UNIDO Jobs – Information Security Consultant (Home-Based) – Jobs In Zambia

Job Title: Information Security Consultant (Home-Based)

Organization: United Nations Industrial Development Organization (UNIDO)

​​Requisition ID: 1059
Grade: ISA-Specialist
Duty Station: Home-based in Vienna, Austria
Category: International Consultant
Type of job Posting: Internal and External
Employment Type: NonStaff-When Act. Employed

Duration of Contract: 60 working days
Application deadline: 20-Sep-2022

Vacancy Announcement: Temporary Appointment of Project Personnel
Female candidates are particularly encouraged to apply.

ORGANIZATIONAL CONTEXT

The United Nations Industrial Development Organization (UNIDO) is the specialized agency of the United Nations that promotes industrial development for poverty reduction, inclusive globalization and environmental sustainability. The mission of UNIDO, as described in the Lima Declaration adopted at the fifteenth session of the UNIDO General Conference in 2013 as well as the Abu Dhabi Declaration adopted at the eighteenth session of UNIDO General Conference in 2019, is to promote and accelerate inclusive and sustainable industrial development (ISID) in Member States. The relevance of ISID as an integrated approach to all three pillars of sustainable development is recognized by the 2030 Agenda for Sustainable Development and the related Sustainable Development Goals (SDGs), which will frame United Nations and country efforts towards sustainable development. UNIDO’s mandate is fully recognized in SDG-9, which calls to “Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation”. The relevance of ISID, however, applies in greater or lesser extent to all SDGs. Accordingly, the Organization’s programmatic focus is structured in four strategic priorities: Creating shared prosperity; Advancing economic competitiveness; Safeguarding the environment; and Strengthening knowledge and institutions.

Each of these programmatic fields of activity contains a number of individual programmes, which are implemented in a holistic manner to achieve effective outcomes and impacts through UNIDO’s four enabling functions: (i) technical cooperation; (ii) analytical and research functions and policy advisory services; (iii) normative functions and standards and quality-related activities; and (iv) convening and partnerships for knowledge transfer, networking and industrial cooperation. Such core functions are carried out in Departments/Offices in its Headquarters, Regional Offices and Hubs and Country Offices.

The Directorate of Corporate Services and Operations (COR), is responsible and accountable for the management of UNIDO’s human, financial and material resources, ensuring the capacity of the Organization to fulfil its mandate. The Directorate oversees a full range of financial, human resources, learning and staff development, procurement, information technology and general services to meet the service support needs of the Organization as a whole. Additionally, the Directorate houses the Gender Equality and Empowerment of Women Unit and the Ethics and Accountability Unit as well as oversees their operations. Furthermore, the Directorate provides guidance on personnel security and safety matters and ensures the overall coordination of UNIDO’s response in this regard.

This position is located under the Information Technology and Digitalization Services (COR/DIG), which focuses on enabling the Organization through new and innovative digital technologies, while ensuring secure, reliable, effective and efficient information technology (IT) services towards the achievement of strategic objectives and UNIDO’s ISID mandate. IT services includes the management and development of web, digital and business solutions; maintaining a robust data center and infrastructure; managing the cybersecurity programme, providing efficient end-user solutions and support; ensuring knowledge management; data-driven analytics and business intelligence; and platforms for enabling transparent external relations with Member States, partners and civil society.

COR/DIG is responsible for the management and implementation of IT and digitization strategies and solutions, for setting and enforcing common IT standards and best practices throughout UNIDO and managing corporate IT services. In close cooperation with the Coordination and Integration Support Division (IET/CIS) and the Quality, Impact and Accountability (IET/QUA) Division, COR/DIG will ensure from an operational and technical perspective, that applications and systems are implemented in an integrated, sustainable and secure manner following best practices, and providing value-added for the Organization based on cost-benefit considerations in pursuit of the principles of Result-Based Management and delivering overall continuous improvement of the Organization’s operations. Furthermore, it coordinates a Service Desk, which is the single point of contact for requests from the UNIDO workforce positioned at both Headquarters and the field.

PROJECT CONTEXT

UNIDO seeks an expert to assist in the development and implementation of a formal management system to address its needs for the protection of information. UNIDO has identified that the requirements for an appropriate Information Security Management System (ISMS) are clearly articulated in the international standard ISO/IEC 27000 series. UNIDO does not wish, at this time, to achieve certification to the international standard. However, it does wish to be compliant with the requirements.

The expert should define, draft and promote the establishment and adoption of an ISMS that includes within its scope UNIDO’s core business processes and key information assets. The ISMS must enable UNIDO to further protect the information it creates and manages, to more effectively adapt, and respond to changes in information and security technologies and threats to UNIDO in the years to come.

UNIDO has the same information security needs of any enterprise organization. These confidentiality requirements are generic and based on good security practices by protecting data of staff records, official public website as well as routine administrative information. The ISMS must effectively address the relevant aspects of information and IT security at UNIDO, in comparison to the sector of not for profit organizations. In general, this is a “clean slate” environment about information and IT security. UNIDO currently has little information security controls in the form of policies, procedures, processes, technologies and systems and is actively working on the creation of a minimum required aspects of an ISMS. The development of UNIDO ISMS shall create and implement the new components required, and shall also take into consideration the existing components and, as appropriate, adapt and integrate or replace them.

The services have to be delivered in a high quality business English (translation into other languages is not within scope of this engagement), and anticipates that deliverables will include formal written materials, presentations and assessments as well as management briefings.

The selection of a suitable consultant will be based upon experience in successfully implementing ISMS according to ISO/IEC 27000 series. The engagement will take place at its Headquarters in Vienna, Austria.

Main duties	Duration*	Concrete / measurable outputs to be achieved
Develop and formally document an ISMS framework and associated management processes, based on ISO 27000 series requirements and guidance. Identify and document the information security roles, responsibilities and communication lines including ISMS roles descriptions and reporting structure. Perform an initial information security risk assessment and propose a risk mitigation plan. Describe the expected relationship with UNIDO Office of Internal Oversight (IOD), as well as collaboration between different organizational departments and divisions. Identify and document mechanisms or processes for the integration of ISMS related processes. Develop an ISMS performance management and improvement process that provides the monitoring and self-assessment; measuring, responding and improving effectiveness including the use of metrics and key performance indicators (KPI); reporting and review process for tactical response; reporting and review process for senior management.	55 days	Develop ISMS documentation (policy, procedures, guidelines etc.), aligned with ISO 27000 series and the organizational context. A report with the information security risks, as a result of the initial risk assessment and a proposed mitigation plan. Proposal for a dashboard for monitoring and reporting of Information Security related KPIs, reporting lines and presentation structure on information security.
Develop ISMS training materials and conduct workshops for all ISMS roles, such as: IT System Administrators, System Owners, senior management and regular users.	5 days	Training and awareness material developed. Internal workshops conducted.

* Estimate, and may differ from lapsed time due to scheduling and availability of stakeholders.

MINIMUM ORGANIZATIONAL REQUIREMENTS

Education: Advanced university degree in Information Technology, Information Security, Information Management or other relevant discipline with specialization in Computer Science, is required.

Technical and Functional Experience:

Requirements:

• A minimum of five (5) years working experience in roles relating to implementation or operation of an ISMS based on ISO 27000 series;
• Experience in roles related to security governance, risk and compliance;
• Development and optimization of policies and other security-relevant documents;
• Developing and improving procedures to comply with ISO27001;
• Performing information security risk assessments and developing mitigation plans;
• Relevant certifications in security such as CISSP, CISA, CISM, GCCC, GSTRT, GISP, GLEG, GSNA or equivalent;
• Relevant certifications related to ISO 27001, such as ISO27001 Lead Implementer, ISO27001 Lead Auditor, ISO27001 Foundation or equivalent.

Desirables:

• Development and maintenance of the information security controls framework including the mapping of information security controls to applicable controls within various standards;
• Demonstrable experience in building relationships across the organisation to develop buy-in to information security matters;
• Developing security strategies and roadmaps for large organizations;
• Extensive familiarity with the ISO 27000 series and in helping organizations achieve ISO 27001 certification;
• Experience in business sectors, such as, international organizations, NGOs, development agencies;
• Knowledge in the areas of data protection.

Languages: Fluency in written and spoken English is required. Fluency and/or working knowledge of another official UN language is desirable.

REQUIRED COMPETENCIES

Core Values
WE LIVE AND ACT WITH INTEGRITY: work honestly, openly and impartially.

WE SHOW PROFESSIONALISM: work hard and competently in a committed and responsible manner.

WE RESPECT DIVERSITY: work together effectively, respectfully and inclusively, regardless of our differences in culture and perspective.

Key Competencies
WE FOCUS ON PEOPLE: cooperate to fully reach our potential –and this is true for our colleagues as well as our clients. Emotional intelligence and receptiveness are vital parts of our UNIDO identity.

WE FOCUS ON RESULTS AND RESPONSIBILITIES: focus on planning, organizing and managing our work effectively and efficiently. We are responsible and accountable for achieving our results and meeting our performance standards. This accountability does not end with our colleagues and supervisors, but we also owe it to those we serve and who have trusted us to contribute to a better, safer and healthier world.

WE COMMUNICATE AND EARN TRUST: communicate effectively with one another and build an environment of trust where we can all excel in our work.

WE THINK OUTSIDE THE BOX AND INNOVATE: To stay relevant, we continuously improve, support innovation, share our knowledge and skills, and learn from one another.

This appointment is limited to the specified project(s) only and does not carry any expectation of renewal.
Employees of UNIDO are expected at all times to uphold the highest standards of integrity, professionalism and respect for diversity, both at work and outside.
Only persons who fully and unconditionally commit to these values should consider applying for jobs at UNIDO.

All applications must be submitted online through the Online Recruitment System. Correspondence will be undertaken only with candidates who are being considered at an advanced phase of the selection process. Selected candidate(s) may be required to disclose to the Director General the nature and scope of financial and other personal interests and assets in respect of themselves, their spouses and dependents, under the procedures established by the Director General.

Visit the UNIDO website for details on how to apply: www.unido.org
NOTE: The Director General retains the discretion to make an appointment to this post at a lower level.

Notice to applicants:
UNIDO does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. If you have received a solicitation for the payment of a fee, please disregard it. Vacant positions within UNIDO are advertised on the official UNIDO website. Should you have any questions concerning persons or companies claiming to be recruiting on behalf of UNIDO and requesting payment of a fee, please contact: recruitment@unido.org

Apply now »

See also:

The UN Staff Categories

UN Pay and Benefits