Cybersecurity Officer

**Purpose of the Position**:
The Cybersecurity Officer will assist and support client organizations in establishing, implementing, maintaining and continually improving information security controls to ensure that information assets are adequately protected. The Officer will also be responsible for providing active support with Cybersecurity Governance practice at UNICC.

The Cybersecurity Officer will provide services to client organizations independently or under light supervision.

**Objectives of the Programme**:
The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.

**Main duties and responsibilities**

The incumbent will work under the direct supervision and guidance of the of Head, Cybersecurity Assurance Unit (CSGA) within the Cybersecurity Division (CS) and in close collaboration with other team members among the Division. The incumbent could be requested to do any others tasks of similar level in related fields. The incumbent will be required to:

- Develop and enhance an information security management framework based on the ISO 27000 standards
- Develop, maintain and publish up-to-date information security policies, standards and guidelines
- Oversee the approval, training, and dissemination of security policies and practices
- Create, communicate and implement the process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts
- Build regular reporting/dashboards on the current status of the cybersecurity programme to senior management and business units as part of a strategic enterprise risk management programme
- Help raise cybersecurity and risk management awareness for all employees, contractors and approved system users
- Provide active support during security incidents and events that affect organizational assets, including intellectual property, sensitive data and the organization’s reputation
- Provide direction, support and in-house consulting in effective disaster recovery policies and standards. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in case of a security event
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
- Ensure that security programs are in compliance with relevant rules, regulations, policies and standards to minimize or eliminate risks and audit findings
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
- Perform technical security assessments and develop strategies for remediating vulnerabilities and risks identified
- Work closely with other members of UNICC’s cybersecurity team to develop and deliver new and existing cybersecurity services

**Other**: Provide other ad hoc support either within the team or in other teams as required - this includes the participation in special projects or support to service delivery for short period of time on a part-time or full time basis upon request from the senior management

**Recruitment Profile**

**Experience and Skills required**:
**Essential**:

- At least five (5) years of experience in the cybersecurity area
- Ability to understand technical and business aspects of IT risk, and to communicate those risks to business and technical units so that the organization can make informed decisions regarding appropriate levels of information security control
- Strong analytical and problem-solving skills
- Ability to act calmly and competently in high-pressure, high-stress situations
- Excellent written and verbal communication skills, interpersonal and collaborative skills
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
- High degree of initiative, dependability and ability to work with little supervision

**Desirable**:

- Experience in achieving and maintaining ISO 27001 certification
- Project management skills and ability to manage multiple projects under strict timelines

**Education**:
**Essential**:

- First university degree in computer science, information systems, mathematics, statistics or related field
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cloud Security Professional (CCSP), ISO 27001 lead implementer/auditor, or other similar credentials

**Desirable**:

- Master’s degree or equivalent experience in computer science, information systems, mathematics, statistics or related field

**Languages**:

- **English**: Expert knowledge is required
- Knowledge of another official United Nati