Denmark: Chief Information Security Officer (CISO)

Organization: UNOPS
Country: Denmark
Closing date: 13 Jan 2018

Background information – ICT

The UNOPS ICT Unit is part of the Finance Group within UNOPS and is responsible for architecting, designing, delivering, and managing all UNOPS ICT infrastructure and business applications. The ICT function within UNOPS is currently undergoing a transformation from being a service provider to becoming a strategic business partner. This transformation requires addressing several foundational aspects of enterprise IT as well as embedding innovation and harnessing of cutting-edge technology to deliver solutions to UNOPS that truly address business needs as well as provide greater effectiveness, efficiency and differentiation to UNOPS products and services. ICT’s place within the UNOPS Finance Group also enables the transformation by ensuring that IT decisions are made with a strategic focus on costs, benefits, and risks.

We are looking for highly skilled and motivated individuals who will help us position UNOPS ICT as a truly transformative part of UNOPS.

Functional Responsibilities

Under the overall guidance and supervision of the Chief Financial Officer (CFO), the Chief Information Security Officer is accountable for the creation and oversight of the implementation of policies and strategies designed to reduce and mitigate information security risk across the organization as well as to provide advice to the CFO on specific information security matters.
The ideal candidate:
Ensure risk management and mitigation actions as well as compliance requirements to safeguard the organisation against information security risks:

  • Share knowledge and develop training programmes for relevant personnel in performing risk assessment.

  • Coordinate the process of risk assessment.

  • Propose the selection of safeguards and deadlines for safeguards implementation.

  • Develop the list of interested parties related to information security and their requirements.

  • Coordinate all efforts related to personal data protection.

Develop and document information security policies and guidelines, as follows:

  • Draft primary information security documents, such as Information security policy, Classification policy, Access control policy, Acceptable use of assets, Risk assessment and risk treatment methodology, Statement of Applicability, Risk treatment plan, etc.

  • Maintains responsibility for reviewing and continually updating key information security-related policies and guidelines.

  • Propose and monitor improvements in information security.

  • Manage the maintenance and inventory of all key information assets.

  • Propose corrective actions on nonconformities to information security policies and monitor their implementation.

  • Verify if the corrective actions have eliminated the cause of nonconformities.

Report to and advise top management on information security-related areas, as follows:

  • Notify top management about key risks and advise top executives on all information security-related matters.

  • Communicate and be an advocate on the benefits of information security.

  • Propose information security objectives.

  • Report on the results of measuring information security-related risks.

  • Propose security improvements and corrective actions.

  • Report on key requirements of interested parties.

  • Report on the implementation of safeguards and their effectiveness.

Build capacity in, and share knowledge of information security management within the human resources management area:

  • Prepare the employee training and awareness plan for information security.

  • Ensure continuous awareness of information security by awareness raising activities.

  • Develop induction training on security topics for new employees

  • Propose disciplinary actions against employees involved in security breaches

  • Distill knowledge, best practices, and approaches in information-security management for the organization.

  • Maintain, update, and share knowledge of current and best-practice technological developments in information security with designated focal points and networks.

Education/Experience/Language requirements

Education Requirements:

  • Advanced degree in Computer Sciences, Information and Communications Technology or related discipline.
  • A combination of a Bachelor’s degree in Computer Science, Information and Communications Technology or related discipline with 9 years of relevant work experience may be accepted in lieu of the education requirements outlined above.
  • Certified Information Security Manager (CISM) certification or Certified Information Systems Security Professional (CISSP) certification highly desired.

Experience Requirements:

  • A minimum of 7 years of progressively responsible experience in technical and/or managerial roles in information technology and/or information-security management in a large international and/or corporate organization is required.
  • Within these 7 years, a minimum of 4 years’ responsibility in managing information-security systems or programmes of complex organizations in diverse geographic settings is required.
  • Experience in UN system organizations is desirable.

Language Requirements:

  • Full working knowledge of English is essential.
  • Knowledge of another official UNOPS language is an asset.

How to apply:

Click on the link below: