Information Security and Assurance Officer

Grade: P3

Vacancy no.: DC/INFOTEC/P/2024/01

Publication date: 12 April 2024

Application deadline (midnight Geneva time): 3 May 2024

Job ID: 11859

Department: INFOTEC

Organization Unit: ISAS

Location: Geneva

Contract type: Fixed Term

Contract duration: Until 31 December 2025

Under article 4.2, paragraph (e) of the Staff Regulations, the filling of technical cooperation vacancies does not fall under Annex I of the Staff Regulations and is made by direct selection by the Director-General.

In order to support the best informed process in the filling of the present vacancy by direct selection, the ILO invites interested candidates to submit their candidature online by the above date.

Technical cooperation appointments are not expected to lead to a career in the ILO and they do not carry any expectation of renewal or conversion to any other type of appointment in the Organization. A fixed-term contract until end December 2025 will be given. Extensions of technical cooperation contracts are subject to various elements including the following: availability of funds, continuing need of the functions and satisfactory conduct and performance.

The following are eligible to apply:

• ILO Internal candidates in accordance with paragraphs 31 and 32 of Annex I of the Staff Regulations.
• External candidates.

The ILO values diversity among its staff and welcomes applications from qualified female candidates. We also encourage applicants with disabilities. If you are unable to complete our online application form due to a disability, please send an email to ilojobs@ilo.org.

Introduction

The Information & Technology Management Department (INFOTEC) provides the technologies, data and systems necessary to support the ILO in successful delivery of its mandate to promote social justice, decent work, human rights and labour standards throughout the world.

INFOTEC is responsible for information management and utilization of technology for the ILO. INFOTEC provides modern, secure, and reliable IT infrastructure, technologies, applications and services to enable the ILO to effectively manage information and use technology to perform its mission.

The Information Security and Assurance Services Unit (ISAS):

• Works closely with the ILO's Internal Audit Office, Legal Department and Risk Manager to establish information security governance and risk management frameworks;
• Establishes information technology security policies and controls in compliance with widely recognized information security regulations and standards;
• Develops a strategic vision for the security program; ensures effective assignment and acceptance of information and technology security-related roles and responsibilities; and defines the ILO's enterprise information security architecture;
• Ensures effective identity and access management are implemented; controls security threats; conducts vulnerability assessments; organizes digital forensics; manages incident response; and establishes an IT security awareness program;
• Is led by the ILO's Chief Information Security Officer (CISO).

The Information Security and Assurance Officer reports directly to the Head of Information Security and Assurance Services unit, who provides technical and procedural guidelines and defines overall unit’s workplan and sets priorities aligned with departmental workplan and the ILO IT Strategy.

Description of Duties

• Develop new and maintain existing information security risk management decision support dashboards for business owners at the HQ, Field and Project Offices.
• Assist in information security risk assessments of existing and new information systems taking into account technical, procedural and organizational controls. This task may involve coordination with external commercial or public sector partners.
• Perform administrative activities to procure tools and services for information security awareness computer-based training and cybersecurity incident simulation tabletop exercises for the HQ, Field and Project Offices in collaboration with the HRD and external partners.
• Under the supervision of the unit chief, maintain Information Security Management System related documentation, and ensure its conformity with the ISO/IEC 27001 standard.
• Under the guidance of the unit chief, perform ISO 27001 readiness assessments, related gap analysis, and recommend improvements to meet standard requirements.
• Under the guidance of the unit chief, identify data flows required to implement integrated and automated monitoring and reporting on metrics relevant for information assurance and compliance with ILO information security and data protection policies.
• Contribute to information security incident response and maintain related documentation.

Education

Advanced university degree (Master’s or equivalent) in computer science or other closely related field. A first-level university degree (Bachelor’s or equivalent) in computer science or other closely related field plus 2 years of relevant experience in addition to the experience requested below may be accepted in lieu of an advanced university degree. A certification as ISO 27001 Lead Implementer is required.

Experience

At least five years of professional experience in the information security field, particularly in: information security risk assessments and data protection assessments in accordance with ISO 27001 standard requirements, in evaluating level of integration and effectiveness of information security controls within large projects through Business Impact Analysis, in information security incident response, in implementing and conducting information security awareness training, incident simulation exercises, and business continuity testing and training. Experience with international organizations would be an advantage.

Languages

Excellent knowledge of one working language of the Office (English, French or Spanish), and good working knowledge of another one.

Competencies

• Ability to work in a multicultural environment and gender-sensitive behaviour and attitudes are also required.
• Good communication skills, both written and verbal.
• Capacity to work on own initiative as well as cooperate as a team member.
• Ability to produce documentation and reports.

Conditions of employment

• Any appointment/extension of appointment is subject to ILO Staff Regulations and other relevant internal rules. Any offer of employment with the ILO is conditional upon certification by the ILO Medical Adviser that the person concerned is medically fit to perform the specific inherent requirements of the position offered. In order to confirm an offer from the ILO the successful candidate will be required to undergo a medical examination.
• Any extension of technical cooperation contracts are subject to various elements including the following: availability of funds, continuing need of the functions and satisfactory conduct and performance.

For more information on conditions of employment, please visit the ILO Jobs International Recruitment page.

Recruitment process

Please note that all candidates must complete an on-line application form. To apply, please visit ILO Jobs. The system provides instructions for online application procedures.

Applicants will be contacted directly if selected for a written test and/or an interview.

Depending on the location and availability of candidates, assessors and interview panel members, the ILO may use communication technologies such as Skype, Video or teleconference, e-mail, etc for the assessment and evaluation of candidates at the different stages of the recruitment process, including technical tests or interviews.

The ILO has zero tolerance for acts of sexual exploitation and abuse (SEA) and is determined to ensure that all staff members and all beneficiaries of ILO assistance do not suffer, directly or indirectly, from sexual exploitation and abuse.

To ensure that individuals with a substantiated history of SEA, sexual harassment or other types of abusive conduct are not hired by the Organisation, the ILO may conduct a background verification of candidates under consideration.

Fraud warning

The ILO does not charge any fee at any stage of the recruitment process whether at the application, interview, processing or training stage. Messages originating from a non ILO e-mail account - @ilo.org - should be disregarded. In addition, the ILO does not require or need to know any information relating to the bank account details of applicants.