Information Security Senior Analyst (Tier 2 & 3)

Contract

This is a IICA-1 contract. This kind of contract is known as International Individual Contractor Agreements. It is normally internationally recruited only. It's an external contract. It usually requires 2 years of experience, depending on education. More about IICA-1 contracts.

Background Information - Job-specific

Background Information and Organizational Context UNOPS operating environment and projects are inherently risky. Furthermore, they are increasingly technology-enabled and data-intensive. This makes Risk Management and Information Security key elements to the way projects are delivered across the global organization and the way processes are digitized to better enable that.

The position is located in the Risk unit, part of a broader Strategy, Risk and Change Group placed directly under the Executive Office. The Risk unit is headed by UNOPS Chief Risk Officer (CRO) and currently covers the functions of Risk Management, Internal Control, Information Security, and Corporate Insurance. The Chief Information Security Officer (CISO), reporting to the CRO, leads the Information Security function to ensure consistent and high-quality information security management in support of risk management, strategy, projects, and assurance.

One of the priorities of the Information Security function is to establish a Security Operations Center (SOC) to continuously monitor the global information systems security posture, act as a clearing house for all generated security events, identify, analyse, investigate, and escalate security-related incidents to ensure the security and integrity of data and systems across the organization are always maintained. The SOC, by correlating data and leveraging actionable security intelligence in an ever-evolving cyber threat landscape, will enable stronger, faster, and more agile cyber threat monitoring, triage, and response capability.

Under the overall guidance of the SOC Manager, the Information Security Senior Analyst (Tier 2 & 3) will be responsible for managing the 24x7x365 predictive, continuous, and responsive protection centre, to defend against cybersecurity incidents, as well as identify, analyse, communicate, and contain these incidents when they do occur.

Functional Responsibilities

Information Security Direction and Advice

Work with the SOC Manager and Security Information Specialist to develop, plan, and deliver a security program and projects aligned with the strategy and roadmap that address identified risks, and business security requirements.

• Monitor and report on compliance with security policies, as well as the enforcement of policies, and control effectiveness across the organization.
• Provide input for policy change recommendations and procedures to ensure security operation efficiency and regulatory compliance.
• Assist resource owners and technology staff in understanding and responding to security audit failures reported by auditors.
• Work with the Information Security, IT, and business stakeholders to define metrics and reporting strategies that effectively communicate the successes and progress of the security program.
• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
• Manage security projects and provide expert guidance on security matters for other projects.

Capability and Awareness Building

• Perform incident response analysis uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.
• Participate in the remediation of incidents and responses that are generated from live threats against the organization.
• Monitor security events received through alerts from Security Information and Event Management (SIEM) or other security tools.
• Works with the Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) to manage/tune the system, create/manage the detection content and actively watch for alerts.
• Conducts network monitoring and intrusion detection analysis using various computer network defense tools, and host-based security systems.
• Conducts log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
• Carry out Level 2 triage of incoming Incidents (initial assessment of the priority of the event, initial determination of incident nature to determine risk and damage or appropriate routing of security or data protection request)
• Supports/develops reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.
• Support forensic investigators and application security analysts in reactive and proactive threat-hunting engagements, performing endpoint, network, and log analysis.
• Reviews alerts and data from sensors, and documents formal, technical incident reports.
• Triages and assesses the risk of incidents, performing real-time analysis and managing workload during investigations/incidents.
• Creates runbooks for frequently occurring incidents to automate or at least assist with the resolution of those cases.
• Coordinates response to computer security incidents according to the computer security incident response policy and procedures.
• Communicates investigation findings to relevant business units to help improve the information security posture.
• Validates and maintains incident response plans and processes to address potential threats.
• Works with threat intelligence and/or threat-hunting teams
• Compiles and analyses data for management reporting and metrics.
• Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.
• Provides users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
• Research emerging threats and vulnerabilities to aid in the identification of incidents.
• Implements or coordinates remediation required by audits, and documents exceptions as necessary.
• Performs system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines.
• Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems.
• Applies patches where appropriate and, removes or mitigates known control weaknesses, as a means of hardening systems in accordance with security policies and standards.
• Develops and maintains documentation for security systems and procedures.
• Research recommends, evaluates, and implements cybersecurity solutions that identify and/or protect against potential threats, and respond to security violations.

Impact of Results

The effective and successful achievement of results by the incumbent directly affects UNOPS's ability to deliver against its mandate and protects UNOPS's reputation. The role is imperative to the effective management of information security risks, impacting the visibility and reputation of the UNOPS as an effective service provider in project services and management and consequently strengthen its competitive position as a partner of choice.

Education/Experience/Language requirements

Education

• A bachelor’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is required.
• A master’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is desirable.

Experience

• A minimum of 4 years of experience in Information Security, especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is required, if education level is bachelor’s degree.
• A minimum of 2 years of experience in Information Security, especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is required, if education level is master’s degree.
• Experience in Security Information and Event Management (SIEM) and other security investigation tools is required (Google Chronicle SIEM is desirable).
• Good technical and trouble-shooting ability is required and must be evidenced in the candidate’s work experience.
• A good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc.) is required and must be evidenced in the candidate’s work experience.
• Knowledge of evidence recovery techniques, preservation of evidence integrity, and collection of system images, logs, and other critical components to discern possible mitigation/remediation of systems is desirable.

Languages

• Full working knowledge of English is required.
• Knowledge of another official UN language (Spanish and/or French) is desirable.

Certifications

One or more of the following professional certifications would be considered an advantage.

• ISO 27001 Lead Implementer or Auditor
• CISSP, CCSP (or other ISC2 Certifications)
• CISM, CISA, CRISC (or other ISACA Certifications)
• C|ND, C|EH (or other EC-Council Certifications)
• OSCP (or other Offensive Security certifications)
• GCIH, GCED (or other GIAC Certifications)

Competencies

Treats all individuals with respect; responds sensitively to differences and encourages others to do the same. Upholds organizational and ethical norms. Maintains high standards of trustworthiness. Role model for diversity and inclusion.

Acts as a positive role model contributing to the team spirit. Collaborates and supports the development of others. For people managers only: Acts as positive leadership role model, motivates, directs and inspires others to succeed, utilizing appropriate leadership styles. Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first. Builds and maintains strong external relationships and is a competent partner for others (if relevant to the role). Efficiently establishes an appropriate course of action for self and/or others to accomplish a goal. Actions lead to total task accomplishment through concern for quality in all areas. Sees opportunities and takes the initiative to act on them. Understands that responsible use of resources maximizes our impact on our beneficiaries. Open to change and flexible in a fast paced environment. Effectively adapts own approach to suit changing circumstances or requirements. Reflects on experiences and modifies own behavior. Performance is consistent, even under pressure. Always pursues continuous improvements. Evaluates data and courses of action to reach logical, pragmatic decisions. Takes an unbiased, rational approach with calculated risks. Applies innovation and creativity to problem-solving. Expresses ideas or facts in a clear, concise and open manner. Communication indicates a consideration for the feelings and needs of others. Actively listens and proactively shares knowledge. Handles conflict effectively, by overcoming differences of opinion and finding common ground.

Contract type, level and duration

Contract type: ICA Contract level: ICS-9, IICA-1 Contract duration: Open-ended, subject to organizational requirements, availability of funds and satisfactory performance.

For more details about the ICA contractual modality, please follow this link: https://www.unops.org/english/Opportunities/job-opportunities/what-we-offer/Pages/Individual-Contractor-Agreements.aspx

Additional Information

• Please note that UNOPS does not accept unsolicited resumes.
• Applications received after the closing date will not be considered.
• Please note that only shortlisted candidates will be contacted and advance to the next stage of the selection process, which involves various assessments.
• UNOPS embraces diversity and is committed to equal employment opportunity. Our workforce consists of many diverse nationalities, cultures, languages, races, gender identities, sexual orientations, and abilities. UNOPS seeks to sustain and strengthen this diversity to ensure equal opportunities as well as an inclusive working environment for its entire workforce.
• Qualified women and candidates from groups which are underrepresented in the UNOPS workforce are encouraged to apply. These include in particular candidates from racialized and/or indigenous groups, members of minority gender identities and sexual orientations, and people with disabilities.
• We would like to ensure all candidates perform at their best during the assessment process. If you are shortlisted and require additional assistance to complete any assessment, including reasonable accommodation, please inform our human resources team when you receive an invitation.

Terms and Conditions

• For staff positions only, UNOPS reserves the right to appoint a candidate at a lower level than the advertised level of the post.
• For retainer contracts, you must complete a few Mandatory Courses (they take around 4 hours to complete) in your own time, before providing services to UNOPS. For more information on a retainer contract here.
• All UNOPS personnel are responsible for performing their duties in accordance with the UN Charter and UNOPS Policies and Instructions, as well as other relevant accountability frameworks. In addition, all personnel must demonstrate an understanding of the Sustainable Development Goals (SDGs) in a manner consistent with UN core values and the UN Common Agenda.
• It is the policy of UNOPS to conduct background checks on all potential personnel. Recruitment in UNOPS is contingent on the results of such checks.