Associate Digital Security Officer

UNESCO

Learn more about UNESCO's role, vision and results. UNESCO is the United Nations Educational, Scientific and Cultural Organization. Our aim is to promote peace and security through international cooperation.

View all jobs at UNESCO

Parent Sector: Bureau for Digital Business Solutions (DBS)

Duty Station: Paris

Job Family: Computer Sciences / Information Technologies

Type of contract: Fixed Term

Duration of contract: 2 years, renewable

Recruitment open to: Internal and external candidates

Application Deadline (Midnight Paris Time): 20-Mars-2025

UNESCO Core Values: Commitment to the Organization, Integrity, Respect for Diversity, Professionalism.

This post is located within the Bureau of Digital Business Solution (DBS), under the direct supervision of the Head of Digital Security, Archives and Digital Assets Section. The overall objective of the role is to ensure the smooth ongoing operation of cybersecurity activities within UNESCO’s Digital Security team.

The Associate Digital Security Officer will significantly engage and interact with internal and external IT technical teams and cybersecurity specialists. He/she works with the Digital Security Team and provides relevant and contextualized technical information to efficiently respond to incidents, enhance organizational resilience, and improve the cybersecurity posture of the Organization overall. The Associate Digital Security Officer will be a key part of a dynamic team kickstarting a major overhaul of IT infrastructure to support UNESCO’s accelerating digital transformation and move to the cloud.

The work involves a range of assignments related to the development and maintenance of a secure IT infrastructure and digital solutions, with the objective of ensuring reliability, resilience, and compliance to protect UNESCO against external and internal cybersecurity threats.

Long Description

The main responsibilities of the role are as follows:

• Manage Security Operations: Provide smooth and effective information security operations, ensuring the timely evolution of capability and adopting industry best practices; provide regular reporting to the Chief Information Security Officer. Maintain an up-to-date cartography of all resources, equipment, and software ensuring optimum protection and detection against the main threats. Contribute to evaluating new security software, products, and services.
• Supervise security monitoring and manage incident response: Manage the relationship and act as the main contact with the managed security service provider (SOC), ensuring compliance with the contract, and the relevance and responsiveness of the actions performed. In collaboration with the provider, manage information security incident response, investigate, take appropriate corrective actions to prevent future similar security breaches and provide thorough post-event analyses.
• Monitor security policy compliance: Exercise an advice and control function to ensure that UNESCO IT products and services comply with corporate security policies. Conduct regular security audits and risk assessments including developing scripts and solutions to review the security configuration of digital assets, propose and implement appropriate remediation measures to safeguard the information security posture of the Organization. Ensure that all products are configured according to vendor recommendations and best practices from an information security point of view. Monitor patch management frequency and scheduling, advise operational teams.
• Other activities: Keep abreast of and evaluate information security innovation, solutions, trends, and best practices to respond to the continually evolving need to protect the digital assets of the Organization. Support the drafting and implementation of digital security policies aligned to the risk tolerance of the Organization. Advise on digital security-related matters as necessary.

COMPETENCIES (Core / Managerial)

Communication (C), Accountability (C), Innovation (C), Knowledge sharing and continuous improvement (C), Planning and organizing (C), Results focus (C), Teamwork (C), Professionalism (C)

REQUIRED QUALIFICATIONS

Education

• An advanced university degree (master’s or equivalent) in computer sciences, information security, information technology, or a related field.

Work Experience

• At least two (2) years of relevant professional experience and proven capacity in threat analysis and security incident response, of which preferably 1 year acquired at the international level.

Skills and Competencies

• In-depth knowledge and understanding of application security, cloud security (particularly Microsoft Azure), and systems security, as well as security solutions.
• Good knowledge of operating systems, Windows and Linux, as well as networking protocols.
• Broad knowledge of current and emerging technologies, industry trends, and best practices together with demonstrated experience evaluating their strategic value.
• Analytical skills and the ability to effectively troubleshoot and prioritize needs, requirements, and other issues.
• Good communication skills.

Languages

• Excellent knowledge (written and spoken) of English or French and good knowledge of the other language.

DESIRABLE QUALIFICATIONS

Education

• Professional Certifications in CompTIA Sec+, Network+, CEH, or Azure Security Engineer would be an asset.

Work experience

• Experience in an international and cross-cultural setting would be preferable.

Languages

• Knowledge of another official language of UNESCO (Arabic, Chinese, Russian, or Spanish).

BENEFITS AND ENTITLEMENTS

UNESCO’s salaries consist of a basic salary and other benefits which may include if applicable: 30 days annual leave, family allowance, medical insurance, pension plan, etc.

The approximate annual starting salary for this post is 78,717 US $.

For full information on benefits and entitlements, please consult our Guide to Staff Benefits.

SELECTION AND RECRUITMENT PROCESS

Please note that all candidates must complete an online application and provide complete and accurate information. To apply, please visit the UNESCO careers website. No modifications can be made to the application submitted.

The evaluation of candidates is based on the criteria in the vacancy notice, and may include tests and/or assessments, as well as a competency-based interview.

UNESCO uses communication technologies such as video or teleconference, e-mail correspondence, etc. for the assessment and evaluation of candidates.

Please note that only selected candidates will be further contacted and candidates in the final selection step will be subject to reference checks based on the information provided.