Result of Service
The ultimate result of service for a cybersecurity analyst is to help ensure the confidentiality, integrity, and availability of an organization’s information and systems. The primary goal of a cybersecurity analyst is to protect the organization from cyber threats and to minimize the impact of cybersecurity incidents. This includes: • Identifying and mitigating vulnerabilities in the organization’s ICT Infrastructure, websites, web applications and endpoints. • Detecting and responding to security incidents in a timely manner. • Maintaining the organization’s compliance with relevant policies and standards. • Promoting a culture of security awareness within the organization. • Ensuring that security controls are implemented effectively and are operating as intended. • Contributing to the development of cybersecurity policies and procedures. • Monitoring emerging security threats and adjusting security strategies as needed. • Continuously improving the organization’s security posture through risk assessments, vulnerability scanning, penetration testing, and other cybersecurity testing activities.
Work Location
UN-House ESCWA
Expected duration
6 Months
Duties and Responsibilities
Background: The Office of Internal Oversight Services (OIOS) conducted an audit of cybersecurity preparedness at the Economic and Social Commission for Western Asia (ESCWA) from August to November 2022. OIOS noted that ESCWA operated in a high-risk cyber environment and there was a need to develop a local strategy and roadmap for cybersecurity and to strengthen governance, risk management, and information technology controls. In the Audit Results, OIOS recommended that ESCWA should establish a comprehensive cybersecurity programme. In this context, the Cybersecurity Analyst, in addition to assisting ESCWA to implement all OIOS Audit recommendations, will help protect ESCWA’s assets from cyber threats by using various technologies and methodologies. Duties and Responsibilities: Under the overall guidance of the Chief, ICTS, and direct supervision by the Head of Cloud, Infrastructure and Cybersecurity Unit, the IT Assistant (Cybersecurity Analyst) will perform the following tasks: • Monitoring ICT Infrastructure, websites, and web applications for security threats and vulnerabilities. • Responding to cybersecurity incidents, such as malware infections or phishing attacks. • Analyzing cybersecurity alerts and determining the appropriate response. • Conducting vulnerability assessments and penetration testing to identify potential weaknesses in the organization’s security posture. • Assisting with the implementation and maintenance of cybersecurity controls, such as firewalls, intrusion detection systems, and antivirus software. • Collaborating with other IT professionals, such as network administrators, system administrators, and software developers to ensure a coordinated approach to cybersecurity. • Assisting with incident response planning and testing to ensure the organization is prepared for cybersecurity incidents. • Assisting with the development and implementation of cybersecurity policies, technical procedures, and guidelines. • Assisting with the identification and assessment of risks and implementing risk management processes and procedures. • Supporting compliance with enterprise cybersecurity policies, relevant laws, regulations, and industry standards. • Assisting with the preparation of reports on governance, risk, and compliance issues for senior management. • Collaborating with other units and stakeholders to ensure a coordinated approach to governance, risk, and compliance. • Participating in continuous improvement efforts to enhance the organization’s governance, risk, and compliance practices. • Participating in risk assessments and internal audits to identify areas of non-compliance or potential risks. • Assisting with the development and implementation of BCP and DR plans to ensure the organization is prepared for potential disasters or disruptions. • Developing and documenting procedures for responding to disasters or disruptions. • Testing and evaluating BCP and DR plans to ensure they are effective and up-to-date. • Monitoring and reporting on compliance with policies and procedures, including tracking incidents of non-compliance and following up with appropriate parties. • Staying up-to-date on changes in enterprise cybersecurity policies, laws, regulations, and industry standards related to governance, risk, and compliance. • Assisting with the development and implementation of cybersecurity training programs to promote compliance and risk management awareness. • Participating in security awareness training and promoting a culture of cybersecurity within the organization.
Qualifications/special skills
A Bachelor’s degree in Information Technology, Computer Science or related area is required. All candidates must submit a copy of the required educational degree. Incomplete applications will not be reviewed. No previous work experience is required for this job opening. Knowledge in two or more of the following: Governance, Risk, Web Application BCP/DR , Application Security, Information security, Network, and Endpoint security is required. Knowledge of Threat, Vulnerability and Incident Management is required. Knowledge of Governance, Risk and Compliance (GRC) is required.
Languages
English and French are the working languages of the United Nations Secretariat; and Arabic is a working language of ESCWA. For this position, fluency in English is required. Note: “Fluency” equals a rating of ‘fluent’ in all four areas (speak, read, write, and understand) and “Knowledge of” equals a rating of ‘confident’ in two of the four areas.
Additional Information
Recruitment for this position is on a local basis. The incumbent is required to have the legal right to live and work in the specified working location.
No Fee
THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.