Information Security Officer*

This position is open for secondment only and participating States are kindly reminded that all costs in relation to assignment at the Secretariat must be borne by their authorities.

Candidates should, prior to applying, verify with their respective nominating authority to which extent financial remuneration and/or benefit packages will be offered.

Seconded staff members in the OSCE Secretariat and Institutions are not entitled to a Board and Lodging Allowance payable by the Organization.

The Department of Management and Finance is responsible for managing the material and financial resources of the Organization. It provides policy guidance on the management of OSCE financial and material resources and develops and maintains OSCE Financial Regulations and Rules and Financial/Administrative Instructions.

Information and Communications Technology Services (ICTS) ensures efficient, available, and cost-effective management, operation and utilisation of Information Technology (IT) in support of the core business of the OSCE. This comprises activities associated with co-ordination, operation, management, development and implementation of Information and Communications Technology (ICT) supported projects and infrastructure.

The Information Security Officer provides technical expertise and support in network and security operation as well as in various information security improvement initiatives as part of the Information Security Improvement Plan. Specifically, he/she:

1. Assists in the design and implementation of various information security projects, including: Security Architecture Review; Security Incident and Event Management; Managed Security Services; Vulnerability Assessment and Management; Endpoint Protection; Security Event Correlation and Monitoring; Security Awareness and Technical Trainings; Hardware and Software Inventory and Control;
2. Supports the creation and implementation of information security policies, standards, procedures and technical designs, including vulnerability management, risk and vulnerability assessment, business impact analysis;
3. Assists in the establishment and operation of the Information Security Operations Center;
4. Monitors and analysis of cyber security events (IDS/IPS, firewall, etc.), event correlation and reporting to the OSCE Security Incident Response Team;
5. Recognizing potential, successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information as well as conducts root cause analysis of reported problems, resolves and/or implements permanent fixes and escalates to Management or dispatches issues to external parties;
6. Working with the Incident Response team for events escalated to incident levels and participates in security incident response;
7. Performs periodic reviews with respect to effective, efficient and secure use of WAN and Security Systems, ensuring requirements are met and that replacement and upgrades are in place in support of priorities and deadlines;
8. Identifies and evaluates new systems or re-engineering of the existing systems with regard to suitability and security and assists in evaluation, selection and procurement of WAN and Security systems hardware and software;
9. Supports and provides network and security administration activities, including: Supporting and operating the Secretariat¿s Wide Area Network (WAN) and Internet/Intranet Security related services and systems,  Providing 2nd /3rd level support to the Service Desk and assists in resolving WAN and Internet/Intranet Security System problems and installs, upgrade, configures, tests deploys and carry out repairs on WAN and Security Systems related hardware, software and systems;
10. Maintains contacts with product providers and service companies as needed for product updates or troubleshooting;
11. Performs other related duties and assignments as required.

• First-level university degree in computer science or related field;
• Relevant information security certificates such as CISSP, CISA, CISM, etc.;
• Minimum of 6 years of relevant professional experience;
• Information Security Operations Center (SOC) environment experience, at least 3 years incident monitoring experience;
• Demonstrated experience in key security technologies (SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation);
• Strong knowledge of security standards and risk management frameworks (e.g. ISO27001, COBIT, etc.);
• Experience with technical writing and management reports;
• Expertise with special cybersecurity threats, incidents or APTs would be an asset;
• Professional fluency in the English language, both oral and written; working knowledge of German would is desirable;
• Demonstrated ability to work within a team including strong customer focus and good interpersonal skills, as well as the ability to establish and maintain effective partnerships and working relations in a multicultural, multi-ethnic environment with sensitivity and respect for diversity, including gender balance.

* The posts are envisaged for two years with no possibility of further extension.

If you wish to apply for this position, please use the OSCE's online application link found under http://www.osce.org/employment.

The OSCE retains the discretion to re-advertise the vacancy, to cancel the recruitment, to offer an appointment at a lower grade or to offer an appointment with a modified job description or for a different duration.

Only shortlisted applicants will be contacted.

Please note that vacancies in the OSCE are open for competition only amongst nationals of participating States, please see http://www.osce.org/states.

The OSCE is committed to diversity and inclusion within its workforce, and encourages the nomination of qualified female and male candidates from all religious, ethnic and social backgrounds.

Please be aware that the OSCE does not request payment at any stage of the application and review process.

Please apply to your relevant authorities several days prior to the deadline expiration to ensure timely processing of your application. Delayed nominations will not be considered.