Grade: IS-3
Deadline: 26 June 2024 (11:59 PM KST)
Job Category: International
Salary: USD 108,700 (plus attractive benefits, that include the following allowances (as applicable): Relocation, dependency, housing, education assistance and home country travel.
Introduction
The Green Climate Fund is the world’s largest dedicated multilateral climate fund and invests in impactful, innovative, catalytic programs and projects in developing countries across the globe. By the end of 2023, GCF had a portfolio of 243 projects in 129 countries, committing a total of USD 13.5 billion to date.
In 2023, an additional USD 12.8 billion was pledged, to support our new strategic and programming cycle from 2024-2027; our ambition is to grow to become at least a USD 50 billion fund by 2030. Rooted in the core objectives of impact and efficiency, access and a focus on the most vulnerable, and mobilizing a much higher scale of public and private sector financial flows for climate action we have an unparalleled scale of resources, which, together with our risk appetite and flexibility allows us to bring together different partners and stakeholders in innovative partnerships for profound impact.
GCF is seeking a top-tier individual with a demonstrable track record of harnessing experience, energy and networks to tackle complex global climate change challenges. You will be committed to making a positive, measurable difference through a mission-driven role, and thrive in a fast-paced, diverse environment.
You will be able to quickly scan and analyze complex, competing issues and lead significant sized teams to find solutions in evolving contexts, across multiple geographic locations.
You will be a nurturer of people: recognizing and growing the talent around you, exemplifying values of transparency, respect and innovation.
You will be committed to learning, knowledge-sharing, convening and communicating with partners to work together to ideate, develop and implement climate action initiatives that make a profound difference to people and planet.
You will join a team of talented, committed individuals representing almost 80 nationalities contributing skills and experience from academic, scientific, private, government and nonprofit backgrounds. Together, we work with governments, communities and civil society, technical agencies, and the private sector across the world.
Interested in more information?
Learn about working for GCF: https://www.greenclimate.fund/about/careers
View current vacancies: https://jobs.greenclimate.fund/
About the Green Climate Fund (GCF)
Set up in 2010 by the 194 countries who are Parties to the United Nations Framework Convention on Climate Change (UNFCCC), GCF takes its responsibility as the world’s largest dedicated multilateral climate fund to heart. GCF funds transformative climate projects across the developing world, supporting countries in their responses and actions to tackle climate change while fostering sustainable development within their communities.
Our country-driven approach ensures that our actions are tailored to the unique circumstances and national aspirations of each nation we support. Besides channeling public and private sector investment through a broad range of financing instruments, GCF builds the capacity of developing countries to take climate action through an extensive Readiness Programme ensuring countries are increasingly well-equipped and financed to manage their climate futures.
Headquartered in the Republic of Korea, GCF operates with a diverse and talented workforce of over 300 people.
Position Objective
The Office of Administrative Services (OAS) of the Green Climate Fund is currently seeking a highly qualified ICT Cybersecurity Specialist to lead and manage the IT security function in its Information Communications and Technology (ICT) unit, supporting a centrally located workforce of 500 users in Songdo, Republic of Korea and other stakeholders working remotely in 50-60 countries around the world through a network of virtual ICT operations.
Under the guidance of the ICT Infrastructure & Management Services Specialist, the position will work collaboratively with and support the Digital Infrastructure, Operations & Service Support teams to manage all functions associated with IT security - from conducting reviews of software security, through to implementing solutions to defend against threats to networks and computer systems in place. Additionally, this role will liaise with third-party vendors to utilize their cybersecurity advisory services, and to ensure the linkages between the various applications and platforms in the Fund’s tech stack operate at the highest-level security-wise.
Purpose
Manage the detection of security incidents, including investigating, and responding to security incidents and breaches.
Implement and maintain access controls, ensure appropriate user permissions, and manage user identities across various platforms. Ensure that security updates are current across all systems.
Deploy, configure, and maintain endpoint security tools. Monitor endpoints for security breaches, manage threat detection, and respond to security incidents.
Evaluate Emerging Technologies in the field of information technologies to identify innovative solutions.
Lead Security Innovation Initiatives, foresting a culture of continuous improvement and proactive security measurement.
Conduct comprehensive risk assessment to identify potential security gaps and vulnerabilities by proposing strategies to mitigate risks.
Engagement
Analyze threats, conduct risk assessments, and implement proactive measures to mitigate potential security risks.
Provide technical assistance and guidance to ICT teams in complying with security controls and industry best practices.
Design and deploy tooling, dashboards, scripts, and automation tools to enhance cloud security posture, detection, and response.
Develop and enforce security policies and procedures in line with organizational goals and compliance requirements.
Stay updated with the latest security trends, threats, and other factors relevant to GCF’s security requirements.
Delivery
Plan, implement, automate, manage, and monitor cloud security controls.
Perform assessments of resource architecture and configurations against security baselines.
Secure business applications and computing environments across public, private or hybrid cloud infrastructures.
Monitoring and managing cloud security events and supporting incident response processes as needed.
Manage remediation efforts required after security assessment findings outline weaknesses requiring attention.
Maintain comprehensive documentation of project activities including security requirements, design decisions, testing results. Provide regular updates and reports on any security -related issues or concerns.
Requirements (Education, experience, technical competencies required of the job)
Master's Degree in computer science, Information Systems, and/or a similar domain of education. A Bachelor’s Degree in relevant fields with an additional two (2) years of experience may be accepted in lieu of the Master’s degree requirement.
A minimum of seven (7) years of hands-on experience in information security roles, with progressively increasing responsibilities, including experience in areas such as security operations, incident response, risk management, and security architecture.
Demonstrated experience in liaising with and managing vendors of security services.
Experience working in a global or multinational organization, particularly one with a distributed workforce and diverse technology environments, is highly desirable.
Proven ability to manage security projects effectively, including planning, resource allocation, execution, and stakeholder communication.
Familiarity with relevant industry standards, frameworks, and compliance requirements (e.g., GDPR, ISO 27001, NIST Cybersecurity Framework) is essential.
Strong experience in developing and implementing incident response plans, conducting investigations, and staying abreast of emerging threats and attack vectors.
Experience in securing cloud environments (public, private, hybrid) and familiarity with cloud security best practices are highly valued.
Proficiency with a variety of security tools and technologies, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), DLP (Data Loss Prevention), endpoint security solutions, and vulnerability management tools.
Capable of managing and resolving security findings in a timely manner and using Agile management practices and tools.
Industry Standard Certifications such as, but not limited to: CISSP, CCSP, CISM, Security+, SSCP, ISO 27001, etc.
Excellent written and oral communication skills in English are essential for this position, knowledge of another UN language an advantage.
The closing date for application is 26 June 2024. Applications submitted after the deadline may not be considered.
*The person assessed by the Selection Panel as most suitable for the position will be proposed for appointment. Selection among short-listed candidates will also take into account performance at interview, appropriate testing, and references.
Applications from women and nationals of developing countries are strongly encouraged to apply.