The United Nations Volunteers (UNV) programme is administered by UNDP and follows all UNDP rules and regulations. UNV is the UN system common service that promotes volunteerism to support peace and development worldwide. Volunteerism can transform the pace and nature of development and it benefits both, society at large and the individual volunteer. UNV contributes to peace and development by advocating for volunteerism globally, encouraging partners to integrate volunteerism into development programming, and mobilizing volunteers.

UNV’s Management Services hold the responsibility for the strategic planning, managerial leadership, oversight, and quality control of an integrated platform of operational services ensuring timely, effective and efficient delivery according to corporate performance standards and in compliance with the UN Regulations and Rules and UNDP´s accountability framework.

The Information and Communication Technology Section (ICTS) is responsible for the running operations of all ICT on-premises and cloud datacenters, cloud platforms and services, business applications, corporate websites, helpdesk, videoconferences, security services, hardware, software, network, and telecommunications services. This includes application system analysis, design, development and maintenance, local and global telecommunication networks, commercial hardware and software installation and operation (at both desktop and network levels), internet, and email. ICTS is also providing network and support services to other UN Agencies in UN Bonn Campus. ICTS is working in close collaboration with UNDP ITM department.

• Developing solutions to automate cybersecurity tasks.
• Maintaining a variety of cloud-native security solutions, including but not limited to: Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), develop automation pipelines and custom scripts to reduce manual labor and minimize human error.
• Monitoring and evaluating events, alerts, and notifications from the cyber security infrastructure for indications of suspicious/unauthorized activity.
• Responding to detected or reported cyber security incidents.
• Monitoring vendor and industry alerts, warnings, and security advisories, and follow up with appropriate system and service owners within the organization to ensure that corresponding risks are mitigated.
• Promoting security best practices and plan security awareness trainings.
• Collaborate with development teams to integrate security best practices into all phases of the SDLC.
• Conduct security risk assessments, code reviews, and vulnerability assessments for UNV applications.
• Develop (where not exist) and enforce UNDP security policies, standards, training and guidelines for team members and staff.
• Perform threat modeling and security architecture reviews to identify potential risks.
• Coordinate vulnerability scans with provider(s).
• Coordinate “Red Teaming” exercises with all stakeholders.
• Ensure incident response readiness for all UNV services.
• Lead initiatives to improve overall UNV Cybersecurity posture, including automation of security testing.
• Keep an update inventory of UNV digital assets and make sure all measures are taken to make them available to legitimate authorized users and untampered with (Availability, Confidentiality, Integrity).
• Coach Application owners, Data owners, and Service owners on Backup and restore procedures and business continuity measures.
• Work closely with UNDP security team to implement ISO27001/2 Information Management certification for UNV.

The incumbent performs other duties within their functional profile as deemed necessary for the efficient functioning of the Office and the Organization.

 Institutional Arrangement

The ICT Analyst, Cybersecurity will work under the direct supervision of the Team Leader of ICT Infrastructure.

• Achieve Results: LEVEL 1: Plans and monitors own work, pays attention to details, delivers quality work by deadline
• Think Innovatively: LEVEL 1: Open to creative ideas/known risks, is pragmatic problem solver, makes improvements
• Learn Continuously:  LEVEL 1: Open minded and curious, shares knowledge, learns from mistakes, asks for feedback
• Adapt with Agility: LEVEL 1: Adapts to change, constructively handles ambiguity/uncertainty, is flexible
• Act with Determination: LEVEL 1: Shows drive and motivation, able to deliver calmly in face of adversity, confident
• Engage and Partner: LEVEL 1: Demonstrates compassion/understanding towards others, forms positive relationships
• Enable Diversity and Inclusion: LEVEL 1: Appreciate/respect differences, aware of unconscious bias, confront discrimination

• Ability to use objective problem analysis and judgement to understand how interrelated elements coexist within an overall process or system, and to consider how altering one element can impact on other parts of the system

Business Direction & Strategy- Effective Decision Making

• Take decisions in a timely and efficient manner in line with one’s authority, area of expertise and resources and take into consideration potential wider implications

Information Management & Technology – IT Security Management

• Knowledge of Cyber Security technologies, processes, techniques and tools. Apply practical innovations to solve cybersecurity problems. Capability to keep UNDP systems and data safe. Knowledge of ISO 27001, ISO 27701 and ISO 22301 principles. CSSIP, CISM, CISA or equivalent certification desirable

Digital & Innovation – Data governance

• Knowledge of data science, skills to develop data management tools, organize and maintain databases and operate data visualization technologies

Digital & Innovation – Digital identity & wellbeing

• Knowledge of issues around digital identity and digital wellbeing and the ability to advise safe/healthy practices in regards to these areas

Information Management & Technology – IT Customer Support

• Ability to support customers on IT related issues and generate and contribute to continuous improvement processes to deliver a great user experience. Knowledge of ISO 9001 desirable. ITIL of ISO 20000 certification or similar is desirable

• ISO20071 certification or similar.
• Participated-in or lead Threat Risk Assessments (TRA).

• Experience in the field of Cyber Threat Intelligence is desired.
• Operational experience working with threat detection and incident response systems is desired.
• Knowledge of international standards and best practices in cybersecurity, risk, and service management (ISO 27001:2022, 9001:2015, 20000:2011, 22301:2012, 27701:2020) is desired.
• Experience in providing security related training to users in the form of webinars is desired.
• UN work experience is desired.

• Fluency in English is required.
• Working knowledge of another UN language is desired.