Chief Information Security Officer

International Organization for Migration

Position Title: Chief Information Security Officer

Duty Station: Geneva, Switzerland

Classification: Professional Staff, Grade P5

Type of Appointment: Fixed term, one year with possibility of extension

Estimated Start Date: As soon as possible

Closing Date: 07 January 2024

Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.

IOM is committed to a diverse and inclusive work environment. Read more about diversity and inclusion at IOM at www.iom.int/diversity.

Applications are welcome from first- and second-tier candidates, particularly qualified female candidates as well as applications from the non-represented member countries of IOM. For all IOM vacancies, applications from qualified and eligible first-tier candidates are considered before those of qualified and eligible second-tier candidates in the selection process.

For the purpose of this vacancy, the following are considered first-tier candidates:

  1. Internal candidates
  2. External female candidates:
  3. Candidate from the following non-represented member states:

Antigua and Barbuda; Barbados; Botswana; Cabo Verde; Comoros; Congo (the); Cook Islands; Dominica; Fiji; Grenada; Guinea-Bissau; Holy See; Iceland; Kiribati; Lao People’s Democratic Republic (the); Madagascar; Marshall Islands; Micronesia (Federated States of); Namibia; Nauru; Palau; Saint Kitts and Nevis; Saint Lucia; Solomon Islands; Suriname; The Bahamas; Tonga; Tuvalu; Uzbekistan; Vanuatu

Second tier candidates include:

All external candidates, except candidates from non-represented member states of IOM and female candidates.

Context:

IOM seeks to recruit a Chief Information Security Officer (CISO) who will head of the Information Security and Risk Unit within the Information Technology Department (ITD).

ITD enables IOM to achieve its mission of safe and orderly migration in a sustainable way by delivering transformative information and technologies to its staff working in over 400 locations. Our vision is to transform how IOM accomplishes its mission through information and technology. In this fast-paced, ever-changing world, the formulation and implementation of the ITD strategy is an ongoing, iterative process of learning and adaptation developed through extensive consultations with business partners throughout IOM.

ITD shapes its strategy in response to changing business priorities and leverages new technologies to achieve three high-level business outcomes: business enablement, by providing IOM units with innovative digital tools and technologies to transform how they deliver value for their stakeholders; empowerment & effectiveness, by ensuring that all IOM staff are connected, able to find information, and productive to accelerate the delivery of solutions globally; and resilience, by equipping IOM to provide risk-based cybersecurity and robust data protection for a global network and a growing cloud platform.

The Information Security and Risk Unit headed by the CISO, provides leadership in managing the functions and activities of information security and risk management, IT service management, and business continuity across IOM, enabling the achievement of IOM’s business objectives.

The CISO acts as the authority for the development and enforcement of the organization’s security strategy, standards, and policies, and has ultimate responsibility for ensuring the protection of corporate information and data. By guiding the design and continuous improvement of the IT security architecture and Cyber Risk Maturity Model, the CISO balances business needs with security risks. Central to this role is provision of advice to the board and senior leadership on all security matters and setting directions for complying with regulatory inquiries, legal and compliance regulations, inspections, and audits. The CISO is tasked with managing cyber security compliance standards, protocols, and frameworks, as well as the Cyber Security Risk Management Framework.

Under the direct supervision of the CIO/Director, Department of ICT, the Chief Information Security Officer develops, implements, drives, and monitors the enterprise vision, charter, strategy, and programme for information security and IT risk management for IOM.

Core Functions / Responsibilities:

Information security strategy, vision, and leadership.

  • Champion enterprise vision, leadership and governance for information and cyber security,and IT risk management within IOM.
  • Lead the development and implementation of an effective information security architectural approach, incident response policies, and standards aligned with international best practices (e.g., ISO 2700X, NIST, ITIL, COSO Framework).
  • Collaborate and provide guidance to ITD Teams and business units to establish a consistent approach to information security and risk management.
  • Collaborate and provide advice on enterprise architecture to define physical, virtual, and logical information security architecture specifications.
  • Lead the implementation of consistent application of information security architecture standards across application development projects and compliance to applicable standards and policies.
  • Establish an information security governance capability across IOM involving business leaders and resource owners.

Incident Response Management

  • Manage the process of monitoring and detecting IT security incidents, vulnerabilities, and risks.
  • Lead the establishment of proactive processes for responding to and recovering from information security breaches (e.g., viruses, hackers, data theft).
  • Implement preventive, detective, and corrective technical security controls and solutions to support information security policies, standards, and procedures.
  • Respond appropriately to investigations and forensic requests, ensuring discretion and sensitivity.

Information Risk Management

  • Strengthen internal control reviews and analyze information security threats and vulnerabilities.
  • Supervise the annual IT risk assessment and attestation activities in ITD related to the Enterprise Risk Management exercises for IOM.
  • Implement and maintain a mechanism to monitor risk response activities in ITD while reporting regularly to Senior Management.
  • Collaborate with application owners to understand and address (as appropriate) the risk position around key business applications.
  • Lead the implementation of a Vendor Risk Assessment Framework.
  • Ensure appropriate risk assessment is performed during IT application, product, or service acquisitions.
  • Track, prioritize, and address IT audit findings systematically.
  • Provide substantive inputs and advice to the change control process, including a review of changes made to production.

IT Service Management and Business Continuity Management

  • Create, administer, evaluate, update, and maintain ITD’s Business Continuity plans and disaster recovery policies and standards to align with IOM’s business continuity management program.
  • Function as ITD Disaster Recovery Team Leader and coordinate the development and actual implementation/execution of ITD’s disaster recovery plans and procedures to ensure that business-critical services are recovered in the event of a security incident.
  • Lead the annual disaster recovery exercise and commissioning activities, in coordination with other Departments and ITD Teams.
  • Collaborate with business units in the assessment of potential business impacts, the definition of critical, time-sensitive processes, and analyses of required components as defined within the Business Impact Analysis (BIA) standard.
  • Coordinate with the Staff Security and Safety Department, other departments, and different ITD teams to ensure the readiness of ITD in the adoption of organizational cyber resilience and crisis management throughout the organization.

Business Relationship Management and Communications

  • Build sound business relationships across IOM to enable a strong understanding and close alignment with business needs, direction, and risk appetite.
  • Manage the creation and production of timely, accurate, and informative business and IT metrics relating to information risk initiatives. Utilize the metrics to prioritize key initiatives and respond to negative trends.
  • Creates a culture of cyber security both with the ICT Department and drives behavioral changes for the business.
  • Develop and promote information security awareness training and education for all levels of staff and service providers. Regularly review and ensure its effectiveness.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

Cyber Security Advisory

  • Provide advice to IOM’s operation for the development of cyber security policies, guidelines, and methodologies.
  • Recommend cyber security control and measurement, governance, and policy compliance for development operations.
  • Liaises with external entities, such as cybersecurity advisory bodies, cyber threat intelligence entities, member states and external partners, and law enforcement agencies (in coordination with Legal Department), etc. as necessary, to ensure that the organization maintains a strong security posture and is kept well abreast of the relevant threats identified by these external entities.

Required Qualifications and Experience:

Education

  • Bachelor’s degree in Computer Science, Information Systems, or a related field with ten years of relevant professional experience; or,
  • Master’s degree in the above with twelve years of relevant professional experience.
  • Certifications and Specializations: Advantageous to have Professional certifications or specialized training or experience in areas such as such as, International Organization for Standardization (ISO) 2700X, CISSP, ITIL, NIST, COSO Framework, COBIT/Risk IT, etc.) and Project Management to demonstrate a commitment to continuous learning and expertise in specific aspects of data technology and management.

Experience

  • Hands-on experience with OSINT tools and systems; and,
  • Experience working in fast-paced, business-responsive, or client-service environments, and leading teams in multi-disciplinary and/or multi-site settings;

Skills

  • Proven track record in leading cybersecurity strategy initiatives in a large global dispersed organization;
  • Management level familiarity with the authorization, security, and integration models of software, including Oracle ERP, SWIFT, Treasury Management Systems, and Bloomberg’s information and trading platforms. Hands-on expertise in securing and defining the security of cloud platforms, infrastructure, endpoints, applications, and application platforms;
  • Strategic Planning and Visioning: Ability to create and implement long-term strategies that align cybersecurity initiatives with business goals;
  • Technical and Analytical Acumen: Sound judgement and decisiveness in ensuring that corporate information is well protected and secured;
  • Leadership and Team Management: Skills in leading diverse teams, fostering a collaborative environment, and developing talent within the organization;
  • Change Management and Adaptability: Aptitude for managing organizational change, with the flexibility to adapt strategies in response to evolving business and technological landscapes;
  • Communication and Influence: Excellent communication skills for articulating complex concepts to various stakeholders and influencing decision-making processes;
  • Risk Assessment and Compliance: Strong Risk management concepts and principles -including assessment, prioritization, delivery of treatment plans, tracking, reporting, and metrics (accreditation and certification), and the ability to ensure adherence to relevant laws and regulations;
  • Stakeholder Management and Engagement: The ability to effectively manage relationships with internal and external stakeholders, ensuring that strategies meet the diverse needs and objectives of all parties involved;
  • Strong project and change management skills;
  • Demonstrable strategic orientation and critical thinking skills. Ability to generate valuable insight regarding external issues such as shifts in threats and countermeasures and internal matters such as business implications of information security policies and protocols;
  • Vendor Management: Skills in negotiating with and managing third-party vendors; and,
  • Excellent communication skills.

Languages

IOM’s official languages are English, French, and Spanish. All staff members are required to be fluent in one of the three languages.

For this position, fluency in English is required (oral and written). Working knowledge of another official UN language (Arabic, Chinese, French, Russian, and Spanish) is an advantage.

Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.

Notes

Accredited Universities are the ones listed in the UNESCO World Higher Education Database (https://whed.net/home.php).

Required Competencies:

Values – all IOM staff members must abide by and demonstrate these five values:

  • Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.
  • Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
  • Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
  • Courage: Demonstrates willingness to take a stand on issues of importance.
  • Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.

Core Competencies – behavioural indicators level 3

  • Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
  • Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
  • Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.
  • Accountability: Takes ownership for achieving the Organization’s priorities and assumes responsibility for own actions and delegated work.
  • Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.

Managerial Competencies – behavioural indicators level 3

  • Leadership: Provides a clear sense of direction, leads by example and demonstrates the ability to carry out the Organization’s vision. Assists others to realize and develop their leadership and professional potential.
  • Empowering others: Creates an enabling environment where staff can contribute their best and develop their potential.
  • Building Trust: Promotes shared values and creates an atmosphere of trust and honesty.
  • Strategic thinking and vision: Works strategically to realize the Organization’s goals and communicates a clear strategic direction.
  • Humility: Leads with humility and shows openness to acknowledging own shortcomings.

IOM’s competency framework can be found at this link.

https://www.iom.int/sites/default/files/about-iom/iom_revised_competency_framework_external.pdf

Competencies will be assessed during a competency-based interview.

Other:

Internationally recruited professional staff are required to be mobile.

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

This selection process may be used to staff similar positions in various duty stations. Recommended candidates endorsed by the Appointments and Postings Board will remain eligible to be appointed in a similar position for a period of 24 months.

The list of NMS countries above includes all IOM Member States which are non-represented in the Professional Category of staff members.

Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, and background verification and security clearances. Subject to certain exemptions, vaccination against COVID-19 will in principle be required for individuals hired on or after 15 November 2021. This will be verified as part of the medical clearance process.

Vacancies close at 23:59 local time Geneva, Switzerland on the respective closing date. No late applications will be accepted.

How to apply

To apply, interested applicants are invited to submit their applications HERE via the IOM e-Recruitment system by 07 January 2024.

IOM only accepts duly completed applications submitted through the IOM e-Recruitment system. The online tool also allows candidates to track the status of their application.

Only shortlisted candidates will be contacted.

For further information please refer to: www.iom.int/recruitment

Posting period:

From 20.12.2023 to 07.01.2024

No Fees:

IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.

Requisition: VN 2023 579 Chief Information Security Officer (P5) Geneva, Switzerland (58554825) Released

Posting: Posting NC58554826 (58554826) Released

Job Notifications
Subscribe to receive notifications for the latest job vacancies.
By subscribing, you agree with our privacy policy and our terms of service.