Information Security Specialist (Security Operations Center Manager)

UNOPS operating environment and projects are inherently risky. Furthermore, they are increasingly technology-enabled and data-intensive. This makes Risk Management and Information Security key elements to the way projects are delivered across the global organization and the way processes are digitized to better enable that.

The position is located in the Risk unit, part of a broader Strategy, Risk and Change Group placed directly under the Executive Office. The Risk unit is headed by UNOPS Chief Risk Officer (CRO) and currently covers the functions of Risk Management, Internal Control, Information Security, and Corporate Insurance. The Chief Information Security Officer (CISO), reporting to the CRO, leads the Information Security function to ensure consistent and high-quality information security management in support of risk management, strategy, projects, and assurance.

One of the priorities of the Information Security function is to establish a Security Operations Center (SOC) to continuously monitor the global information systems security posture, act as a clearing house for all generated security events, identify, analyse, investigate, and escalate security-related incidents to ensure the security and integrity of data and systems across the organization are always maintained. The SOC, by correlating data and leveraging actionable security intelligence in an ever-evolving cyber threat landscape, will enable stronger, faster, and more agile cyber threat monitoring, triage, and response capability.

Under the overall guidance of the CISO, the Information Security Specialist (Security Operations Center Manager) is responsible for a variety of activities, including very tactical, operational, and strategic activities in support of the CISO's program initiatives, and overseeing the work of SOC specialists, analysts, engineers, and administrators.

Information Security Direction and Advice

Work with the Chief Information Security Officer (CISO) to develop, plan, and deliver a security program and projects aligned with the strategy and roadmap that address identified risks, and business security requirements.

• Monitor and report on compliance with security policies, as well as the enforcement of policies, and control effectiveness across the organization.

• Propose changes to existing policies and procedures to ensure security operation efficiency and regulatory compliance.

• Assist resource owners and technology staff in understanding and responding to security audit failures reported by auditors.

• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

• Serve as an active and consistent participant in the information security governance process.

• Work with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate the successes and progress of the security program.

• Provide support and guidance for legal and regulatory compliance efforts, including audit support.

• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

• Manage the day-to-day activities of threat and vulnerability management, identify risks, recommend treatment plans, and communicate information about residual risk.

• Manage security projects and provide expert guidance on security matters for other projects.

• Design, coordinate and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.

• Establish and work with a multidisciplinary team, including audit and risk, compliance, HR, legal, business process owners, IT, Security, and other internal stakeholders to establish and maintain a data protection program.

Capability and Awareness Building

• Plan, direct and control the Security Operations Center (SOC) functions and operations.

• Oversee and coordinate the activities of Security Operations Centre (SOC) personnel and implement security incident handling and response protocols. 

• Coach personnel on technical issues and verify that they follow policies to ensure all components are functioning optimally.

• Ensure the monitoring and analysis of incidents to protect people, information assets, technology and processes addressing all security incidents and ensuring timely escalation.

• Establish and maintain metrics that help provide a high level of productivity, supportability, and operational readiness while also participating in project planning activities such as Infrastructure enhancements and change management controls.

• Direct and manage the Cyber Intelligence capability to identify potential threats delivering strategic insights and initiatives to minimize the impact of cybersecurity threats.

• Provide first-line supervision to direct reports (i.e., security analysts, engineers, and administrators).

• Develop and administer SOC processes and review their application to ensure that SOC’s controls, policies, and procedures are operating effectively.

• Work with the Security Information and Event Management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts.

• Provide management oversight for the identification, triage and response of events or incidents.

• Reviews alerts and data from sensors, and documents formal, technical incident reports.

• Research emerging threats and vulnerabilities to aid in the identification of incidents.

• Provides incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.

• Produce and review aggregated Security Operations Center (SOC) performance reports.

• Organizes the day-to-day management of the CSIRT, including staffing, employee development, and other relevant management functions.

• Manage and increase the effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions.

• Play a significant role in long-term Security Operations Center (SOC) strategy and planning, including initiatives geared toward operational excellence.

Education

• A bachelor’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is required. 

• A master’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is desirable. This can substitute  2 years of required experience.

Experience

• A minimum of seven (7) years of total experience in IT, Information Security, or IT Security is required.

• Within the required experience, prior responsibility in managing a Security Operations Center (SOC) for an organization is required.

• Within the required experience, at least 3 years of experience with regulatory compliance and information security management frameworks (e.g., IS027000, COBIT, NIST 800, etc.) is desirable.

• In-depth knowledge and experience in Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) is required, (Google Chronicle SIEM & and SOAR experience is desirable)

• Experience in project management is desirable.

• Experience in crisis management is desirable.

Languages

• Full working knowledge of English is required.

• Knowledge of another official UN language (Spanish and/or French) is desirable.

One or more of the following professional certifications would be considered an advantage.

• ISO 27001 Lead Implementer or Auditor

• CISSP, CCSP (or other ISC2 Certifications) 

• CISM, CISA, CRISC (or other ISACA Certifications)

• C|ND, C|EH (or other EC-Council Certifications)

• OSCP (or other Offensive Security certifications)

• GCIH, GCED (or other GIAC Certifications)

The following or any other relevant professional certifications are desirable. 

• Project Management (PMP, Prince2)

• ISO/IEC 20000 IT Service Management

• Information Technology Infrastructure Library (ITIL)

Contract type: ICA

• Please note that UNOPS does not accept unsolicited resumes.

• Applications received after the closing date will not be considered.

• Please note that only shortlisted candidates will be contacted and advance to the next stage of the selection process, which involves various assessments.

• UNOPS embraces diversity and is committed to equal employment opportunity. Our workforce consists of many diverse nationalities, cultures,  languages, races, gender identities, sexual orientations, and abilities. UNOPS seeks to sustain and strengthen this diversity to ensure equal opportunities as well as an inclusive working environment for its entire workforce. 

• Qualified women and candidates from groups which are underrepresented in the UNOPS workforce are encouraged to apply. These include in particular candidates from racialized and/or indigenous groups, members of minority gender identities and sexual orientations, and people with disabilities.

• We would like to ensure all candidates perform at their best during the assessment process.  If you are shortlisted and require additional assistance to complete any assessment, including reasonable accommodation, please inform our human resources team when you receive an invitation.

Terms and Conditions 

• For staff positions only, UNOPS reserves the right to appoint a candidate at a lower level than the advertised level of the post. 

• For retainer contracts, you must complete a few Mandatory Courses (they take around 4 hours to complete) in your own time, before providing services to UNOPS. For more information on a retainer contract here.

• All UNOPS personnel are responsible for performing their duties in accordance with the UN Charter and UNOPS Policies and Instructions, as well as other relevant accountability frameworks. In addition, all personnel must demonstrate an understanding of the Sustainable Development Goals (SDGs) in a manner consistent with UN core values and the UN Common Agenda.

• It is the policy of UNOPS to conduct background checks on all potential personnel. Recruitment in UNOPS is contingent on the results of such checks.