This selection exercise may be used to generate a roster of pre-approved candidates to address future staffing needs for similar functions in any of the Departments and Offices of the Organization.
IMPORTANT NOTICE REGARDING APPLICATION DEADLINE: Please note that the closing date for submission of applications is indicated in local time as per the time zone of the applicant's location.
Organizational Setting
The Division of Information Technology provides support to the IAEA in the field of information and communication technology (ICT), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises hardware and software platforms, and cloud and externally-hosted services. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.The Infrastructure Services Section (ISS) is responsible for implementing, maintaining, and administering the ICT systems and services for high availability; designing, implementing, and operating IT security services; and managing the data centre. The platforms include Microsoft Windows servers, Linux servers, Oracle EBS infrastructure, data storage, and transmission networks, serving more than 2500 staff, as well as over 10000 external users around the world. The Section includes three Units: Network and Telecommunications, Enterprise Systems, and Security Systems.
Main Purpose
As a member of the ISS management team led by the Section Head, the Security Systems Unit (SSU) Head manages a team of ICT security engineers. He/she is responsible for engineering and administering central IT security systems, and integrating and holistically reviewing IT security across all systems on the network. He/she provides technical leadership, resource management and management of projects. The incumbent applies professional expertise on IT security (e.g. threat analysis, vulnerability management). He/she documents, manages and optimises operational security processes such as vulnerability management, security incident monitoring and security assessments. He/she advises on planning, design and implementation of protection, detection and forensic systems. He/she manages and coordinates the resolution of IT security incidents. Furthermore, he/she is responsible for sustaining service support measures and controls to ensure the resilience, performance, capacity and crisis recovery of those systems to meet the requirements of the organization.
Role
The SSU Head performs the roles of supervisor; security, monitoring and forensic expert; and project manager.
Functions / Key Results Expected
• Lead delivery of technical enterprises services across infrastructure security, application security, network security, security incidents monitoring & response, and threat and vulnerability management domains.
• Assure management of the technical tools portfolio for SIEM, EDR, email protection, TVM and systems hardening tools, IPS, WAF, DAST and SAST, as well as any in-house developed security capabilities.
• Oversees secure implementation for the enterprise capabilities operating in hyper-converged, multi-cloud infrastructure environment.
• Advises CISO and Section Heads on relevant cyber security trends and necessary strategic developments needed to improve the overall security posture for the organisation.
• Develop and lead implementation of strategic long-term improvements for security management services and capabilities.
• Manage and oversee of delivery of managed security service providers.
• Deliver operational functions supporting relevant governance frameworks such as ISO 27001, COBIT, and CIS.
Competencies and Expertise
Core Competencies(Competency Framework) Name Definition Planning and Organizing Sets clearly defined objectives for himself/herself and the team or Section. Identifies and organizes deployment of resources based on assessed needs, taking into account possible changing circumstances. Monitors team’s performance in meeting the assigned deadlines and milestones. Communication Encourages open communication and builds consensus. Uses tact and discretion in dealing with sensitive information, and keeps staff informed of decisions and directives as appropriate. Achieving Results Sets realistic targets for himself/herself and for the team; ensures availability of resources and supports staff members in achieving results. Monitors progress and performance; evaluates achievements and integrates lessons learned. Teamwork Encourages teamwork, builds effective teams and resolves problems by creating a supportive and collaborative team spirit, remaining mindful of the need to collaborate with people outside the immediate area of responsibility.
Functional Competencies Name Definition Client orientation Examines client plans and develops services and options to support ongoing relationships. Develops solutions that add value to the Agency’s programmes and operations. Commitment to continuous process improvement Assesses the effectiveness of functions and systems as well as current practices; streamlines standards and processes and develops innovative approaches to programme development and implementation. Technical/scientific credibility Provides guidance and advice in his/her area of expertise on the application of scientific/professional methods, procedures and approaches.
Required Expertise Function Name Expertise Description Information Technology IT Security Strong knowledge of IT Security. Experience in establishing, implementing and maintaining of IT Security Systems. Information Technology Information Security and Risk Management Strong knowledge and experience in Information Security, Threat Analysis and Risk Management. Information Technology Project Management Experience in managing large and complex IT Security related projects following Project Management methodology such as PMP and Prince2.
Qualifications, Experience and Language skills
Accredited Certification in IT Security and/or Information Security such as CISSP or equivalent.
Master's (advanced) Degree in Computer Science, IT Management or in a related field. A first level university degree in IT and related field, with two additional years of relevant experience may be considered in lieu of the advanced degree.
Accredited Certification in Project Management such as PMP or Prince2 is desirable.
Minimum of seven years of professional experience as a systems and/or security engineer in a large and complex IT enterprise environment (500 servers). These should include five years of hands-on configuration, administration and troubleshooting experience.
Experience in managing a team of highly specialized cross functional IT specialists.
Experience with cloud security.
Experience with security protection systems, tools and techniques (e.g. firewalls, proxies, IDS) is desired.
Experience with security detection systems, tools and techniques is desired.
Experience in information security methodologies, including threat analysis, vulnerability management and security assessments. is desired.
Experience in managing and overseeing service delivery of Managed Security Service Providers (MSSP) is desired.
Experience in information security forensic concept and tools is desired.
Experience in IT service management (i.e. ITIL), supporting innovation and managing change is desired.
Experience with procedure development, implementation, and compliance is desired.
Experience with ISO 27001 with relevant certifications is desired.
Experience with classified networks, information classification, and confidentiality requirements associated with high security environments is desired.
Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, English, French, Russian and Spanish) is an asset.
Remuneration
The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $84672 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 41997*, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; Other benefits include 6 weeks' annual leave, home leave travel, pension plan and health insurance. More information on the conditions of employment can be found at: https://www.iaea.org/about/employment/professional-staff/conditions
General Information
Evaluation process
Appointment information