Information Security Senior Analyst (Tier 1)

Background Information and Organizational Context

UNOPS operating environment and projects are inherently risky. Furthermore, they are increasingly technology-enabled and data-intensive. This makes Risk Management and Information Security key elements to the way projects are delivered across the global organization and the way processes are digitized to better enable that.

The position is located in the Risk unit, part of a broader Strategy, Risk and Change Group placed directly under the Executive Office. The Risk unit is headed by UNOPS Chief Risk Officer (CRO) and currently covers the functions of Risk Management, Internal Control, Information Security, and Corporate Insurance. The Chief Information Security Officer (CISO), reporting to the CRO, leads the Information Security function to ensure consistent and high-quality information security management in support of risk management, strategy, projects, and assurance.

One of the priorities of the Information Security function is to establish a Security Operations Center (SOC) to continuously monitor the global information systems security posture, act as a clearing house for all generated security events, identify, analyse, investigate, and escalate security-related incidents to ensure the security and integrity of data and systems across the organization are always maintained. The SOC, by correlating data and leveraging actionable security intelligence in an ever-evolving cyber threat landscape, will enable stronger, faster, and more agile cyber threat monitoring, triage, and response capability.

Under the overall guidance of the SOC Manager, the Information Security Senior Analyst (Tier 1) will be responsible for managing the 24x7x365 predictive, continuous, and responsive protection centre, to defend against cybersecurity incidents, as well as identify, analyse, communicate, and contain these incidents when they do occur.

Information Security Direction and Advice

Work with the SOC Manager and the Information Security Specialist to develop, plan, and deliver a security program and projects aligned with the strategy and roadmap that address identified risks, and business security requirements.

• Monitor and report on compliance with security policies, as well as the enforcement of policies, and control effectiveness across the organization.

• Provides input on recommendations to existing policies and procedures to ensure security operation efficiency and regulatory compliance.

• Assist resource owners and technology staff in understanding and responding to security audit failures reported by auditors.

• Work with the Information Security, IT, and business stakeholders to define metrics and reporting strategies that effectively communicate the successes and progress of the security program.

• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

• Manage security projects and provide expert guidance on security matters for other projects.

Capability and Awareness Building

• Provide first responder forensics analysis and investigation.

• Perform incident response analysis uncovering attack vectors involving a variety of malware, data exposure, and phishing and social engineering methods.  

• Drives containment strategy during data loss or breach events.

• Participate in the remediation of incidents and responses that are generated from live threats against the organization.

• Monitor security events received through alerts from Security Information and Event Management (SIEM) or other security tools.

• Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs).

• Triage, assess, and resolve incidents, performing real-time analysis and managing workload during investigations/incidents.

• Carry out Level 1 triage of incoming Incidents (initial assessment of the priority of the event, initial determination of incident nature to determine risk and damage or appropriate routing of security or data protection request)

• Works directly with data asset owners and business response plan owners during high-severity incidents.

• Support/develop reports during and after incidents, which include all actions taken to properly mitigate, recover and return operations to normal operations.

• Support forensic investigators and application security analysts in reactive and proactive Threat-hunting engagements, performing endpoint, network, and log analysis.

• Tuning of security tools policy based on threat feeds, incidents, or vulnerabilities and exploits of downstream systems.

• Provide tuning recommendations to administrators based on findings during investigations or threat information reviews.

• Works with the SIEM and SOAR to manage/tune the system, create/manage the detection content and actively watch for alerts.

• Creates runbooks for frequently occurring incidents to automate the resolution of those cases.

• Coordinates response to computer security incidents according to the computer security incident response policy and procedures.

• Communicates investigation findings to relevant stakeholders to help improve the security posture.

• Validates and maintains incident response plans and processes to address potential threats.

• Compile and analyse data for management reporting and metrics.

• Performs root-cause analysis to document findings and participate in root-cause elimination activities as required.

• Provides users with incident response support, including support for mitigating activities.

• Research emerging threats and vulnerabilities to aid in the identification of incidents.

• Research recommends, evaluates, and supports the implementation of cybersecurity solutions that identify and/or protect against potential threats, and respond to security incidents.

Impact of Results

The effective and successful achievement of results by the incumbent directly affects UNOPS's ability to deliver against its mandate and protects UNOPS's reputation. The role is imperative to the effective management of information security risks, impacting the visibility and reputation of the UNOPS as an effective service provider in project services and management and consequently strengthen its competitive position as a partner of choice

• A bachelor’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is required. 
• A master’s degree preferably in business information systems, computer sciences, telecommunications, engineering, or a technology-related field is desirable.

• A minimum of 4 years of experience in Information Security, especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is required, if the highest education level is bachelor’s degree.
• A minimum of 2 years of experience in Information Security, especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is required, if highest education level is master’s degree.
• Experience in Security Information and Event Management (SIEM) and other security investigation tools is required (Google Chronicle SIEM is desirable).
• Good technical and trouble-shooting ability is required and must be evidenced in the candidate’s work experience.
• A good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc.) is required and must be evidenced in the candidate’s work experience.
• Knowledge of evidence recovery techniques, preservation of evidence integrity, and collection of system images, logs, and other critical components to discern possible mitigation/remediation of systems is desirable.

• Full working knowledge of English is required.
• Knowledge of another official UN language (Spanish and/or French) is desirable.

One or more of the following professional certifications would be considered an advantage.

• ISO 27001 Lead Implementer or Auditor

• CISSP, CCSP (or other ISC2 Certifications) 

• CISM, CISA, CRISC (or other ISACA Certifications)

• C|ND, C|EH (or other EC-Council Certifications)

• OSCP (or other Offensive Security certifications)

• GCIH, GCED (or other GIAC Certifications)

Contract type: ICA

• Please note that UNOPS does not accept unsolicited resumes.

• Applications received after the closing date will not be considered.

• Please note that only shortlisted candidates will be contacted and advance to the next stage of the selection process, which involves various assessments.

• UNOPS embraces diversity and is committed to equal employment opportunity. Our workforce consists of many diverse nationalities, cultures,  languages, races, gender identities, sexual orientations, and abilities. UNOPS seeks to sustain and strengthen this diversity to ensure equal opportunities as well as an inclusive working environment for its entire workforce. 

• Qualified women and candidates from groups which are underrepresented in the UNOPS workforce are encouraged to apply. These include in particular candidates from racialized and/or indigenous groups, members of minority gender identities and sexual orientations, and people with disabilities.

• We would like to ensure all candidates perform at their best during the assessment process.  If you are shortlisted and require additional assistance to complete any assessment, including reasonable accommodation, please inform our human resources team when you receive an invitation.

Terms and Conditions 

• For staff positions only, UNOPS reserves the right to appoint a candidate at a lower level than the advertised level of the post. 

• For retainer contracts, you must complete a few Mandatory Courses (they take around 4 hours to complete) in your own time, before providing services to UNOPS. For more information on a retainer contract here.

• All UNOPS personnel are responsible for performing their duties in accordance with the UN Charter and UNOPS Policies and Instructions, as well as other relevant accountability frameworks. In addition, all personnel must demonstrate an understanding of the Sustainable Development Goals (SDGs) in a manner consistent with UN core values and the UN Common Agenda.

• It is the policy of UNOPS to conduct background checks on all potential personnel. Recruitment in UNOPS is contingent on the results of such checks.