Result of Service
Securing websites and web applications, both on-premises and in the cloud.
• Conducting a network audit report for Linux and Windows computing platform devices.
• Providing clear, concise, and timely vulnerability assessment reports, risk assessment reports, Business Continuity Planning (BCP) and Disaster Recovery (DR) plans, as well as playbooks.
• Ensuring compliance and assurance against enterprise standards and international standards such as ISO 27001 or NIST 800 series.
Work Location
UN-House ESCWA
Expected duration
6 months
Duties and Responsibilities
ESCWA operates in a high-risk cyber environment and identified the need to develop a local strategy and roadmap for cybersecurity, as well as to strengthen governance, risk management, and information technology controls in place. To this effect, ESCWA is establishing a comprehensive cybersecurity program.
In this context, the Senior Cybersecurity Analyst, will help in the implementation and administration of the new ESCWA cybersecurity program aiming to protect ESCWA’s assets from cyber threats by utilizing various technologies and methodologies.
Under the overall guidance of the Chief, ICTS, and direct supervision by the Head of Cloud, Infrastructure and Cybersecurity Unit, the IT Assistant – Senior Cybersecurity Analyst will perform the following tasks:
• Serve as a technical lead in defining and executing cybersecurity roadmap to improve cybersecurity controls and compliance objectives.
• Serve as a technical lead and manage the deployment, implementation, operation, support and maintenance of the Information Security Management System (ISMS) based on ISO 27000 series standards.
• Serve as a technical lead to implement enterprise security policies and standards in cloud environment.
• Collaborate with internal and external entities in obtaining and maintaining ISO 27001 certification.
• Serve as a technical lead for development, implementation, and maintenance of cybersecurity playbooks, runbooks, procedures and guidelines.
• Serve as a technical lead in the development, maintenance and implementation of enterprise policies and procedures related to cybersecurity.
• Collaborate with software developers to ensure the appropriate security requirements are embedded in the correct phases of development.
• Work closely with software developers to improve development cycles, audit and automate release processes and then coordinate with operations to implement pushes and changes.
• Serve as a technical lead in annual cybersecurity assessment process and all resulting remediation projects.
• Participate in systems security evaluations and review including development of systems security plans, implementation and maintenance of risk assessments, management of certification and accreditations of systems and security categorizations.
• Identify & communicate vulnerabilities & risks and propose controls and procedures to mitigate them.
• Serve as a technical lead for coordination and preparation of formal responses to IT security inquiries from internal and external authorities.
• Serve as a technical lead to develop, coordinate, evaluate, and maintain a comprehensive business continuity and disaster recovery plan.
• Conduct threat research and perform periodic risk assessments & penetration tests or security audits.
• Respond to incident investigations, perform triage activities, and utilize structured methodologies to prevent, detect respond to threats.
• Serve as a technical lead for control and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls and recommends remedial action.
• Audit the configuration of systems and network devices to ensure adherence to security best practices.
• Monitor various equipment logs and network traffic to identify suspicious activity and then performs corrective action.
• Perform assessments and design reviews to provide risk assurance over existing and future solutions.
• Serve as a technical lead for cybersecurity monitoring and incident response activities.
Qualifications/special skills
A bachelor’s degree or equivalent in Telecommunication, Information Technology, Computer Science or related area is required.
All candidates must submit a copy of the required educational degree. Incomplete applications will not be reviewed.
A minimum of ten years of consulting related work experience in two or more of the following areas: Application security, Information systems security, Network security, IT security auditing, Information security risk assessment or risk management is required.
A minimum of ten years of experience in Web Application, Network, and Endpoint security is required.
A minimum of ten years of experience in Threat, Vulnerability and Incident Management is required.
A minimum of five years of experience in Governance, Risk and Compliance (GRC) is required.
Languages
Languages English and French are the working languages of the United Nations Secretariat; and Arabic is a working language of ESCWA.
For this position, fluency in English is required.
Note: “Fluency” equals a rating of ‘fluent’ in all four areas (speak, read, write, and understand) and “Knowledge of” equals a rating of ‘confident’ in two of the four areas.
No Fee
THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.