- Organization: ICC - International Computing Centre
- Country: United States
- City: New York, USA
- Office: UNICC UNHQ New York
- Grade: P-4
Vacancy Notice Number: ICC/15/NY/600
Position Title: Information Security Services Officer
Position Type: Two years long term, renewable
Number of Positions: 1
Date of Issue: 4/13/2015
Date of Closing: 6/18/2015
Grade: P4
Annual Salary Estimation: USD 113,850 (net, single rate + post adjustment)
Duty Station: New York, USA
Organizational Location/Unit: International Computing Centre (ICC)
Position Description
Purpose of the Position
The Information Security Services Officer will provide services to assist and support client organizations in establishing, implementing, maintaining and continually improving a corporate wide information security management programme to ensure that information assets are adequately protected with the context of the organization. This includes selecting, implementing and managing security controls tailored to the needs of the organization. The Information Security Services Officer will also function as a trusted advisor providing independent advice to client organizations on the security programme strategy and direction in line with business needs.
Objectives of the Programme
The objectives of the Centre, as stated by its mandate, are to provide information and communication technology (ICT) services (including training) on an inter-organizational basis.
Summary of Assigned Duties
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is managed and controlled by the client organization. Facilitate information security governance through the implementation of a governance program, including an information security steering committee or advisory board.
- Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate and implement a process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
- Provide regular reporting on the current status of the information security program to senior management and business units as part of a strategic enterprise risk management program.
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
- Develop and enhance an information security management framework based on the ISO 27000 standards. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Coordinate information security and risk management projects with resources from the IT organization and business unit teams. Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Ensure that security programs are in compliance with relevant rules, regulations, policies and standards to minimize or eliminate risks and audit findings.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, sensitive data and the organization's reputation.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
- Liaise among external and internal stakeholders, including audit, legal and HR management teams as required, to ensure that the organization maintains an appropriate security posture.
- Perform other related duties and fulfil responsibilities as required.
Notes
- Technical and/or personalty tests may be carried out as part of these selection process.
- Only short-listed candidates will be contacted.
- The ICC retains the right not to make any appointment for this vacancy or to make an appointment for shorter duration than indicated above.
- Though you may not be selected for this advertised position, the ICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position.
ICC Global Competencies
- Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
- Communicating in a credible and effective way: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
- Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
- Fostering integration and teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
- Building and promoting partnerships across the organization and beyond: Develops and strengthens internal and external partnerships that can provide information, assistance and support to ICC. Identifies and uses synergies across the Organization and with external partners.
Essential:
- Sound knowledge of information security technologies.
- Ability to understand technical and business aspects of IT risk, and to communicate those risks to management, business and technical units so that the organization can make informed decisions regarding appropriate levels of information security control.
- Strong analytical and problem-solving skills.
- Ability to work well in a demanding, dynamic environment. Ability to act calmly and competently in high-pressure, high-stress situations.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, etc.
- Excellent written and verbal communication skills, interpersonal and collaborative skills.
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision.
- Project management skills and ability to manage multiple projects under strict timelines.
- A working knowledge of business management in international and/or not-for-profit environments.
Essential:
- Masters or advanced degree in information security, computer science or related field (or a bachelor's degree with additional years of work-related experience).
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials.
- Project Management qualification, such as PRINCE2
- Service management qualification, such as ITIL Practitioner
Essential:
- Minimum of seven years' experience in information security, risk management, or IT-related jobs. At least four must be in a senior information security role.
- Employment history must demonstrate increasing levels of responsibility.
- Experience in developing information security policies and procedures, as well as successfully executing programs in a dynamic environment.
- Project(s) for achieving and maintaining ISO 27001 certification
Expert knowledge of English is required.