Information Security Specialist

Support information security services and improve IT operations.

This opening expired 3 years ago. Do not try to apply for this job.

WHO - World Health Organization

Open positions at WHO
Logo of WHO

Application deadline 3 years ago: Wednesday 17 Aug 2022 at 21:59 UTC

Open application form

Overview

Support information security services and improve IT operations.

You have:

  • A bachelor’s degree in Computer Science, Information Technology Systems or in any other field related to the functions of the post from a recognized university.
  • Five years of combined national and international experience related to IT application/system deployment, Information Technology Operations, and/or Cybersecurity.
  • Postgraduate education/certifications in Cybersecurity would be an asset.
  • Very good knowledge of English or Spanish with a working knowledge of the other language.
  • Knowledge of IT security standards and controls (ISO 27001, NIST 800-53).
  • Demonstrated experience with Office 365 applications and collaboration platforms.
  • Demonstrated ability to conduct vulnerability analysis and web application scanning using Qualys.

Contract

This is a P-2 contract. This kind of contract is known as Professional and Director staff. It is normally internationally recruited only. It's a staff contract. It usually requires 2 years of experience, depending on education.

Salary

The salary for this job should be between 89,144 USD and 121,080 USD.

Salary for a P-2 contract in Washington D.C.

The international rate of 57,661 USD, with an additional 54.6% (post adjustment) at this the location, applies. Please note that depending on the location, a higher post adjustment might still result in a lower purchasing power.

Please keep in mind that the salary displayed here is an estimation by UN Talent based on the location and the type of contract. It may vary depending on the organization. The recruiter should be able to inform you about the exact salary range. In case the job description contains another salary information, please refer to this one.

More about P-2 contracts and their salaries.

OBJECTIVE OF THE OFFICE/DEPARTMENT

This requisition is for employment at the Pan American Health Organization (PAHO)/Regional Office of the World Health Organization (WHO)

Information Technology Services (ITS) provides leadership and direction in the deployment of information and communication technologies and systems to support the Pan American Health Organization, Regional Office of the Americas of the World Health Organization (PAHO/WHO), in carrying out its mandate. Furthermore, ITS establishes and maintains strategies, policies, standards and procedures to ensure the effective and efficient provision of information and communication services in a geographically dispersed environment.

DESCRIPTION OF DUTIES

Under the general supervision of the Director, Information Technology Services (ITS) and the direct supervision of the Information Security Advisor (ITS), the incumbent is responsible for, but not necessarily limited to, the following assigned duties:

  1. Provide support for the provision of information security services to the Organization; advise on InfoSec requirements, standards, best practices, controls, and compliance with industry frameworks;
  2. Provide strategies for the improvement of information technology operations related to access control, cybersecurity, and system and application updates; recommend new activities and changes to existing information security policies and procedures;
  3. Support the Information Security Advisor in the implementation and expansion of Information Security controls framework;
  4. Conduct vulnerability and risk analyses of PAHO systems and applications and liaise with IT Operations and business owners to ensure vulnerabilities are addressed within the agreed time periods; ensure the Information Security controls framework assessments are completed for PAHO applications; support ITS in conducting Information Security risk assessments of new software installation requests by other entities;
  5. Support the continuous improvement of the Managed Detection and Response (MDR) monitoring, analysis, and alerting processes; respond to incidents raised by the MDR and other monitoring tools such as Sentinel and Varonis;
  6. Conduct Information Security awareness activities; prepare awareness materials and campaigns;
  7. Coordinate the execution of penetration tests and external assessments;
  8. Assist in the creation of reports, presentations, security metrics and dashboards related to Information Security;
  9. Ensure PAHO Web security. Conduct application tests before new applications are assigned an entry in PAHO’s Domain;
  10. Monitor external cybersecurity risks and emerging threats, and coordinate with internal stakeholders to ensure a proper mitigation of such risks and threats; oversee compliance monitoring of vulnerability risk mitigating procedures;
  11. Support ITS Management in the IT Governance process by providing input of Information security risks present in the proposals, and their mitigation recommendations;
  12. Collaborate with other entities and external partners during daily information security operations;
  13. Perform other related duties, as assigned.

REQUIRED QUALIFICATIONS

Education****:

Essential: A bachelor’s degree in Computer Science, Information Technology Systems or in any other field related to the functions of the post from a recognized university.

Desirable: Postgraduate education/certifications in Cybersecurity would be an asset.

In the event that your candidature is retained for an interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. WHO, only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. PAHO will also use the databases of the Council for Higher Education Accreditation http://www.chea.org and College Navigator, found on the website of the National Centre for Educational Statistics, https://nces.ed.gov/collegenavigator to support the validation process.

Experience****:

Essential: Five years of combined national and international experience related to IT application/system deployment, Information Technology Operations, and/or Cybersecurity.

Desirable: Experience with incident management IT service management tools (e.g. TopDesk, ServiceNow) and with Intranet communications platform (e.g. SharePoint) to respond to incidents and maintain the Information Security website.

SKILLS****:

PAHO Competencies:

  • Overall attitude at work****: Maintains integrity and takes a clear ethical approach and stance; demonstrates a commitment to the Organization’s mandate and promotes the values of the Organization in daily work and behavior; is accountable for work carried out in line with own role and responsibilities; is respectful towards, and trusted by, colleagues and counterparts.
  • Teamwork****: Collaborate and cooperate with others. - Works collaboratively with team members and counterparts to achieve results; encourages cooperation and builds rapport; helps others when asked; accepts joint responsibility for the teams’ successes and shortcomings. Identifies conflicts in a timely manner and addresses them as necessary; understands issues from the perspective of others; does not interpret/ attribute conflicts to cultural, geographical or gender issues.
  • Respecting and promoting individual and cultural differences****: Relate well to diversity in others and capitalize on such diversity - Treats all people with dignity and respect. Relates well to people with different cultures, gender, orientations, backgrounds and/or positions; examines own behavior to avoid stereotypical responses; considers issues from the perspective of others and values their diversity.
  • Communication****: Express oneself clearly when speaking/Write effectively/Listen/Shares knowledge - Quality and quantity of communication targeted at audience. Listens attentively and does not interrupt other speakers. Adapts communication style and written content to ensure they are appropriately and accurately understood by the audience (e.g., power-point presentations, communication strategies, implementation plans). Shares information openly with colleagues and transfers knowledge, as needed.
  • Knowing and managing yourself: Manages stress/Invite feedback/Continuously learn - Remains productive even in an environment where information or direction is not available, and when facing challenges; recovers quickly from setbacks, where necessary. Manages stress positively; remains positive and productive even under pressure; does not transfer stress to others. Seeks feedback to improve knowledge and performance; shows self- awareness when seeking and receiving feedback; uses feedback to improve own performance. Seeks informal and/or formal learning opportunities for personal and professional development; systematically learns new competencies and skills useful for job; takes advantage of learning opportunities to fill competencies and skill gaps.
  • Producing Results****: Deliver quality results/Take responsibility - Produces high-quality results and workable solutions that meet clients’ needs. Works independently to produce new results and sets own timelines effectively and efficiently. Shows awareness of own role and clarifies roles of team members in relation to project’s expected results. Makes proposals for improving processes as required and takes responsibility for own work and/or actions, as necessary. Demonstrates positive attitude in working on new projects and initiatives. Demonstrates accountability for own success, as well as for errors; learns from experience.
  • Moving forward in a changing environment****: Propose change/Adapt to change - Suggests and articulates effective and efficient proposals for change as needed when new circumstances arise. Quickly and effectively adapts own work approach in response to new demands and changing priorities. Is open to new ideas, approaches and working methods; adjusts own approach to embrace change initiatives.

Technical Expertise:

  • Ability to work collaboratively with other departments and units, cross functional groups, SMEs, developers, IT System Administrators, and other stakeholders with excellent communicational skills.
  • Demonstrated ability to effectively manage Information Security controls in a Microsoft Cloud Environment.
  • Demonstrated experience with Azure Active Directory access control, multi-factor authentication, M365 Advanced Threat Protection, Microsoft Defender for Endpoint, Microsoft Defender for Cloud Apps, M365 Automated Investigation and Response, Microsoft Sentinel, and Varonis Data Advantage.
  • Demonstrated ability to conduct vulnerability analysis and web application scanning using Qualys.
  • Demonstrated ability to use Microsoft Sentinel for network traffic, system events logging, and Cybersecurity Incident Response.
  • Knowledge in IT application/system deployment, software lifecycle experience, including software selection, upgrades, and requirements elicitation, validation and tracking.
  • Knowledge of IT security standards and controls (ISO 27001, NIST 800-53).

Languages:

Very good knowledge of English or Spanish with a working knowledge of the other language. Knowledge of French and/or Portuguese would be an asset.

IT Skills:

Demonstrated experience with Office 365 applications and collaboration platforms. Demonstrated knowledge and experience working with the following programming languages and database technologies: C#, PHP, SQL Server, MySQL, JavaScript, HTML5/CSS.

REMUNERATION

Annual Salary****: (Net of taxes)

USD$49,254.00 post adjustment

Post Adjustment****: 54.1% of the above figure(s). This percentage is to be considered as indicative since variations may occur each month either upwards or downwards due to currency exchange rate fluctuations or inflation.

ADDITIONAL INFORMATION

This vacancy notice may be used to fill other similar positions at the same grade level****.

Any appointment/extension of appointment is subject to PAHO Staff Regulations, Staff Rules and e-Manual.

For information on PAHO please visit: http://www.paho.org

PAHO/WHO is an ethical organization that maintains high standards of integrity and accountability. People joining PAHO are required to maintain these standards both in their professional work and personal activities.

PAHO/WHO also promotes a work environment that is free from harassment, sexual harassment, discrimination, and other types of abusive behavior. PAHO conducts background checks and will not hire anyone who has a substantiated history of abusive conduct.

PAHO/WHO personnel interact frequently with people in the communities we serve. To protect these people, PAHO has zero tolerance for sexual exploitation and abuse. People who commit serious wrongdoing will be terminated and may also face criminal prosecution.

PAHO/WHO is committed to workforce diversity. PAHO/WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.

PAHO/WHO offers an attractive compensation package including an annual net salary and post adjustment, which reflects the cost of living in a particular duty station and exchange rates (subject to mandatory deductions for pension contributions and health insurance). Other benefits include: 30 days annual leave, dependency benefits, pension plan and health insurance scheme. Benefits for internationally recruited staff may include home leave, travel and removal expenses on appointment and separation, education grant for dependent children, assignment grant and rental subsidy.

Candidates appointed to an international post with PAHO are subject to mobility and may be assigned to any activity or duty station of the Organization throughout the world.

All applicants are required to complete an on-line profile to be considered for this post.

Candidates will be contacted only if they are under serious consideration. A written test and/or interview will be held for this post. The post description is the official documentation for organization purposes.

Potential interview questions

Can you describe a time when you had to handle a cybersecurity incident? We want to understand your practical experience with incident management. Provide a specific example, detailing your role and the actions taken.
How do you stay updated on the latest cybersecurity threats? This evaluates your initiative and commitment to ongoing learning in your field. Pro members can see the explanation.
What strategies would you suggest to improve our information security policies? Pro members can see the explanation. Pro members can see the explanation.
Describe your experience with vulnerability scanning tools like Qualys. Pro members can see the explanation. Pro members can see the explanation.
Can you give an example of how you've collaborated with other teams on cybersecurity issues? Pro members can see the explanation. Pro members can see the explanation.
Added 4 years ago - Updated 1 year ago - Source: who.int