JPO in Information Management Systems and Technology, ICT Information Security, ICT Risk Management
UNOG United Nations Office in Geneva – Junior Professional Officer Program (JPO)
I. General Information
Title: JPO in Information Management Systems and Technology, ICT Information Security, ICT Risk Management
Sector of Assignment: Information & Telecommunication Technology; Governance, Risk Management & Compliance
Organization/Office: United Nations – United Nations Office in Geneva (UNOG), Division of Administration, Information and Communications Technology Service
Country and Duty Station: Geneva, Switzerland
Duration of assignment: 2 years with possibility of extension for another year (Extension of appointment is subject to yearly review concerning priorities, availability of funds, and satisfactory performance.)
Please note that for participants of the JPO-Programme two years work experience are mandatory! Internships/scholarships can be counted at 50% if they were full time and are regarded as relevant professional experience. Remuneration is not the determining factor. We only count internships after the Bachelor's degree.
Title of Supervisor:
Head, Information Security Unit ICTS
Content and methodology of supervision:
Establishment of a Work Plan: During the first month of the assignment, the Junior Professional Officer (JPO) will work jointly with his/her direct supervisor to finalize an agreed upon work plan. The final work plan will be discussed and mutually agreed to by the JPO and his/her supervisor. The workpan will be monitored on a regular basis with weekly review meetings with the Information Security and quarterly programme evaluation.
The United Nations Performance Evaluation System (e-performance) will serve as a primary platform to evaluate of the JPO’s performance.
III. Duties, Responsibilities and Output Expectations
The incumbent, working in a team of information security professionals include the following duties:
- Assists in the development and review of Secretariat-wide information security policies, and related standards and guidelines. Assists to establish local information security policies and procedures and other relevant documents as required. Participates to the implementation of such information security policies, and related standards and guidelines.
- Assists in the implementation an information security management system and risk management framework in line and in coordination with Secretariat level efforts, to be used across the Department and supported entities and Organizations.
- Participates in information security risk assessments across the enterprise at suitable intervals. Ensures that key risk issues are understood, communicated, and tracked as required. Regularly verifies that required information security and risk controls are in place, raising findings as noncompliance is found and driving improvement.
- Is able to identify risks related to the System Development Life-Cycle (SDLC) and its associated key tasks. Provides advice on the security architecture and configuration complex systems and in general to project management processes and activities. Recommends security controls as appropriate to support business needs while minimizing risk.
Additionally, the incumbent is expected to support the following Information security functions/duties:
- Information management: Understands and complies with relevant organizational policies and procedures, taking responsibility for assessing risks around the use of information. Ensures that information is presented effectively. Provides inputs so that effective controls can be defined for internal delegation, audit and control and that the board receives timely reports and advice that will inform their decisions.
- Information security: Conducts security risk assessments for defined business applications or IT installations in defined areas, and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls. Performs risk and vulnerability assessments, and business impact analysis for medium size information systems.
- Business risk management: Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialised areas of risk, such as architecture and environment. Participates to the development of countermeasures and contingency plans.
- Technology audit: Contributes to risk based audit of existing and planned technology systems. Identifies IT risk in detail, assesses and tests the effectiveness of control measures and prepares formal reports in order to provide independent assurance on an organisation's information security, integrity and resilience.
IV. Qualifications and Experience
Master's Degree in engineering, computer science, information systems or related field.
A minimum of two years of progressively responsible experience in the planning, design, development, implementation and maintenance of enterprise information systems is required, experience in IT security or risk management is desirable.
English and French are the working languages of the United Nations Secretariat. For the post advertised, fluency in English is required, knowledge of French is desirable.
Familiarity with an IT risk assessment or IT risk management framework is desirable. Familiarity with an IT security standard or framework is desirable.
Knowledge of basic IT systems analysis and design techniques, testing, debugging and documentation standards; knowledge of IT security and risk assessment techniques is desirable; Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matters; Is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; Shows persistence when faced with difficult problems or challenges; remains calm in stressful situation; Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work.
Considers all those to whom services are provided to be "clients" and seeks to see things from clients' point of view; establishes and maintains productive partnerships with clients by gaining their trust and respect; identifies clients' needs and matches them to appropriate solutions; monitors ongoing developments inside and outside the clients' environment to keep informed and anticipate problems; keeps clients informed of progress or setbacks in projects; meets timeline for delivery of products or services to client.
Works collaboratively with colleagues to achieve organizational goals; solicits input by genuinely valuing others’ ideas and expertise; is willing to learn from others; places team agenda before personal agenda; supports and acts in accordance with final group decision, even when such decisions may not entirely reflect own position; shares credit for team accomplishments and accepts joint responsibility for team shortcomings.
V. Learning Elements
On completion of the assignment, the JPO will have/be able to:
- Conduct risk management exercises and write risk mitigation plans
- Understand information security as a discipline
- Identify risks related to the software development lifecycle and develop risk management plans for the SDLC
VI. Background Information
This information should include:
- The Information and Communication Technologies Service is located under the Division of Administration of the Office of the United Nations at Geneva provides comprehensive information and communications technology (ICT) services supporting the business requirements of all entities in scope; fosters the introduction and adoption of ICT-related technological innovations; deploys centralized ICT services at the Palais des Nations and annex buildings; supports ICT governance in the capacity of Regional Technology Centre for Europe (RTC-E), coordinatsy ICT matters with UN Secretariat Offices in this continent.
- The JPO will be working in the Information Security Unit of ICTS, reporting to the Chief of Programme management, ICTS.
Bitte senden Sie Ihre Bewerbung direkt an das Büro Führungskräfte zu Internationalen Organisationen (BFIO).
Alle Bewerbungsformalitäten unter www.bfio.de, Stichwort: Junior Professional Officer (JPO)
Administration, management, Media, communications, Medien/Kommunikation, Other specialisations, Sonstige Fachgebiete, Verwaltung/Management
Büro Führungskräfte zu Internationalen Organisationen (BFIO)
Programm Beigeordnete Sachverständige - Beigeordnete Sachverständige (BS) sind international bekannt als Junior Professional Officers (JPOs), Associate Experts (AEs) oder Associate Professional Officers (APOs). …[mehr]