Sicurezza informatica: il tuo futuro**Noi siamo alla ricerca di un Cyber Security Engineer da inserire nel nostro team di Operations (SOC). La risorsa sarà responsabile della configurazione e gestione delle soluzioni di network security.**Principali responsabilità*** Configurazione e gestione dei dispositivi firewall;* Setup e ottimizzazione delle regole...


  • Bari, Puglia, Italia Avature A tempo pieno

    Your RoleYou will manage resilience and BCM projects by identifying, evaluating, and designing innovative and best-in-class solutions to allow our clients to face the continuously evolving threat landscape, demonstrating operational excellence, vision, and strategic thinking.You will execute complex project activities requiring the definition of new...


  • Bari, Puglia, Italia Excelerate A tempo pieno

    SOC AnalystAre you an experienced SOC Analyst ready for your next career challenge?Would you like to join the Cyber Security division of a global leader and take your expertise to the next level?Type: PermanentLocation: Bari, ItalySalary: Up to €38,000 + On-Call Allowance + BenefitsWe are partnering with a leading managed security services provider known...


  • Bari, Puglia, Italia Leonardo A tempo pieno

    Leonardo è un gruppo industriale internazionale, tra le principali realtà mondiali nell'Aerospazio, Difesa e Sicurezza che realizza capacità tecnologiche multidominio in ambito Elicotteri, Velivoli, Aerostrutture, Elettronica, Cyber Security e Spazio. Con oltre 53.000 dipendenti nel mondo, l'azienda ha una solida presenza industriale in Italia, Regno...


  • Bari, Puglia, Italia Leonardo A tempo pieno

    Leonardo è un gruppo industriale internazionale, tra le principali realtà mondiali nell'Aerospazio, Difesa e Sicurezza che realizza capacità tecnologiche multidominio in ambito Elicotteri, Velivoli, Aerostrutture, Elettronica, Cyber Security e Spazio. Con oltre 53.000 dipendenti nel mondo, l'azienda ha una solida presenza industriale in Italia, Regno...


  • Bari, Puglia, Italia NTT DATA A tempo pieno

    Job Description Per la Business Unit Cybersecurity di NTT DATA Italia stiamo cercando un profilo con esperienze tecnologiche avanzate negli ambiti Network Security e Endpoint Protection (Senior Network Defender).All'interno dell'area di business, tale figura dovrà contribuire alla definizione dell'offering e alla gestione di progetti su tematiche relative...