Result of Service

The ultimate result of service for a cybersecurity analyst is to help ensure the confidentiality, integrity, and availability of an organization’s information and systems. The primary goal of a cybersecurity analyst is to protect the organization from cyber threats and to minimize the impact of cybersecurity incidents. This includes:
• Identifying and mitigating vulnerabilities in the organization’s ICT Infrastructure, websites, web applications and endpoints.
• Detecting and responding to security incidents in a timely manner.
• Maintaining the organization’s compliance with relevant policies and standards.
• Promoting a culture of security awareness within the organization.
• Ensuring that security controls are implemented effectively and are operating as intended.
• Contributing to the development of cybersecurity policies and procedures.
• Monitoring emerging security threats and adjusting security strategies as needed.
• Continuously improving the organization’s security posture through risk assessments, vulnerability scanning, penetration, testing, and other cybersecurity testing activities.

Work Location

UN – House ESCWA

Expected duration

6 months

Duties and Responsibilities

Under the overall guidance of the Chief, ICTS, and direct supervision by the Head of Cloud, Infrastructure and Cybersecurity Unit, the IT Assistant (Cybersecurity Analyst) will perform the following tasks:

• Monitoring ICT Infrastructure, websites, and web applications for security threats and vulnerabilities.
• Responding to cybersecurity incidents, such as malware infections or phishing attacks.
• Analyzing cybersecurity alerts and determining the appropriate response.
• Conducting vulnerability assessments and penetration testing to identify potential weaknesses in the organization’s security posture.
• Assisting with the implementation and maintenance of cybersecurity controls, such as firewalls, intrusion detection systems, and antivirus software.
• Collaborating with other IT professionals, such as network administrators, system administrators, and software developers to ensure a coordinated approach to cybersecurity.
• Assisting with incident response planning and testing to ensure the organization is prepared for cybersecurity incidents.
• Assisting with the development and implementation of cybersecurity policies, technical procedures, and guidelines
• Assisting with the identification and assessment of risks and implementing risk management processes and procedures.
• Supporting compliance with enterprise cybersecurity policies, relevant laws, regulations, and industry standards.
• Assisting with the preparation of reports on governance, risk, and compliance issues for senior management.
• Collaborating with other units and stakeholders to ensure a coordinated approach to governance, risk, and compliance.
• Participating in continuous improvement efforts to enhance the organization’s governance, risk, and compliance practices.
• Participating in risk assessments and internal audits to identify areas of non-compliance or potential risks.
• Assisting with the development and implementation of BCP and DR plans to ensure the organization is prepared for potential disasters or disruptions.
• Developing and documenting procedures for responding to disasters or disruptions.
• Testing and evaluating BCP and DR plans to ensure they are effective and up-to-date.
• Monitoring and reporting on compliance with policies and procedures, including tracking incidents of non-compliance and following up with appropriate parties.
• Staying up-to-date on changes in enterprise cybersecurity policies, laws, regulations, and industry standards related to governance, risk, and compliance.
• Assisting with the development and implementation of cybersecurity training programs to promote compliance and risk management awareness.
• Participating in security awareness training and promoting a culture of cybersecurity within the organization.

Qualifications/special skills

A bachelor’s degree in information technology, Computer Science or related area is required.

All candidates must submit a copy of the required educational degree. Incomplete applications will not be reviewed.
A minimum of 3 months of experience in Web Application, Network, and Endpoint security is required.
A minimum of 3 months of work experience in two or more of the following areas: Governance, Risk, and Compliance, BCP/DR, Application security, Information systems security, and Network security is required.
A minimum of 3 months of experience in Threat, Vulnerability and Incident Management is required.
A minimum of 3 months of experience in Governance, Risk and Compliance (GRC) is required.

Languages

Languages English and French are the working languages of the United Nations Secretariat; and Arabic is a working language of ESCWA.

For this position, fluency in English is required.

Note: “Fluency” equals a rating of ‘fluent’ in all four areas (speak, read, write, and understand) and “Knowledge of” equals a rating of ‘confident’ in two of the four areas.

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.