Philippines: IT Security Officer

Organization: International Organization for Migration
Country: Philippines
Closing date: 13 Mar 2018

Position Title : IT Security Officer

Duty Station : Manila, Philippines

Classification : Professional Staff, Grade P3

Type of Appointment : Fixed term, one year with possibility of extension

Estimated Start Date : As soon as possible

Closing Date : 13 March 2018

Established in 1951, IOM is a Related Organization of the United Nations, and as the leading

UN agency in the field of migration, works closely with governmental, intergovernmental and

non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.

IOM is committed to a diverse and inclusive environment. Applications from qualified female candidates are especially encouraged. For the purpose of the vacancy, the following candidates are considered as first-tier candidates:

1. Internal candidates

2. Qualified applicants from the following NMS countries:

Antigua and Barbuda, Bahamas, Cabo Verde, Djibouti, Fiji, Micronesia (Federated States of), Gabon, Guyana, Iceland, Comoros, Lesotho, Libya, Montenegro, Marshall Islands, Mauritania, Malawi, Namibia, Nauru, Papua New Guinea, Paraguay, Seychelles, Slovenia, Suriname, El Salvador, Swaziland, Timor-Leste, Holy See, Saint Vincent and the Grenadines, Vanuatu, Samoa


This position is based in the Manila Administrative Centre (MAC), headed by the Director of


Information and Communications Technology (ICT) is one of the divisions with its operations delocalized to MAC.

Under the overall supervision of the Chief Global ICT Operations, and under the direct supervision of the Senior Information Security Officer, the successful candidate will be part of the Information Security team.

S/he will be a self-driven individual who has in-depth knowledge of Windows Server architecture with extensive knowledge and experience on Windows Security including design, implementation, and support of core infrastructure systems and applications. S/he should also have a working knowledge of the broader information security field, including the cyber threat environment.

Core Functions / Responsibilities:

  1. Responsible for managing, developing and coaching other information security team members based on the same location.

  2. Responsible for the overall research, design, architecture, and implementation of preventive security controls for Azure, Office365, Active Directory, Group Policy Objects, Windows PKI, Windows 7/8/10 Enterprise, and Server 2012/2016.

  3. Research and implement state-of-the-art protection technologies for the Windows platform, to include Virtualization-Based Security, Code Integrity, Device Guard, Exploit Guard, and JEA/JIA.

  4. Conduct information security assessments of threats and vulnerabilities, determine deviations from acceptable configurations, define the level of risk, and develop and/or recommend and operationalize appropriate mitigation countermeasures.

  5. Serve as a resource cross-functionally to share security insight and best practices with teams across the organization.

  6. Ensure that security is factored into the evaluation, selection, and configuration of hardware, applications, and software.

  7. Asses IT projects from a security perspective to identify risks and propose mitigation actions before project go-live.

  8. Participate in the development of information security strategies, roadmaps, policies and standards and then lead the integration of these guidelines into the IT organization.

  9. Stay abreast of new security technologies and evaluates for continual enhancement, automation, and optimization.

  10. Serve as the information security focal point for the IT organization, assisting in incident response activities and security investigations.

  11. Automate and integrate the core security solutions into a highly effective cyber defense system.

  12. Measure the success of the security solutions with metrics and dashboards, continually improving the effectiveness of the overall security capabilities.

  13. Perform such other duties as may be assigned.

Required Qualifications and Experience:


• Master’s degree in Computer Sciences, Engineering or a related field from an accredited academic institution with five years of relevant professional experience; or

• University degree in the above fields with seven years of relevant professional experience.

• MCSE and CISSP certifications are required.

• Distinguished advantage for any of the following certifications: CISM, SANS, OSCP, CESG, CEH.


• Experience in security engineering for Windows Server operating systems in a large Microsoft

Windows enterprise environment.

• Extensive experience and knowledge of configuration management and server deployment and automation tools with a strong preference towards System Center Technologies (SCCM, SCOM, Orchestrator).

• Experience in network administration and troubleshooting.

• Deep technical knowledge, both architecturally and operationally, of the Windows Server operating system, its security subsystems and application segmentation to enhance security.


Fluency in English is required. Working knowledge of French and/or Spanish an advantage.


IOM offers a salary package based on the United Nations system at the P3 level. Please find below link to the ICSC salary scales for indicative values.

Desirable Competencies:


• Accountability – takes responsibility for action and manages constructive criticisms;

• Client Orientation – works effectively well with client and stakeholders;

• Continuous Learning – promotes continuous learning for self and others;

• Communication – listens and communicates clearly, adapting delivery to the audience;

• Creativity and Initiative – actively seeks new ways of improving programmes or services;

• Leadership and Negotiation – develops effective partnerships with internal and external stakeholders;

• Performance Management – identify ways and implement actions to improve performance of self and others;

• Planning and Organizing – plans work, anticipates risks, and sets goals within area of responsibility;

• Professionalism – displays mastery of subject matter;

• Teamwork – contributes to a collegial team environment; incorporates gender related needs, perspectives, concerns and promotes equal gender participation;

• Technological Awareness – displays awareness of relevant technological solutions;

• Resource Mobilization – works with internal and external stakeholders to meet resource needs of IOM.


Internationally recruited professional staff are required to be mobile.

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

The list of NMS countries above includes all IOM Member States which are non-represented in the Professional Category of staff members. For this staff category, candidates who are nationals of the duty station’s country cannot be considered eligible.

Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, and security clearances.

How to apply:

Interested candidates are invited to submit their applications via PRISM, IOM e-Recruitment system, by 13 March 2018 at the latest, referring to this advertisement.

For further information, please refer to:

In order for an application to be considered valid, IOM only accepts online profiles duly completed.

Only shortlisted candidates will be contacted. You can track the progress of your application on your personal application page in the IOM e-recruitment system.

Posting period:

From 28.02.2018 to 13.03.2018

Requisition: VN 2018/24 (P) – IT Security Officer (P3) – Manila, Philippines (55328712) Released

Posting: Posting NC55328716 (55328716) Released 9;height:2′