Information Security Manager (P-4)

Vienna, Austria
negotiable Expires in 3 months

JOB DETAIL

VA ID: VA139-2044-2024
Grade Level: P-4
Division: International Data Centre Division
Section:
Office of the Director, IDC
Unit:
Type of Appointment: Fixed Term Appointment
Date of Issuance: 26 July 2024
Deadline for Applications: 10 September 2024
Vacancy Reference VA139-2044-2024
Reporting Date: As soon as possible
Please note that all candidates should adhere to CTBTO Values of Integrity, Professionalism and Respect for Diversity.

Qualified female applicants and persons with disabilities are encouraged to apply.

A roster of suitable candidates may be established for similar positions at the same level as a result of this selection process for a period of two (2) years.

Organizational Background

The Preparatory Commission for the Comprehensive Nuclear-Test-Ban Treaty Organization with its headquarters in Vienna, Austria is the international organization setting up the global verification system foreseen under the Comprehensive Nuclear-Test-Ban Treaty (CTBT), which is the treaty banning any nuclear-weapon-test explosion or any other nuclear explosion. The Treaty provides for a global verification regime, including a network of 337 stations worldwide, a communications system, an international data centre and on-site inspections to monitor compliance.

Organizational Setting

This position is located in the Office of the Director, International Data Centre Division (IDC).

Reporting Lines

Under the supervision of the Director, International Data Centre Division (IDC) and in close collaboration with section chiefs across the CTBTO, to:

Duties and Responsibilities

  1. Plan and take appropriate action to protect the CTBTO from risks to the confidentiality, integrity and availability of its information assets;
  2. Provide guidance on information security and develop and implement information security architecture to protect information assets from loss or misuse and to mitigate the risk of financial, productivity and reputation loss to the CTBTO;
  3. Work closely with the Chief Information Technology Officer (CITO) on the development, implementation and continuous evaluation and controls of information security policies pertaining to the CTBTO;
  4. Drive the development of an information security policy, ensuring that it is reviewed and updated at regular intervals to respond to any changes in the risk assessment or risk treatment plan, keeping leadership informed of issues that have an impact on the effectiveness of this policy and the information security programme in general, communicating this policy to all staff members and to other individuals or entities authorized to access information assets as appropriate, and overseeing the implementation of and compliance with this policy including establishing systems to assist in the monitoring and management of compliance;
  5. Evaluate potential risks, determine security requirements and recommend suitable countermeasures to manage risks in areas related to the handling and protection of information;
  6. Organize and coordinate the training of staff in the areas of operations, information, communications, personnel, facility and information technology related security procedures;
  7. Assist individual organizational units to comply with the information security policy by providing consultancy and support and by performing ongoing reviews;
  8. Participate in the process of authorizing all new information systems or applications to ensure that security considerations are adequately addressed prior to a new system being approved for use;
  9. Be responsible for managing the CTBTO’s Public Key Infrastructure (PKI)
  10. Explore and evaluate emerging technologies as potential future enhancements to the Commission’s security infrastructure;
  11. Perform other duties as assigned.

Education

  • Advanced University degree in computer science, information management, information security or a related field.

Work Experience and Qualifications

  • At least seven (7) years relevant working experience, part of which should have been in an international environment, in information security (on premise and in cloud environments) based on UNIX/LINUX, Windows, Web, Oracle/Postgres databases, satellite communications and distributed computing across the Internet.
  • Hands-on experience in the establishment and practical implementation of Organizational Information Security policies, and IT security infrastructure systems providing access control, vulnerability management, incident identification and incident response is essential.
  • Deep Knowledge in Security Frameworks: Familiarity with NIST, ISO 27001/27002, COBIT, and ITIL.
  • Proficiency with cloud platforms and protocols (AWS, Azure, Google Cloud).
  • Incident Response and Forensics: Experience with incident response processes and digital forensics.
  • Advanced Threat Detection: Knowledge of advanced persistent threats (APT), intrusion detection systems (IDS), and intrusion prevention systems (IPS).
  • Excellent knowledge and practical experience with setting up and using PKI and proven project management skills is essential;
  • An internationally recognized information or IT security relevant certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Global Information Assurance Certification (GIAC) is essential; Prince2 or PMP certification is desirable.

Languages

  • Excellent written and oral communication skills in English are essential.
  • Knowledge of other official CTBTO languages (Arabic, Chinese, French, Russian and Spanish) is desirable.

Competencies

  • Professionalism – Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matter; is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations;
  • Communication – Speaks and writes clearly and effectively; listens to others, correctly interprets messages from other and responds appropriately; asks questions to clarify, and exhibits interest in having two-way communication; tailors language, tone, style and format to match the audience; demonstrates openness in sharing information and keeping people informed;
  • Planning and organizing – Develops clear goals that are consistent with agreed strategies; identifies priority activities and assignments; allocates appropriate amount of time and resources for completing work; foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary;
  • Team work – Works collaboratively with colleagues to achieve organisational goals; solicits input by genuinely valuing others’ ideas and expertise; is willing to learn from others; places team agenda before personal agenda; builds consensus for task purpose and direction with team members; supports and acts in accordance with final group decisions, even when such decisions may not entirely reflect own position; shares credit for team accomplishments and accepts joint responsibility for team shortcomings;
  • Accountability – Takes ownership of all responsibilities and honors commitments; delivers outputs for which one has responsibility within prescribed time, cost and quality standards; operates in compliance with organizational regulations and rules; supports subordinates, provides oversight and takes responsibility for delegated assignments; takes personal responsibility for his/her own shortcomings and those of the work unit, where applicable;
  • Creativity – Actively seeks to improve programmes or services; offers new and different options to solve problems or meet client needs; promotes and persuades others to consider new ideas; takes calculated risks on new and unusual ideas; thinks “outside the box”; takes an interest in new ideas and new ways of doing things; is not bound by current thinking or traditional approaches;
  • Client orientation – Considers all those to whom services are provided to be “clients” and seeks to see things from clients’ point of view; establishes and maintains productive relationships with clients by gaining their trust and respect; identifies clients’ needs and matches them to appropriate solutions; monitors ongoing developments inside and outside the clients’ environment to keep informed and anticipate problems; keeps clients informed of progress and setbacks in projects; meets timeline for delivery of products or services to clients;
  • Commitment to continuous learning – Keeps abreast of new developments in own occupation/profession; actively seeks to develop oneself professionally and personally; contributes to the learning of colleagues and subordinates; shows willingness to learn from others; seeks feedback to learn and improve;
  • Technological Awareness – Keeps abreast of available technology; understands applicability and limitations of technology to the work of the office; actively seeks to apply technology to appropriate tasks, shows willingness to learn new technology.

Remuneration

CTBTO offers an attractive compensation and benefits package in accordance with the policies of the International Civil Service Commission. For more information on UN salaries, allowances and benefits, see link: http://www.un.org/Depts/OHRM/salaries_allowances/salary.htm). The salary offered may be subject to deductions to the United Nations Joint Staff Pension Fund and/or Health Insurance Scheme.

Additional Information

  • All applications must be submitted through the CTBTO e-Recruitment system before the deadline stated in the vacancy announcement.
  • Incomplete applications and submission of employment history in formats other than the CTBTO Employment Information Form will not be considered
  • The CTBTO Preparatory Commission retains the discretion not to make any appointment to this vacancy; to make an appointment at a lower grade in particular if the candidate has less than the qualifications required; to make an appointment with a modified job description, or to offer a contract term for a shorter duration than indicated in the vacancy announcement.
  • Please note that the CTBTO will only consider academic credentials or degrees obtained from an educational institution recognized in the IAU/UNESCO list.
  • The CTBTO reserves the right to undertake correspondence only with shortlisted candidates.
  • Candidates under serious consideration for selection will be subject to a reference-checking process.
Vienna, Austria

location