This position is critical to strengthening UNIDO’s operational cybersecurity capacity and ensuring that foundational security measures are in place to support secure, sustainable, and resilient digital transformation.Under the overall guidance of the Chief of COR/DIT, the supervision of the Team Lead, Infrastrucuture, and in close collaboration with the Information Security Officer (COR/RCU) and relevant stakeholders, the Cybersecurity Officer will:
Responsibilities:
Implement and operationalize cybersecurity controls across UNIDO’s systems in accordance with the Information Security Management System (ISMS), administrative issuances, and results from penetration tests and Audits.
Coordinate activities to keep UNIDO Digital Infrastructure up-to-date and secure from cybersecurity threats.
Conduct continuous security monitoring, analyze event logs, and triage alerts from endpoint and network security tools.
Oversee incident response activities including detection, documentation, containment, remediation, and lessons learned reporting.
Manage inventories of digital assets and implementing technical protections across UNIDO’s network, servers, endpoints, and cloud infrastructure.
Conduct vulnerability scans, assess threat intelligence sources, and help coordinate remediation efforts with technical teams.
Organize and contribute to red/blue team exercises and contribute to penetration testing or configuration review processes.
Design and deliver security awareness activities and internal campaigns by preparing materials, publishing intranet content, and contributing to interactive training.
Develop and maintain cybersecurity guidance documents, standard operating procedures, checklists, and user-focused guidance.
Prepare and compile evidence and documentation for audits and compliance reviews; follow up on implementation of corrective actions.
Advise with project teams to ensure that cybersecurity risks are identified and addressed early in system design and deployment.
Research and evaluate emerging cybersecurity tools, methods, and best practices, including in the context of AI-driven threats and secure cloud operations.
Identify and escalate risks, control deficiencies, or observed vulnerabilities and propose improvements to the cybersecurity control environment.
Education:
Advanced university degree in Information Security, Computer Science, Information Technology, or a related field with a cybersecurity specialisation is required.
Work Experience:
A minimum of five (5) years of relevant professional experience, preferably at the international level, involving cyber technology is required.
Hands-on experience in implementing cybersecurity tools and operational security tasks with (e.g. SIEM, IDS/IPS, firewalls, incident response, vulnerability management) is required.
Familiarity with ISO/IEC 27001, NIST Cybersecurity Framework, or similar standards is an asset.
Standing relevant certifications (CISSP, CISM, CEH, CISA, CCSP, GSEC, CRISC) are an asset.
Ability to analyse complex security information and propose effective solutions.
Languages:
Fluency in written and spoken English is required.
Fluency in or working knowledge of other official language(s), of the United Nations is an asset.
