IT Assistant (Cybersecurity Analyst)

Result of Service The IC will be required to provide the following:

• Linux and Windows computing platform devices, network audit report
• Clear, concise and timely vulnerability assessment report, risk assessment report, BCP and DR plan, playbooks
• Compliance and assurance against enterprise standards and international standard such as ISO27001 or NIST 800 series

• Secure, resilient and scalable core infrastructure, cloud infrastructure, mobile and endpoints, and web applications

  Work Location UN-House ESCWA

  Expected duration 6 Months

  Duties and Responsibilities Under the overall guidance of the Chief, ICTS, and direct supervision by the Head of Cloud, Infrastructure and Cybersecurity Unit, the IT Assistant (Cybersecurity Analyst) will perform the following tasks:

• Assist in defining and executing cybersecurity roadmap to improve cybersecurity controls and compliance objectives.

• Assist and manage the deployment, implementation, operation, support and maintenance of the Information Security Management System (ISMS) based on ISO 27000 series standards.
• Assist to implement enterprise security policies and standards in cloud environment.
• Collaborate with internal and external entities in obtaining and maintaining ISO 27001 certification.
• Support development, implementation, and maintenance of cybersecurity playbooks, runbooks, procedures and guidelines.
• Assist in the development, maintenance and implementation of enterprise policies and procedures related to cybersecurity
• Collaborate with software developers to ensure the appropriate security requirements are embedded in the correct phases of development.
• Working closely with software developers to improve development cycles, audit and automate release processes and then coordinate with operations to implement pushes and changes
• Assist in annual cybersecurity assessment process and all resulting remediation projects.
• Participate in systems security evaluations and review including development of systems security plans, implementation and maintenance of risk assessments, management of certification and accreditations of systems and security categorizations.
• Identify & communicate vulnerabilities & risks and propose controls and procedures to mitigate them.
• Support in coordination and preparation of formal responses to IT security inquires from internal and external authorities.
• Assist to develop, coordinate, evaluate, and maintain a comprehensive business continuity and disaster recovery plan.
• Conduct threat research and perform periodic risk assessments & penetration tests or security audits.
• Respond to incident investigations, perform triage activities, and utilize structured methodologies to prevent, detect respond to threats.
• Support control and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls, and recommends remedial action
• Audit the configuration of systems and network devices to ensure adherence to security best practices
• Monitor various equipment logs and network traffic to identify suspicious activity and then performs corrective action
• Perform assessments and design reviews to provide risk assurance over existing and future solutions

• Support cybersecurity monitoring and incident response activities

  Qualifications/special skills A Bachelor's degree in computer engineering or related area is required.

All candidates must submit a copy of the required educational degree. Incomplete applications will not be reviewed. A minimum of five years of consulting related work experience in two or more of the following areas: Application security, Information systems security, Network security, IT security auditing, Information security risk assessment or risk management is required.

Languages Languages English and French are the working languages of the United Nations Secretariat; and Arabic is a working language of ESCWA.

For this position, fluency in English is required.

Note: “Fluency” equals a rating of ‘fluent’ in all four areas (speak, read, write, and understand) and “Knowledge of” equals a rating of ‘confident’ in two of the four areas.

No Fee THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.