Information Security Engineer ~ Paradaise Today

The mission of WHO is the attainment by all peoples of the highest possible level of health.
Vacancy Notice No: HQ/15/GMG/FT633 Title: Information Security Engineer Grade: P3 Contract type: Fixed-term Appointment Duration of contract: One year, renewable, subject to satisfactory performance and continuing need for the post.	Date: 17 November 2015 Application Deadline: 4 January 2016 (36 day(s) until closing deadline) Currently accepting applications Duty Station: Geneva, Switzerland Organization unit: HQ/GMG General Management (HQ/GMG) / HQ/ITT Information Technology and Telecommunications (HQ/ITT)

OBJECTIVES OF THE PROGRAMME : The department of Information Technology and Telecommunications has an operational and strategic role. On the one hand, the department provides relevant, quality, reliable, and cost effective IT services in order for the Organization to achieve its health mandate. On the other hand, it aims to be a strategic enabler for WHO by creating partnerships with business units (administrative and health technical), capturing business needs, establishing and managing projects to address these requirements. The work of the department is categorized under the WHO's programme of Corporate services and enabling functions (Category 6) with specific focus on Effective management and administration established across the organization (6.4). The Enterprise Architecture & Security (EAS), and Information Security as part of it is in the centre of excellence within the department, that defines the technology roadmap for infrastructure and applications, develops architectural strategy and design, implements security measures to protect WHO's information assets, manages the network and telecommunication services, and identifies the appropriate and cost-effective technological solutions based on functional requirements for the business.
Description of duties: - Perform security audits, application and infrastructure level vulnerability testing. - Develop solutions to help mitigate security vulnerabilities related to process, people and technology - Conduct research to identify vulnerabilities and their impact, risk analysis, advise on criticality. - Coordinate implementation of critical security updates. - Perform all other related duties as assigned.
REQUIRED QUALIFICATIONS
Education: In the event that your candidature is retained for an interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. Some professional certificates may not appear in the WHED and these will be reviewed individually. Essential A first university degree in Computer Science, Information Technology or related field. Industry certifications covering IT security such as CISSP, SSCP, CEH, or equivalent. Desirable Industry certifications covering IT security such as CISA, CISM, BS7799, ISO 27001:2005. Implementer and ITIL Service Management. For WHO staff please see e-manual III.4.1, para 220.
Skills: - Good technical writing, documentation, and communication skills are required. - Advanced knowledge of ICT security standards, frameworks and best practices. - Knowledge and understanding on the creation/implementation of secure networks, firewalls and intrusion-detection systems. - Understanding common network attacks, attack methods, and network defence architectures. - Defining, developing, and implementing new security components and integrations. - Excellent knowledge of ICT security practices and industry trends, particularly those pertaining to information security. - Proficiency in vulnerability assessments. - In-depth knowledge and understanding of information risk concepts and principles. - Knowledge of and experience in developing and documenting security architecture and plans. - Good understanding of hacking or perimeter breach techniques and able to stay in tune with the changes in this area. - Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation in a cross-functional environment. - In-depth knowledge of risk assessment methods and technologies. - Strong understanding of business applications, including ERP and financial systems. - Excellent technical knowledge of mainstream operating systems (MS Windows) and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools. - Ability to adapt to rapidly changing technology and apply it to business needs. - Strong analytical and problem solving skills. - Strong team oriented interpersonal skills with a strong ability to interface wide variety of people and teams in a cross functional environment. - Essential: MS Office Suite (Word, Excel, Outlook, Powerpoint, etc). MS SharePoint, Cisco network and firewall Checkpoint firewall. WHO Competencies 1. Producing results 2. Moving forward in a changing environment 3. Knowing and managing yourself 4. Fostering integration and teamwork 5. Communicating in a credible and effective way
Experience: Essential A minimum of 5 years of IT experience which at least 2 years at the international level and five years focused on IT security. Hands-on experience with the following: vulnerability scanning, firewall, antivirus & malware analysis, proxy, IDS/IPS, log correlation tools, SIEM, DLP, NAC. Hands-on experience with security vulnerability assessment and incident and patch management. Experience using Microsoft Office and Visio to create documents, presentations, and detailed drawings. Experience in working across geographic and cultural boundaries. Desirable Extensive experience in working across multiple time zones without the need for face to face meetings. Experience in ICT audit, compliance or governance.
Languages: Expert knowledge of English is required. Beginners knowledge of French would be an asset.
Additional Information: This vacancy is published in English only. WHO's salaries are calculated in US dollars. They consist of a base salary and a post adjustment, which reflects the cost of living in a particular duty station and exchange rates. Other benefits include: 30 days annual leave, family allowance, home travel, education grant for dependent children, pension plan and medical insurance. Please visit the following websites for detailed information on working with WHO: http://www.who.int, to learn more about WHO's operations http://icsc.un.org, click on: Quick Links > Salary Scales > by date. Candidates appointed to an international post with WHO are subject to mobility and may be assigned to any activity or duty station of the Organization throughout the world.
Annual salary: (Net of tax) USD 56'766 at single rate USD 60'813 with primary dependants	Post Adjustment: 89.2 % of the above figure(s). This percentage is to be considered as indicative since variations may occur each month either upwards or downwards due to currency exchange rate fluctuations or inflation.

This vacancy notice may be used to fill other similar positions at the same grade level.

A written test and interviews may be used as a form of screening

Online applications are strongly encouraged to enable WHO to store your profile in a permanent database. Please visit WHO's e-Recruitment website at: www.who.int/employment. The system provides instructions for online application procedures.
All applicants are encouraged to apply online as soon as possible after the vacancy has been posted and well before the deadline stated in the vacancy announcement.

WHO is committed to workforce diversity.
Any appointment/extension of appointment is subject to WHO Staff Regulations, Staff Rules and Manual. Only candidates under serious consideration will be contacted.