Vacancy Notice No. 2013/111
Position and Grade:
IT Security Engineer (P-2)
Organizational Unit:
Security Systems Unit Infrastructure Services Section Division of Information Technology Department of Management
Duty Station:
Vienna, Austria
Issue Date:
7 November 2013
Application Deadline:
5 December 2013
Type/Duration of Appointment:
Fixed term, 3 years (subject to a probationary period of 1 year)
The Department of Management (MT) provides a 'platform of services' that serves as a foundation for the successful delivery of the IAEA's scientific and technical programmes. Its mission statement is as follows: 'MT is a partner and a business enabler that champions change and efficiency, leveraging a common purpose'. Thus, among other support activities, it assists a scientific manager in recruiting the right expert, helps a technical officer coordinate the purchase of radiation equipment, works with the press to help clarify the technically complex work of the IAEA, and ensures that all Board documents are translated and distributed on a timely basis to Member States.
The Division of Information Technology (MTIT) provides support to the IAEA in the field of ICT (information and communication technology), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises state-of-the art hardware and software platforms in a partially decentralized environment. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices. The Infrastructure Services Section is responsible for administering the central IT servers and virtualization platforms, providing secured services and managing the data centre which are run in compliance with best practices defined by international standards, in particular ITIL and ISO 27001.
Main purpose
The purpose of the post is to help the IAEA information and communication technology services define and create repeatable and consistent processes to strengthen IAEA information security. The IT Security Engineer participates in the development and delivery of a comprehensive IT security program for the IAEA. He/she also participates in implementation of IT security projects, and the administration and verification of security controls as well as in technical investigations following possible security incidents.
Role
The IT Security Engineer is (a) a technical specialist supporting the design and formulation of security measures, procedures and standards on all aspects of IT security; (b) a solution provider, coordinating service delivery; (c) a team member actively involved in planning, implementing, testing and deployment of IT security systems; and (d) a security incident handler.
Partnerships
Under the supervision of the Unit Head the IT Security Engineer actively participates in the development and delivery of a comprehensive IT security program. The IT Security Engineer works closely with other members of the Security Systems Unit and resolve problems related to IT security. The incumbent also interacts with other staff in the Division, including the IT Service Desk, and technical staff from other organizational units and participate in security operations support. The IT Security Engineer participates in providing security solutions and incident management and support cross-sectional IT security projects and processes.
Functions/key results expected
- Contribute as a key player to ensuring the confidentiality, integrity and availability of information systems and data through end-to-end IT security measures and by implementing appropriate technology and processes.
- Implement and maintain incident response and vulnerability management procedures, implement appropriate procedural and technical access control mechanisms, and identify and respond to IT security incidents.
- Perform security and risk assessments and vulnerability testing and make recommendations for corrective actions.
- Participate in IT projects on a daily basis to ensure they produce the required results. This includes in planning, implementing, and monitoring the projects, and creating project documentation.
- Participate in incident handling and vulnerability scanning and management.
- Implement regular and preventative security controls for infrastructure.
- Identify security issues and risks, and develop mitigation plans.
- Recommend new and emerging security products and technologies.
- Participate in security operations support.
- Provide substantive inputs and suggestions on all aspects related to the design, and testing of new security products, security infrastructure, security plans and services.
- Coordinate services, installation, maintenance and supplies from external vendors and other UN agencies.
- Assist in the preparation of written reports which in using data and statistics contribute to efficient and effective usage of the given IT infrastructure.
- Provide inputs on deficiency and effectiveness of security control deployment and usage.
Knowledge, skills and abilities
- Thorough knowledge in IT security program administration, policies, compliance, incident response and information systems security principles, practices and technologies.
- Thorough technical knowledge in supporting security applications, security appliances and tools.
- Excellent problem solving skills.
- Good interpersonal skills to deal effectively with customers, senior management, colleagues and other technical staff in a courteous and friendly manner.
- Ability to work in a multicultural environment with sensitivity and respect for diversity.
- Knowledge of ITIL processes and Prince2 desirable.
Education.experience and language
- University degree in computer science, information management or a related field.
- Minimum of two years of professional experience in managing IT security programs in an IT enterprise environment.
- Experience of working in an IT enterprise environment including using incident management and change management processes.
- Hands-on experience in IT security infrastructure systems providing access control, vulnerability management, incident identification and incident response would be desirable.
- Experience in creating technical documentation.
- Internationally recognised information or IT security relevant certification, such as CISSP, CISM, CISA or GIAC would be desirable.
- Fluency in spoken and written English. Knowledge of other IAEA official languages (i.e. Arabic, Chinese, French, Russian, Spanish) an advantage.
Remuneration
The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $46 730(subject to mandatory deductions for pension contributions and health insurance), a variable post adjustmentwhich currently amounts to US $31 356*, dependency benefits, rental subsidy, education grant,relocation andrepatriation expenses; 6 weeks' annual vacation,home leave,pension plan and health insurance. How to apply to the IAEA Complete an Online Application * Subject to change without notice
Applications from qualified women and candidates from developing countries are encouraged Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values): Integrity, Professionalism and Respect for diversity.Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process.
0 comments:
Post a Comment