IMPORTANT NOTICE REGARDING APPLICATION DEADLINE: please note that the deadline for applications is indicated in local time as per the time zone of the applicant’s location.
1. Organizational Context
a. Organizational Setting
The post is located in the Information Security Section of the Security and Information Assurance Division. This Division is responsible for the management of all aspects of WIPO’s information and physical security and safety and ensures that appropriate policies and procedures are in place and effective measures and controls are established to assess and mitigate threats/risks to the Organization. In particular, the Division defines the controls for the implementation of information security instruments and monitors if adequate assurance is maintained over WIPO’s information assets. The Division also provides professional safety and security services for WIPO staff, its delegates and visitors and ensures the protection of the Organization’s facilities and assets. Appropriate balance of the roles between “service” and “control” is the key for its success in enabling and sustaining WIPO’s operations in an environment with increasing demands for openness and connectivity on the one hand and rapidly evolving information security risks on the other hand.
b. Purpose Statement
The incumbent as Head of the Information Security Section is responsible for ensuring the security of information owned by and entrusted to WIPO and for safeguarding WIPO’s information systems while enabling their most efficient use.
c. Reporting Lines
The incumbent works under the supervision of the Chief Security Officer.
d. Work Relations
The incumbent works closely with senior officials throughout the organization as well as with external entities, including partner institutions, law enforcement, vendors and service providers and, on occasion, WIPO Member State representatives.
2. Duties and Responsibilities
The incumbent will perform the following principal duties:
a. Lead, plan and control the Section’s work, determining priorities and allocating resources for the completion and timely and quality delivery of work products in accordance with results-based management principles; provide input to the Division’s program and budget, develop annual work plans for the Section and manage the implementation within time, cost and quality objectives.
b. Manage the staff of the Section, including consultants and other external resources, and supervise their work; provide regular feedback on performance and ensure timely finalization of performance evaluation exercises; cultivate good cooperation and teamwork amongst colleagues within and outside the Section; recognize the value of diversity in building effective teams for complex domains such as cybersecurity; lead the team with an inclusive approach that leverages diverse perspectives, and ensure WIPO's security infrastructure remains accessible and usable for persons with disabilities.
c. Build and manage relationships with internal and external stakeholders, including Member States, to influence information assurance strategies, manage expectations, and rally support for information security initiatives.
d. Provide expert input for the formulation and implementation of information assurance strategies and policies in response to evolving business needs, information risks and threats; develop and manage implementation of supporting policies, standards, and procedures. Communicate and report on information security risk and compliance metrics to management and governance groups.
e. Manage the information systems security operations, including selection and management of security solutions; management of security events, threat intelligence, vulnerabilities and timely mitigations. Lead coordinated incident response, digital forensics, and authorized investigation efforts through intelligence backed decisions and close collaboration with internal business units and external partners.
f. Manage and lead a Computer Security Incident Response Team (CSIRT) in the event of a true positive information security incident.
g. Manage the ongoing assessment and treatment of information security risks of external service providers and information systems throughout the system development lifecycle. Manage a continuous compliance program including maintenance of relevant industry information security certifications.
h. Manage the implementation of an annual information security awareness program and ensure WIPO staff receive relevant and up-to-date awareness and training on information security.
i. Provide expert advice to the architecture, design and implementation of logical controls via control systems, processes and procedures to prevent unauthorized access, disclosure, manipulations, or destruction of WIPO information or information systems, and ensure that such controls and systems are accessible.
j. Track industry trends in information security and evolving information security threats, inform and educate management and staff at large as appropriate, and implement measures to continuously improve WIPO’s security posture in light of these trends and threats.
k. Perform other related duties as required.
3. Requirements
Education (Essential)
Advanced university degree in Computer Science, Information Technology, Information Management or related discipline. A first-level university degree plus two years of relevant professional experience in addition to the experience requested below may be accepted in lieu of an advanced university degree.
Certification in information security such as CISSP, or CISM.
Education (Desirable)
Certification in Incident Handling or Incident Response (GCIH or GCFA).
Certification in Business Relationship Management (BRMP or similar).
Certification in SABSA Security Architecture (SCF or better).
Certification in project management, on well recognized project management methodologies.
Experience (Essential)
At least ten years of professional experience in information security, information assurance and information risk management including at least three years of managerial experience in managing medium to large information assurance programs.
Experience in managing information systems security in comparable enterprise environments that routinely process highly sensitive information and that require advanced measures in securing related information systems.
Experience in managing projects under internationally well recognized project management methodologies.
Experience in leading diverse teams with an inclusive approach, ensuring that cybersecurity solutions and processes leverage diverse perspectives and remain accessible and usable for persons with disabilities.
Experience in the development and implementation of Information assurance strategies and policies.
Language (Essential)
Excellent written and spoken knowledge of English.
Language (Desirable)
Knowledge of other UN official languages.
Job Related Competencies (Essential)
Excellent understanding of the technologies and practices related to information systems controls, such as firewalls, network, directory services, cryptograph and key/certificate management, secured software life-cycle management, etc. and their relationships to achieve optimal controls.
Excellent insight of trends and technologies related to information security risks and threats, and their business implications.
Excellent understanding of pertinent international practices, such as ISO 27001, with proven experience in implementing and using such practices for managing information security risks.
Good organizational and interpersonal skills to influence others for shared vision and positive results with or without the line of command.