Cybersecurity Consultant (Security Awareness)

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

Background information:

UNICC is one of the most important IT Service providers for the UN family of organizations. As a part of the UN family, UNICC espouses the same values that the UN embraces.

During the last 5 years UNICC launched several new services to help our partners improving their cybersecurity posture. Due to the fast growth of UNICC security awareness service subscribers UNICC is in need of a Security Awareness Consultant to strengthen its team structure.

Main duties and responsibilities:

As part of the Security Awareness service team and in close collaboration with the Learning and Communication teams, the selected candidate must be able to autonomously work with service subscribers:

• Proactively engage with UNICC partners to assess their specific security awareness needs and challenges
• Design and implement tailored security education and training programmes that align with both the strategic goals of the organization and the unique requirements of each Partner
• Continuously evaluate the effectiveness of these programmes and adapt them as needed to ensure they remain relevant and impactful

Specifically, the successful candidate must be able to:

• Under the guidance of the section, establish Information Security Awareness strategies and roadmaps
• Under the guidance of the section, establish a calendar of Security Awareness activities and monitor and report for timely execution purposes
• Curate engaging and relevant content from the Security Awareness platform, ensuring accessibility and inclusivity to develop customized Computer Based Training (CBT) courses:
  o CBT awareness courses on general security and privacy topics that can be made mandatory for all users
  o CBT awareness courses for focused groups and risky user groups
  o CBT courses for executive management
  o Reinforcement material like posters, quizzes, and newsletters
  o Develop and execute phishing simulations in line with the goals of the awareness
• Create and curate educational webinar content focused on key security awareness topics, utilizing multimedia and interactive elements to engage different audience groups
• Plan and execute a schedule of webinars that complements the broader security awareness calendar, ensuring timely and relevant delivery of content
• Work closely with technical and subject matter experts to ensure that the information presented is accurate, up-to-date, and effectively communicated
• Maintain the platform’s functionality and security posture through regular updates and patches
• Provide user support and training resources to maximize platform utilization and effectiveness
• Monitor platform analytics to track user engagement and identify areas for improvement
• Under guidance, support system integration and customization activities between the vendor and service subscribers, applying best practices based on industry standards and benchmarks
• Provide Quarterly Awareness Assessment Reports. This includes generating comprehensive reports that highlight key metrics, trends, and actionable insights, include visualizations and data summaries to enhance readability and facilitate decision-making, present reports to stakeholders in a clear and concise manner, emphasizing actionable recommendations for improvement

Recruitment Profile

Experience and Skills required:

Essential:

• Minimum of three (3) years working in Information Security, including proven experience in security awareness consulting projects
• Ability to operate Information Security Awareness platforms (e.g.,Terranova, Knowbe4, ProofPoint, Cofense, Living Security, GoPhish etc…)
• Proven track record of successful security awareness projects
• Experience in medium/complex size projects
• Expert knowledge of information security risks, risks mitigation strategies and the different elements that constitute risk
• Ability to understand technical and business aspects of IT risk, and to communicate those risks to management, business, and technical units
• Basic HTML and CSS knowledge to customize landing pages and feedback pages to organize phishing simulations
• Experience in working with Microsoft office tools and Microsoft Project
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity

Desirable:

• Knowledge of common information management frameworks, such as ISO/IEC 27001, ITIL, COBIT, etc…
• Project management skills and ability to manage multiple projects under strict timelines
• Linux and Windows scripting skills
• Basic knowledge of UN family of organizations
• Previous experience in multicultural environments

Education:

Essential:

• First university degree in Computer Science, Information Security or related area

Desirable:

• Certifications like CISSP, CISA, CISM, CCSP or similar

Languages:

• English: Expert knowledge is required

UNICC Global Competencies:

• Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
• Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
• Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
• Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
• Knowing and managing yourself: Manages ambiguity and pressure in a self reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.

Other Information

Compensation:

Fee will be based either on the National Officer salary scales or the Individual Consultancy band levels (for Headquarters)

• National Officer Salary Scale
• For headquarters, Individual Consultancy band levels will be used

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 30 June 2024.

Notes:

• Technical and/or personality tests may be carried out as part of the selection process
• Only short-listed candidates will be contacted
• Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

For applications to be valid, they must contain a motivation letter and the filled Personal History Form.