8 December 2017
- 23:59 Central European Time (CET/CEST)
This position is open for secondment only and participating States are kindly reminded that all costs in relation to assignment at the Secretariat must be borne by their authorities.
Candidates should, prior to applying, verify with their respective nominating authority to which extent financial remuneration and/or benefit packages will be offered. Seconded staff members in the OSCE Secretariat and Institutions are not entitled to a Board and Lodging Allowance payable by the Organization.
The Department of Management and Finance is responsible for managing the material and financial resources of the Organization. It provides policy guidance on the management of OSCE financial and material resources and develops and maintains OSCE Financial Regulations and Rules and Financial/Administrative Instructions.
Information and Communications Technology Services (ICTS) ensures efficient, available, and cost-effective management, operation and utilisation of Information Technology (IT) in support of the core business of the OSCE. This comprises activities associated with co-ordination, operation, management, development and implementation of Information and Communications Technology (ICT) supported projects and infrastructure.
Tasks and Responsibilities
*The posts are envisaged for two years with no possibility of further extension.
The Information Security Officer provides technical expertise and support in network and security operation as well as in various information security improvement initiatives as part of the Information Security Improvement Plan. Specifically, the incumbent will be responsible for:
Assisting in the design and implementation of various information security projects, including: Security Architecture Review; Security Incident and Event Management; Managed Security Services; Vulnerability Assessment and Management; Endpoint Protection; Security Event Correlation and Monitoring; Security Awareness and Technical Trainings; Hardware and Software Inventory and Control;
Supporting the creation and implementation of information security policies, standards, procedures and technical designs, including vulnerability management, risk and vulnerability assessment, business impact analysis;
Assisting in the establishment and operation of the Information Security Operations Center;
Monitoring and analysing cyber security events (IDS/IPS, firewall, etc.), event correlation and reporting to the OSCE Security Incident Response Team;
Recognizing potential, successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information as well as conducting root cause analysis of reported problems, resolving and/or implementing permanent fixes and escalating to Management or dispatching issues to external parties;
Working with the Incident Response team for events escalated to incident levels and participating in security incident response;
Performing periodic reviews with respect to effective, efficient and secure use of WAN and Security Systems, ensuring requirements are met and that replacement and upgrades are in place in support of priorities and deadlines;
Identifying and evaluating new systems or re-engineering of the existing systems with regard to suitability and security and assisting in evaluation, selection and procurement of WAN and Security systems hardware and software;
Supporting and providing network and security administration activities, including: supporting and operating the Secretariat’s Wide Area Network (WAN) and Internet/Intranet Security related services and systems, providing 2nd/3rd level support to the Service Desk and assisting in resolving WAN and Internet/Intranet Security System problems and installing, upgrading, configuring, testing, deploying and carrying out repairs on WAN and Security Systems related hardware, software and systems;
Maintaining contacts with product providers and service companies as needed for product updates or troubleshooting;
Performing other related duties and assignments as required.
First-level university degree in computer science or related field;
Relevant information security certificates such as CISSP, CISA, CISM, etc.;
Minimum of six years of relevant professional experience; Information Security Operations Center (SOC) environment experience, at least three years incident monitoring experience;
Demonstrated experience in key security technologies (SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation);
Strong knowledge of security standards and risk management frameworks (e.g. ISO27001, COBIT, etc.);
Experience with technical writing and management reports;
Expertise with special cyber security threats, incidents or APTs would be an asset;
Professional fluency in the English language, both oral and written; working knowledge of German would be desirable;
Demonstrated ability to work within a team including strong customer focus and good interpersonal skills, as well as the ability to establish and maintain effective partnerships and working relations in a multicultural, multi-ethnic environment with sensitivity and respect for diversity, including gender balance.
The OSCE retains the discretion to re-advertise the vacancy, to cancel the recruitment, to offer an appointment at a lower grade or to offer an appointment with a modified job description or for a different duration.
Only shortlisted applicants will be contacted.
Please note that vacancies in the OSCE are open for competition only amongst nationals of participating States, please see http://www.osce.org/states.
The OSCE is committed to diversity and inclusion within its workforce, and encourages the nomination of qualified female and male candidates from all religious, ethnic and social backgrounds.
Please be aware that the OSCE does not request payment at any stage of the application and review process.
Please apply to your relevant authorities several days prior to the deadline expiration to ensure timely processing of your application. Delayed nominations will not be considered.
You can not apply to this vacancy anymore.
Sorry, the application deadline for this vacancy has expired.