Chief Information Security Officer - CISO

Job categories Information Security

Vacancy code VA/2022/HQ/24647

Level ICS-11

Department/office Headquarters

Duty station Copenhagen, Denmark

Contract type Fixed Term

Contract level P4

Duration One year initially, renewable subject to satisfactory performance and funding availability

Application period 16-Sep-2022 to 30-Sep-2022

Applications to vacancies must be received before midnight Copenhagen time (CET) on the closing date of the announcement.

Please note that UNOPS will at no stage of the recruitment process request candidates to make payments of any kind.

This vacancy is closed.

Apply

Expand all [+]

Background Information - Job-specific

The United Nations Office for Project Services (UNOPS) is an operational arm of the United Nations, supporting the successful implementation of its partners' peacebuilding, humanitarian and development projects around the world. Mandated as a central resource of the United Nations, UNOPS provides sustainable project management, procurement and infrastructure services to a wide range of governments, donors and United Nations organisations.

UNOPS Risk Unit, led by the Chief Risk Officer (CRO), is in charge of the enterprise-wide framework for risk management, internal control and information security and facilitating and overseeing its effective implementation across regions and functions. The CRO reports to the Chief Financial Officer and Director of Administration of UNOPS.

Under the overall guidance of the CRO, the CISO is responsible for shaping UNOPS approach to information security and related risks and associated responses. The CISO will collaborate closely with key stakeholders such as UNOPS leadership, corporate functions and regional organization. Key duty of the CISO is to ensure appropriate standards, mechanisms and improvement plans are in place to effectively manage information security and cyber risks to UNOPS operational performance, compliance and reputation. The CISO will be expected to:

Bring in proven expertise in implementing effective information security strategies and solutions fit to an industry, operating model, organizational culture and inherent risks within.
Partner with leadership to establish a holistic and integrated approach for managing information security risks to strategy and global portfolio delivery. Setting, reviewing, communicating and training related Policies and evaluating their effectiveness as well as driving their implementation. Establishing security KPIs and KRIs.
Using a risk-based approach, define information security priorities and enable decisions on risk tolerance and allocation of resources for control, mitigation, risk transfer and recovery.
Establish and manage capabilities to track and analyze current, emerging and future cyber threats and vulnerabilities, and recommend how to manage them effectively.
Drive a culture of openness and accountability, resulting in proactive risk escalation and effective mitigation with clear ownership allocation. Lead by example.
Ensure that sound governance is in place to continuously improve UNOPS security posture and benchmark it against relevant peers. Empower and train the organization on effective methods to take ownership over risk assessment, mitigation and continuity planning.
Provide advice and recommendations on managing information security threats and incidents. This includes helping to improve UNOPS systems, IT security practices, due diligence, crisis management and related enabling capabilities.
Provide leadership with timely reporting on information security risks, issues and mitigations and their implications to the organization. Ensure alignment with the overall risk management framework, reporting principles and expectations of UNOPS’s governing bodies
Provide assurance on the implementation of plans/recommendations, working closely with relevant stakeholders (such as Internal Control and Internal Audit). This includes verifying that controls work effectively: e.g. system vulnerabilities and security breaches can be detected and responded to effectively within a reasonable time frame.

Across the activities, raise awareness of and ensure alignment with applicable international standards for information security, risk management, business continuity and incident management.

Functional Responsibilities

Summary of functions: Strategic information security advice and insigh...

Summary of functions:

Strategic information security advice and insights
Capability building and communication
Information security management, assurance and oversight

Strategic information security advice and insights

Define the vision for an optimized information security capability, in line with UNOPS operational model, project portfolio, risk appetite, IT strategy,applicable regulation and international good practice standards.
Partner with leadership to establish a holistic and integrated approach for managing information security risks to UNOPS strategy and global portfolio delivery.
Review existing roadmaps to ensure they are in alignment with the vision and approach.
Identify and advise on mechanisms for driving the culture of accountability and information security becoming part of UNOPS organizational DNA.
Provide subject matter expertise into the UNOPS digitalization agenda, ensuring “security by design”.
Build business cases for security investments and manage associated budgets.

Capability building and communication

Forge collaborative relationships and partner with relevant senior stakeholders in order to:
- Grow awareness, capability and mechanisms for improving organizational security posture in relation to the threat landscape and maturity benchmarks.
- Support offices across the regions in assessing their maturity and addressing gaps identified. Transfer knowledge on good practice and related international standards.
- Build organizational resilience capability cross-functionally.
Be an advocate for the benefits of a risk-based approach, mapping of organizational assets and proactive threat assessment. Promote holistic security across people, processes, technology and human aspects and empower business units and employees to take ownership of their role in securing UNOPS.
Build a 24/7 Security Operations Center, and onboard an associated team of IS specialists.
Develop a security integration model by designating, training and coordinating cyber risk champions within the regional organization. Prepare and update an annual employee training and awareness plan, as well as induction training for new employees, on information security.
Provide innovative solutions to align, and where fit also integrate, 2nd and 3rd Line of Defense work plans, collecting synergies with e.g. Ethics, Risk Management, IT, Internal Control, Business Continuity Management, Insurance, Internal Audit and Investigations.
As part of UNOPS digitalization journey, establish continuous horizon scanning and control automation capabilities.
Maintain, update, and effectively share knowledge of good practice and relevant benchmarks/case studies with selected focus groups.
Recognise exemplary security behavior and address disciplinary action needs for information and system security breaches.
Leverage professional networks for knowledge sharing and benchmarking.
Grow personal and IS team’s competence, and ensure that everyone in the team has up-to-date skills through training and professional certifications.

Information security management, assurance and oversight

Work in collaboration with the regions and corporate functions (e.g. Partnerships, Implementation Practices & Standards and Integrated Practice Advice & Support) in embedding information security into engagement development, contracting and delivery. Support associated due diligence and identify de-risking and business growth opportunities.
Partner with relevant process owners to ensure embedding of information security standards, appropriate management approaches and reporting mechanisms. Propose corrective actions for non-compliance with information security Policies and monitor their implementation.
Act as lead expert on securing specific technology solutions and platforms including but not limited to Google Cloud Platform and ERP systems, and deploying dedicated security solutions (e.g. SIEM, DLP, MDM, IAM). Work closely with IT in ensuring that secure system development protocols and competences are effectively in place.
Provide advice on the application of international standards (e.g. ISO, NIST and COBIT).
Provide advice to a broad range of stakeholders on data classification, data loss prevention, asset inventory, security architecture, vulnerability management, patch management, incident and problem management related protocols, methods and tools.
Oversee the work of the Security Operations Center and its performance.
Ensure that phishing tests are performed regularly to verify awareness. Build associated initiatives working closely with the CRO and UNOPS communications team. Consult leadership for the most effective and appropriate communication strategy.
Continuously improve the organisation’s capacity to detect and respond to cyber attacks (multi-vector across technology, process, human and physical), including developing metrics to track the effectiveness of defensive capabilities.
Support reviewing, testing and improving business continuity and disaster recovery plans.
Address potential “false sense of security” through security testing (e.g. internal and external penetration testing, red & purple teaming and war-gaming), verifying that countermeasures work effectively across technology, people, processes and physical domains.
Maintain ongoing intelligence on the cyber threat landscape. Advice leadership on associated risks to operations. Use scenario analysis, case studies, bow ties and exposure quantification to articulate complex, technical themes in “business language”, enabling decision making.
Define information security risk metrics that “tell stories” to which business leaders can relate, moving beyond compliance and audit focused to a risk-driven approach to security.
Implement robust governance mechanisms for monitoring information security practices, surfacing risks, reporting them and monitoring progress in mitigating against them. Ensure timely risk and incident escalation that follows a threshold-based approach.
Oversee the implementation of information security related roadmaps and KPI achievement.
Provide assurance over the implementation of recommendations/improvements, including their effectiveness in addressing the information and system security threats.
Provide status updates of any open roadmap, audit and regulatory items.
Support Internal Audit in operating an effective IT Audit capacity that provides independent assurance over the effectiveness of Information Security Management System and management of key security risk exposures.
Optimize portfolio of service providers with accountability for quality assurance.

Competencies

Develops and implements sustainable business strategies, thinks long term and ex...

Develops and implements sustainable business strategies, thinks long term and externally in order to positively shape the organization. Anticipates and perceives the impact and implications of future decisions and activities on other parts of the organization.

Treats all individuals with respect; responds sensitively to differences and encourages others to do the same. Upholds organizational and ethical norms. Maintains high standards of trustworthiness. Role model for diversity and inclusion.

Acts as a positive role model contributing to the team spirit. Collaborates and supports the development of others. For people managers only: Acts as positive leadership role model, motivates, directs and inspires others to succeed, utilizing appropriate leadership styles.

Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first. Builds and maintains strong external relationships and is a competent partner for others (if relevant to the role).

Efficiently establishes an appropriate course of action for self and/or others to accomplish a goal. Actions lead to total task accomplishment through concern for quality in all areas. Sees opportunities and takes the initiative to act on them. Understands that responsible use of resources maximizes our impact on our beneficiaries.

Open to change and flexible in a fast paced environment. Effectively adapts own approach to suit changing circumstances or requirements. Reflects on experiences and modifies own behavior. Performance is consistent, even under pressure. Always pursues continuous improvements.

Evaluates data and courses of action to reach logical, pragmatic decisions. Takes an unbiased, rational approach with calculated risks. Applies innovation and creativity to problem-solving.

Expresses ideas or facts in a clear, concise and open manner. Communication indicates a consideration for the feelings and needs of others. Actively listens and proactively shares knowledge. Handles conflict effectively, by overcoming differences of opinion and finding common ground.

Education/Experience/Language requirements

Education: A Master’s degree in computer sciences, telecommunications,...

Background Information - UNOPS

UNOPS is an operational arm of the United Nations, supporting the successful imp...

Additional Considerations

Please note that the closing date is midnight Copenhagen time Applications ...

Contract type, level and duration

Contract type: staff Contract level: P4, ICS 11 Contract duration: One yea...

This vacancy is closed.

Apply

APPLICATION TIPS

How to send a good application:

TOGETHER, WE BUILD THE FUTURE

UNOPS – an operational arm of the United Nations – supports the achievement of the Sustainable Development Goals (SDGs) by successfully implementing its partners’ peacebuilding, humanitarian and development projects around the world.

Our mission is to help people build better lives and countries achieve peace and sustainable development.

We are proud of our people. The UNOPS family brings together approximately 160 nationalities, represented by over 5,000 UNOPS personnel as well as some 7,800 personnel recruited on behalf on our partners. Spread across 80 countries, our workforce is rich in diversity and culture – with inclusion at its core.

We understand the importance of balancing professional and personal demands and offer several flexible working options.

Explore what we offer here.