AddressDiversity, Equity and Inclusion are core principles at UNDP: we value diversity as an expression of the multiplicity of nations and cultures where we operate, we foster inclusion as a way of ensuring all personnel are empowered to contribute to our mission, and we ensure equity and fairness in all our actions. Taking a ‘leave no one behind’ approach to our diversity efforts means increasing representation of underserved populations. People who identify as belonging to marginalized or excluded populations are strongly encouraged to apply. Learn more about working at UNDP including our values and inspiring stories.
UNDP does not tolerate sexual exploitation and abuse, any kind of harassment, including sexual harassment, and discrimination. All selected candidates will, therefore, undergo rigorous reference and background checks.
The United Nations Development Programme is the global development network of the United Nations system that is on the ground in 177 countries, with its Headquarters in New York, USA. The Bureau for Management Services (BMS) is a central Bureau tasked with the development of corporate strategies, policies, tools and systems in key cross-cutting management areas. Drawing on sound analytics and a risk-management approach, BMS supports the achievement of development results through management advice, innovative business solutions, and other corporate services in line with international best practices and evolving needs and expectations of development partners. BMS also ensures policy adherence in operations management within UN Rules & Regulations, safeguarding UNDP’s accountability vis-à-vis Member States and other stakeholders.
UNDP is an operational backbone to the UN system: providing payroll, financial transactions, common premises, treasury investment, procurement, legal services to UN agencies. UNDP provides IT support for 13 UN entities with 40,000 United Nations and external users of the UNDP’s ERP system, as well as information and communication technology (ICT) and application solutions for the United Nations field presence. To support the UNDP Digital Strategy and enable the digital transformation of the organization, the Office of Information & Technology Management (ITM) is tasked with developing and operating the enabling corporate technology platforms and providing related services that power the digital transformation including: (1) advice, administration and acceleration services to promote delivery of maximum business value of each platform; (2) a global service desk operation; (3) and outreach services to promote knowledge sharing and effective, agile planning and governance of technology development and utilization.
Duties and Responsibilities
Under the overall guidance of the Chief Information Officer (CIO) of the office of Information and Technology Management (ITM), and as part of the management team of the ITM, the Chief - Cyber security is responsible for managing UNDP`s information security risks, IT business continuity and IT disaster recovery plans . As organizations face increasingly sophisticated cyberattacks, the unit enables UNDP's cybersecurity protection, both in terms of human resources and systems. This involves scanning systems for potential risks, adopting innovative solutions to protect IT applications and data as well as training employees to adopt safe cybersecurity practices. In addition, the unit is responsible to assess and test business continuity and disaster recovery plans.
UNDP adopts a portfolio approach to accommodate changing business needs and leverage linkages across interventions to achieve its strategic goals. Therefore, UNDP personnel are expected to work across units, functions, teams, and projects in multidisciplinary teams in order to enhance and enable horizontal collaboration.
- Lead and supervise the Cyber Security Services unit, fostering team motivation, recruitment, performance evaluation, and training plan development.
- Develop, manage, and report on key performance indicators (KPIs) to ensure operational excellence, to maintain program efficiency, facilitate resource allocation, and elevate security program maturity.
- Drive continuous improvement in incident management processes, integrating with IT operations for seamless functionality.
- Coordinate the development of knowledge management sessions and processes to optimize IT platform utilization across the organization.
- Strategically design and oversee enterprise information security program to safeguard data integrity, confidentiality, and availability while ensuring compliance with regulations and policies to mitigate risks and audit findings effectively.
- Effectively communicate Cyber Security risks and mitigation strategies to senior management, providing expert guidance for IT projects, evaluating and recommending technical controls.
2) Ensure implementation of Risk Management strategies and ICT standards:
- Create and facilitate the information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings.
- Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regards to information classification and protection.
- Coordinate information security and risk management projects with staff from the IT organization and business unit teams.
- Develop, communicate and ensure compliance with organizational Cyber Security policies and standards.
- Create and manage information security and risk management awareness training programs and fraud awareness programme for all employees, contractors and approved system users.
- Provide subject matter expertise to executive management on a broad range of Cyber Security standards and best practices, such as ISO 27000, CobiT and ITIL.
3) Ensure implementation ofIncident Prevention measures:
- Manage security incidents and events to protect corporate IT assets, including intellectual property, data, operability of corporate systems, fixed assets and the company's reputation.
- In case of an Incident, the unit will be responsible for coordinating efforts within the organization to restore critical systems and provide facilities needed by the organization to function.
- Ensure security incidents and related ethical issues are referred to OAI for review and resolution without further disrupting operations, and are conducted in a fair, objective manner in alignment with UNDP values and code of business conduct and in full consultation with OAI and LSO as the situation might warrant.
4) Ensure Business Continuity, Disaster Recovery and Organization Preparedness:
- Develop effective disaster recovery policies and standards; coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a declared disaster and provide direction and in-house consulting in these areas.
- Coordinate with internal and external resources to ensure provisions for business continuity and recovery from potential incidents have been addressed.
- Manage Cyber Security incidents and events to protect corporate IT assets, including data, operability of corporate systems, Intellectual property, fixed assets and the company's reputation.
- In case of an incident of cyber-attack or catastrophe, the unit will be responsible for coordinating efforts within the organization to restore critical systems and provide facilities needed by the organization to function.
5) Ensure Corporate Compliance and Relations Coordination:
- Liaise between the Cyber Security team and corporate compliance, audit, legal and HR management teams as required.
- Coordinate the use of external resources involved in the Cyber Security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
- Facilitate business alignment and communications by forming an information security steering committee or advisory board.
- Steer the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
The incumbent performs other duties within their functional profile as deemed necessary for the efficient functioning of the Office and the Organization
Supervisory/Managerial Responsibilities: Manage and supervise two direct reports
Core: Full list of UNDP Core Competencies can be found here
- Achieve Results - LEVEL 4: Prioritize team workflow, mobilize resources, drive scalable results/strategic impact
- Think Innovatively - LEVEL 4: Easily navigate complexity, encourage/enable radical innovation, has foresight
- Learn Continuously - LEVEL 4: Create systems and processes that enable learning and development for all
- Adapt with Agility -LEVEL 4: Proactively initiate/lead organizational change, champion new systems/processes
- Act with Determination - LEVEL 4: Able to make difficult decisions in challenging situations, inspire confidence
- Engage and Partner - LEVEL 4: Construct strategic multi-partner alliances in high stake situations, foster co-creation
- Enable Diversity and Inclusion - LEVEL 4: Create ethical culture, identify/address barriers to inclusion
UNDP People Management Competencies can be found in the dedicated site.
Cross-Functional & Technical competencies
Information Management & Technology -IT Security Management
- Knowledge of Cyber Security technologies,
processes, techniques and tools. Apply practical
innovations to solve cybersecurity problems.
Capability to keep UNDP systems and data safe.
Knowledge of ISO 27001 principles. CSSIP, CSIM,
CISA or equivalent certification desirable
Digital & Innovation - Digital thought leadership
- Ongoing research into emerging technologies and digital trends and the applications, risks, and opportunities associated with digital adoption, combined with the ability to communicate this synthesis with a broad audience.
Information Management & Technology - Information and Technology Strategy - Portfolio management and governance
- Knowledge of developing and implementing ICT strategy, portfolio and project management services, governance, and policies. Knowledge of project management principle. PMP or PRINCE2 certification of equivalent desirable.
Security Services - Security risk management
- Ability to assess threats and risks, identify and oversee implementation of mitigation measures, including ability to design and test security plans
Digital & Innovation - Data privacy and digital ethics
- Knowledge of ethical usage of digital technology (e.g. AI, robotics, automation) and data. Ability to assess ethical implications when using, combining or sharing data, when building or implementing AI systems, and when advising on robotization and automation etc.
- Ability to design privacy protocols to ensure data is protected and used for legitimate purposes without unnecessary privacy risks.
Business Direction and Strategy - System Thinking
- Ability to use objective problem analysis and judgement to understand how interrelated elements coexist within an overall process or system, and to consider how altering one element can impact on other parts of the system
Business Management - Portfolio Management
- Ability to select, prioritise and control the organizations programmes and projects, in line with its strategic objectives and capacity; ability to balance the implementation of change initiatives and the maintenance of business-as-usual, while optimising return on investment
Education:
- Advanced university degree (Master’s degree or equivalent) in Information Systems, Computer Science, Law, Business Administration, Accounting and Finance, Security Management, Information Systems Management, Criminal Justice or related field is required; OR
- A first-level university degree (Bachelor’s degree) in the above-mentioned fields of study, in combination with an additional two years of qualifying experience will be given due consideration in lieu of the advanced university degree.
- Minimum 10 years (with Master’s degree) or 12 years (with Bachelor’s degree) of professional work experience in private sector corporate Cyber security or a related public sector organization with increasing levels of management responsibility is required.
- Additional professional qualification(s) in information security, such as CISSP, CISA, CISM certification, along with strong technical (ICT) security skills and demonstrable experience in the design/Implementation of secure IT environments are a must.
- Experienced in implementing and/or auditing information security programmes based on ISO 27000 or other IT security standards is highly desirable.
- At least 7 years of direct experience in a significant leadership role is desired.
- Demonstrated experience and exposure in the international IT security arena dealing with security-related issues is desired.
- Experience in COBIT and ITIL will be considered as an asset.
- Fluency in English is required.
- Fluency in other UN official language is desired.
Disclaimer Important information for US Permanent Residents ('Green Card' holders) Under US immigration law, acceptance of a staff position with UNDP, an international organization, may have significant implications for US Permanent Residents. UNDP advises applicants for all professional level posts that they must relinquish their US Permanent Resident status and accept a G-4 visa, or have submitted a valid application for US citizenship prior to commencement of employment. UNDP is not in a position to provide advice or assistance on applying for US citizenship and therefore applicants are advised to seek the advice of competent immigration lawyers regarding any applications.
Applicant information about UNDP rosters Note: UNDP reserves the right to select one or more candidates from this vacancy announcement. We may also retain applications and consider candidates applying to this post for other similar positions with UNDP at the same grade level and with similar job description, experience and educational requirements.
Non-discrimination UNDP has a zero-tolerance policy towards sexual exploitation and misconduct, sexual harassment, and abuse of authority. All selected candidates will, therefore, undergo rigorous reference and background checks, and will be expected to adhere to these standards and principles. UNDP is an equal opportunity and inclusive employer that does not discriminate based on race, sex, gender identity, religion, nationality, ethnic origin, sexual orientation, disability, pregnancy, age, language, social origin or other status.
Scam warning The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.
