Chief, Cyber Security

Job title:

Chief, Cyber Security

Company

United Nations Development Programme

Job description

Under the overall guidance of the Chief Information Officer (CIO) of the office of Information and Technology Management (ITM), and as part of the management team of the ITM, the Chief – Cyber security is responsible for managing UNDP`s information security risks, IT business continuity and IT disaster recovery plans . As organizations face increasingly sophisticated cyberattacks, the unit enables UNDP’s cybersecurity protection, both in terms of human resources and systems. This involves scanning systems for potential risks, adopting innovative solutions to protect IT applications and data as well as training employees to adopt safe cybersecurity practices. In addition, the unit is responsible to assess and test business continuity and disaster recovery plans.UNDP adopts a portfolio approach to accommodate changing business needs and leverage linkages across interventions to achieve its strategic goals. Therefore, UNDP personnel are expected to work across units, functions, teams, and projects in multidisciplinary teams in order to enhance and enable horizontal collaboration.1) Ensure effective management of the Cyber Security Services unit:

• Lead and supervise the Cyber Security Services unit, fostering team motivation, recruitment, performance evaluation, and training plan development.
• Develop, manage, and report on key performance indicators (KPIs) to ensure operational excellence, to maintain program efficiency, facilitate resource allocation, and elevate security program maturity.
• Drive continuous improvement in incident management processes, integrating with IT operations for seamless functionality.
• Coordinate the development of knowledge management sessions and processes to optimize IT platform utilization across the organization.
• Strategically design and oversee enterprise information security program to safeguard data integrity, confidentiality, and availability while ensuring compliance with regulations and policies to mitigate risks and audit findings effectively.
• Effectively communicate cyber security risks and mitigation strategies to senior management, providing expert guidance for IT projects, evaluating and recommending technical controls.

2) Ensure implementation of Risk Management strategies and ICT standards:

• Create and facilitate the information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings.
• Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regards to information classification and protection.
• Coordinate information security and risk management projects with staff from the IT organization and business unit teams.
• Develop, communicate and ensure compliance with organizational cyber security policies and standards.
• Create and manage information security and risk management awareness training programs and fraud awareness programme for all employees, contractors and approved system users.
• Provide subject matter expertise to executive management on a broad range of cyber security standards and best practices, such as ISO 27000, CobiT and ITIL.

3) Ensure implementation of Incident Prevention measures:

• Manage security incidents and events to protect corporate IT assets, including intellectual property, data, operability of corporate systems, fixed assets and the company’s reputation.
• In case of an Incident, the unit will be responsible for coordinating efforts within the organization to restore critical systems and provide facilities needed by the organization to function.
• Ensure security incidents and related ethical issues are referred to OAI for review and resolution without further disrupting operations, and are conducted in a fair, objective manner in alignment with UNDP values and code of business conduct and in full consultation with OAI and LSO as the situation might warrant.

4) Ensure Business Continuity, Disaster Recovery and Organization Preparedness:

• Develop effective disaster recovery policies and standards; coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a declared disaster and provide direction and in-house consulting in these areas.
• Coordinate with internal and external resources to ensure provisions for business continuity and recovery from potential incidents have been addressed.
• Manage cyber security incidents and events to protect corporate IT assets, including data, operability of corporate systems, Intellectual property, fixed assets and the company’s reputation.
• In case of an incident of cyber-attack or catastrophe, the unit will be responsible for coordinating efforts within the organization to restore critical systems and provide facilities needed by the organization to function.

5) Ensure Corporate Compliance and Relations Coordination:

• Liaise between the cyber security team and corporate compliance, audit, legal and HR management teams as required.
• Coordinate the use of external resources involved in the cyber security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
• Facilitate business alignment and communications by forming an information security steering committee or advisory board.
• Steer the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.

The incumbent performs other duties within their functional profile as deemed necessary for the efficient functioning of the Office and the OrganizationSupervisory/Managerial Responsibilities: Manage and supervise two direct reportsCompetenciesCore: Full list of UNDP Core Competencies can be found

• Achieve Results – LEVEL 4: Prioritize team workflow, mobilize resources, drive scalable results/strategic impact
• Think Innovatively – LEVEL 4: Easily navigate complexity, encourage/enable radical innovation, has foresight
• Learn Continuously – LEVEL 4: Create systems and processes that enable learning and development for all
• Adapt with Agility -LEVEL 4: Proactively initiate/lead organizational change, champion new systems/processes
• Act with Determination – LEVEL 4: Able to make difficult decisions in challenging situations, inspire confidence
• Engage and Partner – LEVEL 4: Construct strategic multi-partner alliances in high stake situations, foster co-creation
• Enable Diversity and Inclusion – LEVEL 4: Create ethical culture, identify/address barriers to inclusion

People ManagementUNDP People Management Competencies can be found in the dedicated .Cross-Functional & Technical competenciesInformation Management & Technology -IT Security Management

• Knowledge of Cyber Security technologies,

processes, techniques and tools. Apply practical
innovations to solve cybersecurity problems.
Capability to keep UNDP systems and data safe.
Knowledge of ISO 27001 principles. CSSIP, CSIM,
CISA or equivalent certification desirableDigital & Innovation – Digital thought leadership

• Ongoing research into emerging technologies and digital trends and the applications, risks, and opportunities associated with digital adoption, combined with the ability to communicate this synthesis with a broad audience.

Information Management & Technology – Information and Technology Strategy – Portfolio management and governance

• Knowledge of developing and implementing ICT strategy, portfolio and project management services, governance, and policies. Knowledge of project management principle. PMP or PRINCE2 certification of equivalent desirable.

Security Services – Security risk management

• Ability to assess threats and risks, identify and oversee implementation of mitigation measures, including ability to design and test security plans

Digital & Innovation – Data privacy and digital ethics

• Knowledge of ethical usage of digital technology (e.g. AI, robotics, automation) and data. Ability to assess ethical implications when using, combining or sharing data, when building or implementing AI systems, and when advising on robotization and automation etc.
• Ability to design privacy protocols to ensure data is protected and used for legitimate purposes without unnecessary privacy risks.

Business Direction and Strategy – System Thinking

• Ability to use objective problem analysis and judgement to understand how interrelated elements coexist within an overall process or system, and to consider how altering one element can impact on other parts of the system

Business Management – Portfolio Management

• Ability to select, prioritise and control the organizations programmes and projects, in line with its strategic objectives and capacity; ability to balance the implementation of change initiatives and the maintenance of business-as-usual, while optimising return on investment

Required Skills and ExperienceEducation:

• Advanced university degree (Master’s degree or equivalent) in Information Systems, Computer Science, Law, Business Administration, Accounting and Finance, Security Management, Information Systems Management, Criminal Justice or related field is required; OR
• A first-level university degree (Bachelor’s degree) in the above-mentioned fields of study, in combination with an additional two years of qualifying experience will be given due consideration in lieu of the advanced university degree.

Experience:

• Minimum 10 years (with Master’s degree) or 12 years (with Bachelor’s degree) of professional work experience in private sector corporate Cyber security or a related public sector organization with increasing levels of management responsibility is required.
• Additional professional qualification(s) in information security, such as CISSP, CISA, CISM certification, along with strong technical (ICT) security skills and demonstrable experience in the design/Implementation of secure IT environments are a must.
• Experienced in implementing and/or auditing information security programmes based on ISO 27000 or other IT security standards is highly desirable.
• At least 7 years of direct experience in a significant leadership role is desired.
• Demonstrated experience and exposure in the international IT security arena dealing with security-related issues is desired.
• Experience in COBIT and ITIL will be considered as an asset.

Language:

• Fluency in English is required.
• Fluency in other UN official language is desired.

Please note that continuance of appointment beyond the initial 12 months is contingent upon the successful completion of a probationary period.DisclaimerUnder US immigration law, acceptance of a staff position with UNDP, an international organization, may have significant implications for US Permanent Residents. UNDP advises applicants for all professional level posts that they must relinquish their US Permanent Resident status and accept a G-4 visa, or have submitted a valid application for US citizenship prior to commencement of employment.UNDP is not in a position to provide advice or assistance on applying for US citizenship and therefore applicants are advised to seek the advice of competent immigration lawyers regarding any applications.

Expected salary

Location

New York

Job date

Thu, 16 May 2024 22:48:50 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (un-jobs.net) you saw this job posting.