Grade: P4
Vacancy no.: RAPS/6/2023/INTSERV/02
Publication date: 24th November 2023
Application deadline (midnight Geneva time): 4th January 2024
Job ID: 11436
Department: INTSERV
Organization Unit: FACILITIES
Location: Geneva
Contract type: Fixed Term
The following are eligible to apply:
Staff members with at least five years of continuous service with the Office are encouraged to apply.
Applications from candidates who have already separated from ILO service upon retirement or early retirement, will not be considered.
The ILO values diversity among its staff and welcomes applications from qualified female candidates. We also encourage applicants with disabilities. If you are unable to complete our online application form due to a disability, please send an email to ilojobs@ilo.org.
The ILO welcomes applicants with experience in working within ILO constituents (governments, employers’ and business membership organizations, and workers’ organizations).
Applicants from non- or under-represented member States, or from those member States which staffing forecasts indicate will become non- or under-represented in the near future would be particularly welcome. A list of these countries can be found here: ILO Jobs: Non- and under-represented Member States
In addition to the interviews and tests that any candidate may be required to take, successful completion of the ILO Assessment Centre is required for all external candidates and any internal candidate applying to a higher category.
Notwithstanding the general considerations set out in the ILO Staff Regulations, this vacancy announcement is the only authoritative document pertaining to the qualifications required for this position. The minimum required qualifications were determined in view of the specific duties and responsibilities of this position.
The specific language requirements for this position are detailed hereunder. However, candidates applying for the professional category vacancies who have not already successfully completed their probationary period within the ILO and whose mother tongue is not one of the working languages of the Office (English, French and Spanish), shall be required to possess a fully satisfactory working knowledge of at least one of the ILO working languages. If appointed they may be required to acquire a knowledge of a second working language of the Office during their initial years of service.
The position is located within the Facilities Management Unit (FACILITIES) in the Department of Administration and Internal Services (INTSERV). The Department is responsible for the overall management of facilities, assets and inventory, safety and security, printing, publishing and distribution, diplomatic privileges, travel and transportation, use of public spaces, and general internal services. FACILITIES oversees the construction, acquisition, allocation, and maintenance of all ILO buildings and offices, as well as the effective provision and management of all necessary goods and services internally for this purpose.
The incumbent is responsible for the management of the technical network infrastructure, functioning of all building systems and applications that are connected on this network, and the network security for all the operational technology (OT) installed at ILO headquarters in Geneva.
The position will report to the FACILITIES Unit Head.
1. Administer the operational technology (OT) infrastructure, with a specific emphasis on securing technical networks, IoT devices and software platforms (security system platform, visitor management system, access control, fire detection, CCTV, building management system) related to the building.
2. Develop necessary procedures to ensure regular software upgrades for various components and analyse event logs to protect the OT infrastructure, IoT networks and software platforms against unauthorized access, data breaches, and cyber threats in alignment with the Information Security Management System (ISMS) and associated guidelines.
3. Conduct regular vulnerability assessments and penetration tests on IoT devices, networks and software associated with the functioning of building and security systems to identify security flaws and potential risks.
4. Coordinate Business Impact Assessments (BIA) to identify critical devices, processes, and associated risk levels for prioritizing resources and remediation plans. Update the risk register following the ISRA (Information Security Risk Assessment) methodology.
5. Collaborate with internal multidisciplinary teams, FACILITIES, the Information and Technology Management Department (INFOTEC), and external partners to ensure seamless integration of IoT devices and software into the technical network and connection with the existing administrative network infrastructure managed by the IT department. Represent the FACILITIES team in meetings with INFOTEC on security, compliance, and regulatory matters related to the technical network and building related IoT systems.
6. In collaboration with the ISAS (Information Security Assurance Services) unit of the INFOTEC Department, monitor and analyse network traffic and system logs to detect and timely respond to potential security incidents or breaches related to the dedicated technical building network and associated IoT systems. Participate in incident response activities, conduct post-incident analyses, and implement necessary remediation measures to prevent future incidents.
7. Work closely with vendors and third-party service providers to assess and select secure IoT devices, software and solutions in line with the organization's security requirements. Manage contractual relationships, performance and define basic security requirements and associated contract checklists. Document procedures and processes to guide and oversee vendor and third-party service provider activities for resilience purposes.
8. Verify and authorise request interventions for modifications to the OT infrastructure originating from internal teams or suppliers responsible for maintenance of their systems. Establish and keep up-to-date procedures on interventions, to ensure centralized management of the OT infrastructure. Oversee the attribution and changes of the IP addresses. Develop procedures, document and approve remote access to systems.
9. Define criteria and procedures for managing acceptance criteria for new projects based on information security and cybersecurity requirements.
10. Supervise the work of the FACILITIES low-voltage and telecommunications electrician.
11. Coordinate change management according to ITIL best practices for the technical network, building-related IoT and software (security hypervisor, visitor mgmt. system, access control, CCTV, building management system). Coordinate patching of servers running on the OT network in support of the different systems. Verify and validate that upgrades on one system will not negatively impact the functioning of the others.
12. Stay updated on industry trends, emerging threats, and best practices related to IoT network security, and implement appropriate measures to address them.
13. Perform other relevant duties as assigned.
Advanced University degree in computer science, information security, electronics, or related field. Advanced certifications (e.g., CISSP, CISM, CCNP, CCIE) are highly desirable. A first-level university degree in one of the afore-mentioned fields or related field with an additional two years of relevant experience, in addition to the experience required below, will be accepted in lieu of the advanced university degree.
At least seven years of experience in managing and securing operational technology infrastructure in a large-scale building, involving multiple IP based systems for building, security and safety management. Or seven years extensive IT security experience with a knowledge of IP based building systems.
Excellent command of English or French and a working knowledge of the other language.
In addition to the ILO core competencies, this position requires:
Technical Skills
Extensive experience in Operational Technology - OT of building management systems or extensive IT security experience, with knowledge of the other area and willingness to undergo additional training to bridge the knowledge gap by the end of the probationary period.
Understanding of operational technology systems; protocols, architectures, and security mechanisms of networks, including secure provisioning of devices, authentication, encryption, and access control.
Good understanding of industry standards and best practices related to IoT security, such as the NIST IoT security framework, IEC 62443, and OWASP IoT Top 10.
Knowledge of IT infrastructure (network, servers, backups, virtualization).
Understanding of vulnerability assessments, penetration testing, and network monitoring.
Knowledge of regulatory compliance requirements related to OT systems and IoT security, such as NERC CIP and GDPR.
Ability to adapt to a fast-paced and evolving environment, prioritize tasks, and meet project deadlines.
Excellent project management skills. Strong analytical skills, decision making and problem-solving skills. Ability to identify priority activities and assignments, to adjust priorities as required, to foresee risks and plan for contingencies. Ability to communicate verbally and in writing on complex technical subjects in a clear and structured manner.
Behavioral Skills
Excellent problem-solving skills and ability to analyse complex issues related to OT infrastructure and IoT networks.
Strong communication and collaboration skills to work effectively with multidisciplinary teams, vendors, and third-party service providers.
High standard of integrity; Role models effective client-oriented behaviour; positively promotes the need to respect clients and work in a client-centric manner; Ability to develop and maintain effective partnerships and working relations. Fosters teamwork and communication within the unit/the department and with other departments and clusters. Ability to work in a multi-cultural environment and to demonstrate gender-sensitive and non-discriminatory behaviour and - attitudes.
Attitude of continuous learning.
Conditions of employment
For more information on conditions of employment, please visit the ILO Jobs International Recruitment page.
Important Information
Any officials of the General Service category interested in applying to this position are hereby informed that, if selected, they will be offered the salary and allowances applicable to the grade of the position applied for, which may result in substantial changes in their take-home remuneration. In accordance with Article 3.4 of the Staff Regulations, the salary of an official, upon promotion, shall in no case be greater than the maximum salary of the grade to which he or she was promoted. For any questions or clarifications, please contact your HR partner at hrpartner@ilo.org
Recruitment process
Please note that all candidates must complete an on-line application form. To apply, please visit the ILO Jobs website. The system provides instructions for online application procedures.
Evaluation (which may include one or several written tests and a pre-interview competency-based assessment centre) and the interviews will tentatively take place during the 3 to 4 months following the application deadline. Candidates are requested to ensure their availability should they be short listed for further consideration.
Depending on the location and availability of candidates, assessors and interview panel members, the ILO may use communication technologies such as Skype, Video or teleconference, e-mail, etc. for the assessment and evaluation of candidates at the different stages of the recruitment process, including assessment centres, technical tests or interviews.
The ILO has zero tolerance for acts of sexual exploitation and abuse (SEA) and is determined to ensure that all staff members and all beneficiaries of ILO assistance do not suffer, directly or indirectly, from sexual exploitation and abuse.
To ensure that individuals with a substantiated history of SEA, sexual harassment or other types of abusive conduct are not hired by the Organisation, the ILO may conduct a background verification of candidates under consideration.
Fraud warning
The ILO does not charge any fee at any stage of the recruitment process whether at the application, interview, processing or training stage. Messages originating from a non ILO e-mail account - @ilo.org - should be disregarded. In addition, the ILO does not require or need to know any information relating to the bank account details of applicants.