Description Background The United Nations Volunteers (UNV) programme is administered by UNDP and follows all UNDP rules and regulations. UNV is the UN system common service that promotes volunteerism to support peace and development worldwide. Volunteerism can transform the pace and nature of development, and it benefits both societies at large and individual volunteers. UNV contributes to peace and development by advocating for volunteerism globally, encouraging partners to integrate volunteerism into development programming, and mobilizing volunteers. UNV’s Management Services hold the responsibility for the strategic planning, managerial leadership, oversight and quality control of an integrated platform of operational services ensuring timely, effective and efficient delivery according to corporate performance standards and in compliance with the UN Regulations and Rules and UNDP´s accountability framework. The ICT Infrastructure team at UNV Information and Communications Technology Section (ICTS) is responsible for the operations of the data centre and the provision of all ICT hardware, software, network and telecommunications services to UNV HQ. Under the supervision the ICT Infrastructure Team Lead, the ICT Infrastructure Analyst contributes to the deliveries of the UNV Digital Strategy in the area of Digital Workspace, Cloud migration and Cyber-security As organizations face increasingly sophisticated cyberattacks, this role works to strengthen UNV's cybersecurity protection, both in terms of human resources/practice and systems. This involves scanning systems for potential risks, adopting innovative solutions to advance UNV IT infrastructure & Applications as well as training employees to adopt safe cybersecurity practices. Scope of Work Under the supervision of the Team Leader/ICTS Infrastructure, the ICT Analyst, Information Security is responsible for comprehensive incident handling in accordance with policy and guidelines which includes how incidents are defined, reported, verified, tracked, contained, and recovered. Specifically, the incumbent will be involved with: 1. Security Operations & Incident Response Monitor and evaluate change requests, releases, events, alerts, and notifications for indications of weak practice and suspicious/unauthorized activity. Support the response to detected or reported cybersecurity incidents. Ensure incident response readiness for ICT-related UNV services. Monitoring vendor and industry alerts, warnings, and security advisories, and follow up with system and service owners to ensure risks are mitigated. Keep an updated inventory of UNV digital assets and ensure availability, confidentiality, and integrity. Coach application owners, data owners, and service owners on backup/restore procedures and business continuity measures. Coordinate vulnerability scans with provider(s). 2. Security Engineering, Automation & Tools Management Support the development of solutions to automate cybersecurity tasks. Maintain cloud-native security solutions including SIEM, SOAR, and related tools. Develop automation pipelines and custom scripts to reduce manual labor and minimize human error. Assist in initiatives to improve overall UNV cybersecurity posture, including automation of security testing. 3. Secure Development, Architecture & Risk Management Collaborate with development teams to integrate security best practices throughout all phases of the SDLC. Assist in conducting security risk assessments, code reviews, and vulnerability assessments for UNV applications. Support threat modelling and security architecture reviews to identify potential risks. Work closely with the UNDP security team to implement ISO 27001/2 information management certification for UNV. 4. Governance, Compliance, Awareness & Training Aid in the promotion of security best practices and plan security awareness trainings. Contribute to the preparation and delivery of in-house training on cybersecurity topics for a broad range of audiences. Support the development and enforcement of UNDP security policies, standards, training, and guidelines for team members and staff. The incumbent performs other duties within their functional profile as deemed necessary for the efficient functioning of the Office and the Organization. Institutional Arrangement The ICT Analyst, Information Security reports to the Team Leader/ infrastructure in the ICTS. Competencies Core Achieve Results: Plans and monitors own work, pays attention to details, delivers quality work by deadline Think Innovatively: Open to creative ideas/known risks, is pragmatic problem solver, makes improvements Learn Continuously: Open minded and curious, shares knowledge, learns from mistakes, asks for feedback Adapt with Agility: Adapts to change, constructively handles ambiguity/uncertainty, is flexible Act with Determination: Shows drive and motivation, able to deliver calmly in face of adversity, confident Engage and Partner: Demonstrates compassion/understanding towards others, forms positive relationships Enable Diversity and Inclusion: Appreciate/respect differences, aware of unconscious bias, confront discrimination People Management UNDP People Management Competencies can be found in the dedicated site. Cross-Functional & Technical competencies IT Security Management Knowledge of Cyber Security technologies, processes, techniques and tools. Apply practical innovations to solve cybersecurity problems. Capability to keep UNV systems and data safe. Knowledge of ISO 27001, ISO 27701 and ISO 22301 principles. CSSIP, CISM, CISA or equivalent certification desirable. Data governance Knowledge of data science, skills to develop data management tools, organize and maintain databases and operate data visualization technologies. Digital identity & wellbeing Knowledge of issues around digital identity and digital wellbeing and the ability to advise safe/healthy practices in regard to these areas. IT Customer Support Ability to support customers on IT related issues and generate and contribute to continuous improvement processes to deliver a great user experience. Knowledge of ISO 9001 is desirable. ITIL of ISO 20000 certification or similar is desirable. Digital Awareness and Literacy Ability to monitor new and emerging technologies, as well as understand their usage, potential, limitations, impact, and added value. Ability to rapidly and readily adopt and use new technologies in professional activities, and to empower others to use them as needed. Knowledge of the usage of digital technologies and emerging trends. Required Skills and Experience Education: Advanced university degree (master’s degree or equivalent) in Information Technology, Computer Science, Engineering or related discipline is required, or A first-level university degree (bachelor’s degree) in the areas mentioned above, in combination with an additional two years of qualifying experience will be given due consideration in lieu of advanced university degree Experience: Applicants with Master’s degree (or equivalent) in a relevant field of study are not required to have professional work experience. Applicants with a Bachelor’s degree (or equivalent) are required to have a minimum of two (2) years of relevant professional experience in the areas of computer science, cybersecurity, data management, DevOps, or related activities at national or international level. Desired skills in addition to the competencies covered in the Competencies section: Strong knowledge of cybersecurity fundamentals and experience in operating cybersecurity threat detection systems; Experience in developing and formally presenting security related information and new cybersecurity policies to management and IT managers to facilitate comprehension and decision-making; Knowlege of how to apply Cyber Threat Intelligence; Knowledge of how to work with threat detection and incident response systems; Knowledge of international standards and best practices in cybersecurity, risk, and service management (ISO 27001:2022, 9001:2015, 20000:2011, 22301:2012, 27701:2020); Knowledge on how to provide security related training to users in the form of webinars. Required Languages: Fluency in English is required; Working knowledge of other UN official language is desired. Professional Certificates ITIL (Information Technology Infrastructure Library certification) and or CEH (Certified Ethical Hacker), or similar is desired. Equal opportunity As an equal opportunity employer, UNDP values diversity as an expression of the multiplicity of nations and cultures where we operate and, as such, we encourage qualified applicants from all backgrounds to apply for roles in the organization. Our employment decisions are based on merit and suitability for the role, without discrimination. UNDP is also committed to creating an inclusive workplace where all personnel are empowered to contribute to our mission, are valued, can thrive, and benefit from career opportunities that are open to all. Sexual harassment, exploitation, and abuse of authority UNDP does not tolerate harassment, sexual harassment, exploitation, discrimination and abuse of authority. All selected candidates, therefore, undergo relevant checks and are expected to adhere to the respective standards and principles. Right to select multiple candidates UNDP reserves the right to select one or more candidates from this vacancy announcement. We may also retain applications and consider candidates applying to this post for other similar positions with UNDP at the same grade level and with similar job description, experience and educational requirements. Scam alert UNDP does not charge a fee at any stage of its recruitment process. For further information, please see www.undp.org/scam-alert.