The mandate of the Independent Investigative Mechanism for Myanmar (IIMM) was established by the Human Rights Council in its resolution 39/2, adopted on 27 September 2018. The creation of the Mechanism was welcomed by the General Assembly in its resolution 73/264, adopted on 22 December 2018.This position is located within the Information Systems Management Section (ISMS) of the Independent Investigative Mechanism for Myanmar (IIMM) located in Geneva, Switzerland. The incumbent reports to the Senior Information Systems Officer.
ResponsibilitiesUnder the overall supervision of the Senior Information Systems Officer, the incumbent is responsible for protecting and defending the information systems of the IIMM, and participates in the review and development of information security policies, standards and guidelines, and coordinates their implementation and reinforcement in the organization.
Within limits of delegated authority, the Cyber Security Officer will be responsible for the following duties:
1. Manages projects involving security threat studies, systems analysis, design, development and implementation of new, moderately complex systems to secure the information of the IIMM.
2. Develops detailed system and other functional specifications and user documentation for major systems and supports project owners in the definition of security requirements.
3. Provides specialized advice to users on potential security threats with particular responsibility for information security threats, analyzing users' requirements and translating these into new applications; determines application systems integration and linkage issues. Ensures that key risk issues are understood, communicated, and tracked as required.
4. Maintains, upgrades or enhances existing user systems; troubleshoots and provides continuing user support, to include resolving security threats, advising on the use of new techniques, monitoring, managing, and deploying security controls as appropriate to support business needs while minimizing risk. Oversees the close management and analysis of security information and events.
5. Develops and maintains information security management systems. Ensures appropriate data security and access controls considering both local and wide area issues. Establishes an information security and risk management functional capability and framework across the organization and establishes processes to respond in a timely and proactive manner to significant information security breaches.
6. Organizes and performs unit and integrated security testing, designing and utilizing test bases; assists users in acceptance testing. Conducts information security risk assessments across the enterprise at suitable intervals and regularly verifies that required information security and risk controls are in place, raising findings as noncompliance is found and driving improvement.
7. Participates in the investigation, communication, documentation, and resolution of information security incidents and assessing and correcting those incidents, performing driving root cause analysis to prevent future occurrences. Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
8. Develops training materials, operating and user manuals; trains staff in information security issues and ensures promotion and enforcement of information security policies.
9. Researches, analyzes and evaluates new technologies and makes recommendations for their deployment. 10. Participates in writing reports and papers on information security-related topics, system requirements, information strategy, etc.
11. Facilitates communications between ICTS, and OICT, and other relevant UN teams, in particular on matters related to information security. Serves as coordinator in the development of service level agreements with ICTS or other service providers, for either specific IT services or general technology support, including any charge back mechanisms.
12. Collaborates with other key stakeholders in development of a comprehensive Information Governance Plan, contributing to the design of a security architecture for the software, database, and information systems required by the IIMM, and drafting and enforcing data protection policies.
13. Provides guidance to, and may supervise, new/junior staff, consultants, etc.
• PROFESSIONALISM: Excellent analytical capacity. Knowledge of information technology/information management, particularly in systems analysis, database design and programming. Knowledge of several high level programming languages and significant exposure to and demonstrated proficiency in all aspects of programming and analysis, including structured/object-oriented design, relational systems, scripting and query languages, document design and management, hardware and software requirements, systems facilities and execution protocols. Strong analytical and problem-solving skills, to include proficiency in the development and implementation of systems of moderate size/complexity. Knowledge of interactive systems; good knowledge of organization’s information infrastructure and IT strategy as it relates to user area(s); independently maintains assigned systems and develops innovative approaches to resolve a wide range of issues/problems.Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matter; is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work.
• PLANNING & ORGANIZING: Develops clear goals that are consistent with agreed strategies; identifies priority activities and assignments; adjusts priorities as required; allocates appropriate amount of time and resources for completing work; foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary; uses time efficiently.
• TECHNOLOGICAL AWARENESS: Keeps abreast of available technology; understands applicability and limitation of technology to the work of the office; actively seeks to apply technology to appropriate tasks; shows willingness to learn new technology.
Advanced university degree (Master's degree or equivalent) in computer science, information systems, mathematics, statistics or related field. A first-level university degree in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree. Formal certification in information systems security, such as CISM, CCISP, CISSP or equivalent is desirable. Formal certification in project management methodology (such as Prince2) and in ITIL or equivalent is desirable.
Work ExperienceA minimum of five years of progressively responsible experience in planning, design, development, implementation and maintenance of computer information systems or related area is required.
Experience managing technology projects and resources is required.
Experience performing digital forensic analysis is desirable.
Experience assessing state-actor or similar level attack capabilities, hacking tools, and surveillance capabilities is desirable.
Experience designing and implementing information security technologies across a variety of platforms is desirable.
Experience using tools and techniques for threat and risk assessment (e.g., CRAM or COBRA) is desirable.
Experience using eDiscovery tools is desirable.
Experience implementing a data protection program is desirable.
English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in English is required.
AssessmentEvaluation of qualified candidates may include an assessment exercise followed by competency-based interview.
Special NoticeExtension of the appointment is subject to extension of the mandate and/or the availability of the funds.
Staff members are subject to the authority of the Secretary-General and to assignment by him or her. In this context, all staff are expected to move periodically to new functions in their careers in accordance with established rules and procedures.
The United Nations Secretariat is committed to achieving 50/50 gender balance in its staff. Female candidates are strongly encouraged to apply for this position.
Pursuant to section 7.11 of ST/AI/2012/2/Rev.1, candidates recruited through the young professionals programme who have not served for a minimum of two years in the position of their initial assignment are not eligible to apply to this position.
According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term “sexual exploitation” means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term “sexual abuse” means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term “sexual harassment” means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator’s working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment.
Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment.
Applicants are urged to follow carefully all instructions available in the online recruitment platform, inspira. For more detailed guidance, applicants may refer to the Manual for the Applicant, which can be accessed by clicking on “Manuals” hyper-link on the upper right side of the inspira account-holder homepage.
The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application.
Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.
THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.