Cybersecurity Specialist

Purpose of the Post:

Under the supervision and guidance of the Manager, Information and Communications Technology (ICT) Unit, the purpose of this position is to identify and remediate vulnerabilities related to people, processes, and technology, including but not limited to cybersecurity gaps, audits, risk analysis, and application vulnerability testing. The Cybersecurity Specialist assists in shaping the WHO Regional Office for Europe’s (WHO/Europe) approach to information security. This hands-on role includes addressing related risks, formulating appropriate responses, and safeguarding WHO/Europe’s digital assets. Additionally, the incumbent holds responsibility for the operational elements of ICT security overall.

Objectives of the Programme and of the immediate Strategic Objective:

The objective of the Division of Business Operations (BOS) is to support the work of WHO in the European Region through delivery of services within the areas of human resources, finance, contracting and procurement, legal advice, information & communications technology, printing, security, facilities management, fixed assets, conference support, travel and transport, safeguarding personnel and staff wellness and well-being. As an enabling function, the division enhances the productivity of the health technical programmes and country offices while at the same time overseeing accountability, transparency and compliance with WHO administrative rules and regulations. The BOS division strives to strengthen the capacity of WHO/Europe to react in an agile way to external and internal changes. The division projects are designed to increase productivity, ensure financial sustainability of the region’s structures, reinforce a client-oriented culture, strengthen country office capacities, and drive strategic initiatives to enhance staff motivation and well-being.

The purpose of the Information and Communications Technology (ICT) Unit is to provide and oversee innovative, effective, and value-for-money digital and technology solutions throughout the WHO European Region, including country offices and geographically dispersed offices, as well as to the UN City located in Copenhagen, Denmark. ICT ensures connectivity, quality equipment, digital solutions, data access to and security, and customer support to optimize a digital WHO to deliver its strategic goals (three billion targets). ICT further provides connectivity, communication technology, and client support to staff in the UN City, Copenhagen.

Summary of Assigned Duties:

Under the supervision and guidance of the Manager, Information and Communications Technology (ICT) Unit, the purpose of this position is to identify and remediate vulnerabilities related to people, processes, and technology, including but not limited to cybersecurity gaps, audits, risk analysis, and application vulnerability testing. The Cybersecurity Specialist assists in shaping the WHO Regional Office for Europe’s (WHO/Europe) approach to information security. This hands-on role includes addressing related risks, formulating appropriate responses, and safeguarding WHO/Europe’s digital assets. Additionally, the incumbent holds responsibility for the operational elements of ICT security overall.

Key duties:

1.Protect WHO digital assets from cybersecurity threats. This includes identifying vulnerabilities, implementing corrective and security measures, and proactively monitoring and responding to potential cyber risks.

2.Ensure adherence to cybersecurity policy, roadmap, standards, procedures, and best practices: Follow IMT Cybersecurity Team recommendations and work closely with WHO/Europe ICT Unit teams and technical divisions/units, including country offices and geographically dispersed offices, to ensure that the regional ICT services align with WHO cybersecurity policy, roadmap, standards, procedures, and best practices.

3.Supports in conducting cyber assessments and audits to identify any deviations and assist ICT Unit teams and technical divisions/units in required remediation.

4.Assist with cyber risk assessments: Collaborate with the IMT Cybersecurity Team to support cyber risk assessments for new and existing WHO/Europe services.

5.Vulnerability management: Act as an extension of the IMT Cybersecurity Team to identify potential vulnerabilities and deficiencies not identified by global cybersecurity services. Take a proactive approach to ensure identified vulnerabilities on WHO/Europe IT services are fully remediated. Work with relevant stakeholders to develop and implement effective mitigation plans.

6.Address cybersecurity incidents: Take actions to address and mitigate incidents. Work with the WHO/Europe ICT Unit teams and technical divisions/units, including country offices and geographically dispersed offices, and IMT Cybersecurity Team to investigate the root cause, implement corrective actions, and prevent future cyber incidents. Act as an extension of IMT Cybersecurity Team during incident security and forensic investigations.

7.Perform risk assessment for WHO/Europe’s applications and services.

8.Assist in organizing conducting cybersecurity awareness campaigns in WHO/Europe tailored to the local workforce.

9.Maintain documentation of security guidelines, procedures, standards, and controls.

10.Act as an extension of IMT Cybersecurity Team for projects involving IT solutions and cybersecurity activities as defined in the WHO Cybersecurity Roadmap.

11.Contribute to administrative processes, including budget preparations, work programs, and spending plans for the WHO/Europe ICT Unit.

12. Perform any other related duties, as required.

REQUIRED QUALIFICATIONS:

Education:

Essential: University degree (Bachelor’s level) in Computer Science, IT security, Information Security or other relevant discipline. One or more industry certifications covering IT security such as CISSP, CISM, SSCP, Associate of (ISC)2, CEH, GCIH or equivalent.

Desirable: University degree (Master’s level) any of the above fields. Certificate in ITIL Service Management; internationally recognized Project management certification such as PMI, PMP or PRINCE2.

Experience:

Essential: At least 2 years of IT experience focused on IT security, including cybersecurity-related duties such as incident detection and response, and forensics.

Desirable: Experience in working across multiple time zones. Experience working in an environment where work hours are scheduled shifts corresponding to forecasted activity.

LANGUAGE SKILLS:

Essential: Expert knowledge of English.
Desirable: Intermediate knowledge of French, Russian or German.

WHO Competencies:

1. Teamwork

2. Respecting and promoting individual and cultural differences

3. Communication

4. Producing Results

5. Moving forward in a changing environment

Functional Knowledge and Skills:

Possession of a diverse IT background with demonstrated continued professional development training path.

Advanced knowledge and extensive experience working with various hardware platforms, network protocols and services (SSH, HTTP/S, DNS, SMB, FTP, SMTP, SNMP, TCP/IP, ARP, etc.), various Operating Systems, Identity and Access Management (IAM).

Excellent technical knowledge of mainstream anti-malware solutions, automated policy compliance tools and desktop security tools.

Ability to adapt to rapidly changing technology and apply it to business needs.

Strong analytical and problem solving skills.

Strong team oriented interpersonal skills with a strong ability to interface wide variety of people and teams in a cross functional environment.

Ability to articulate and enforce organization policy. Experience in application behaviour-bases security approach.

REMUNERATION

Remuneration comprises an annual base salary starting at USD 34,402 (subject to mandatory deductions for pension contributions and health insurance, as applicable) and 30 days of annual leave.

ADDITIONAL INFORMATION

• This vacancy notice may be used to fill other similar positions at the same grade level

• Only candidates under serious consideration will be contacted.

• A written test may be used as a form of screening.

• In the event that your candidature is retained for an interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU)/United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link:http://www.whed.net/. Some professional certificates may not appear in the WHED and will require individual review.

• According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible.

• Any appointment/extension of appointment is subject to WHO Staff Regulations, Staff Rules and Manual.

• For information on WHO's operations please visit:http://www.who.int.

• The WHO is committed to creating a diverse and inclusive environment of mutual respect. The WHO recruits and employs staff regardless of disability status, sex, gender identity, sexual orientation, language, race, marital status, religious, cultural, ethnic and socio-economic backgrounds, or any other personal characteristics.
• The WHO is committed to achieving gender parity and geographical diversity in its staff. Women, persons with disabilities, and nationals of unrepresented and underrepresented Member States (https://www.who.int/careers/diversity-equity-and-inclusion) are strongly encouraged to apply for WHO jobs.
• Persons with disabilities can request reasonable accommodations to enable participation in the recruitment process. Requests for reasonable accommodation should be sent through an email to reasonableaccommodation@who.int

• An impeccable record for integrity and professional ethical standards is essential. WHO prides itself on a workforce that adheres to the highest ethical and professional standards and that is committed to put theWHO Values Charterinto practice.

• WHO has zero tolerance towards sexual exploitation and abuse (SEA), sexual harassment and other types of abusive conduct (i.e., discrimination, abuse of authority and harassment). All members of the WHO workforce have a role to play in promoting a safe and respectful workplace and should report to WHO any actual or suspected cases of SEA, sexual harassment and other types of abusive conduct. To ensure that individuals with a substantiated history of SEA, sexual harassment or other types of abusive conduct are not hired by the Organization, WHO will conduct a background verification of final candidates.

• WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.

• WHO also offers wide range of benefits to staff, including parental leave and attractive flexible work arrangements to help promote a healthy work-life balance and to allow all staff members to express and develop their talents fully.

• The statutory retirement age for staff appointments is 65 years. For external applicants, only those who are expected to complete the term of appointment will normally be considered.

• This is a National Professional Officer position. Therefore, only applications from nationals of the country where the duty station is located will be accepted. Applicants who are not nationals of this country will not be considered.

• In case the website does not display properly, please retry by: (i) checking that you have the latest version of the browser installed (Chrome, Edge or Firefox); (ii) clearing your browser history and opening the site in a new browser (not a new tab within the same browser); or (iii) retry accessing the website using Mozilla Firefox browser or using another device. Click the link for detailed guidance on completing job applications:Instructions for candidates