Associate Digital Security Officer

OVERVIEW
**Post Number**: DBS 194
**Grade**: P-2
**Parent Sector**: Bureau for Digital Business Solutions (DBS)
**Duty Station**: Paris
**Job Family**: Computer Sciences / Information Technologies
**Type of contract**: Fixed Term
**Duration of contract**: 2 years, renewable
**Application Deadline (Midnight Paris Time)**: 20-Mars-2025
**UNESCO Core Values**: Commitment to the Organization, Integrity, Respect for Diversity, Professionalism
OVERVIEW OF THE FUNCTIONS OF THE POST
This post is located within the Bureau of Digital Business Solution (DBS), under the direct supervision of the Head of Digital Security, Archives and Digital Assets Section. The overall objective of the role is to ensure the smooth ongoing operation of cybersecurity activities within UNESCO’s Digital Security team.
The Associate Digital Security Officer will significantly engage and interact with internal and external IT technical teams and cybersecurity specialists. He/she works with the Digital Security Team and provides relevant and contextualized technical information to efficiently respond to incident, enhance organizational’ s resilience, and improve the cybersecurity posture of the Organization overall. The Associate Digital Security Officer will be a key part of a dynamic team kickstarting a major overhaul of IT infrastructure to support UNESCO’s accelerating digital transformation and move to the cloud.
The work involves a range of assignments related to the development and maintenance a secure IT infrastructure and digital solutions, with the objective of ensuring reliability, resilience and compliance to protect UNESCO against external and internal cybersecurity threats.
Long Description
**The main responsibilities of the role are as follows**:
**Manage Security Operations**: Provide smooth and effective information security operations, ensuring the timely evolution of capability and adopting industry best practices; provide regular reporting to the Chief Information Security Officer. Maintain an up-to-date cartography of all resources, equipment and software ensuring optimum protection and detection against the main threats. Contribute to evaluating new security software, products, and services.
**Supervise security monitoring and manage incident response**: Manage the relationship and act as the main contact with the managed security service provider (SOC), ensuring compliance with the contract, and the relevance and responsiveness of the actions performed. In collaboration with the provider, manage information security incident response, investigate, take appropriate corrective actions to prevent future similar security breaches and provide thorough post-event analyses.
**Monitor security policy compliance**: Exercise an advice and control function to ensure that UNESCO IT products and services comply with corporate security policies. Conduct regular security audits and risk assessments including developing scripts and solutions to review the security configuration of digital assets, propose and implement appropriate remediation measures to safeguard the information security posture of the Organization. Ensure that all products are configured according to vendors recommendations and best practices from an information security point of view. Monitor patch management frequency and scheduling, advise operational teams.
**Other activites, for example**: Keep abreast of and evaluate information security innovation, solutions, trends and Best Practices to respond to the continually evolving need to protect the digital assets of the Organization.
Support the drafting and implementation of digital security policies aligned to the risk tolerance of the Organization. Advise on digital security related matters as necessary.
COMPETENCIES (Core / Managerial) Communication (C) Accountability (C) Innovation (C) Knowledge sharing and continuous improvement (C) Planning and organizing (C) Results focus (C) Teamwork (C) Professionalism (C) - For detailed information, please consult the UNESCO Competency Framework.
REQUIRED QUALIFICATIONS
Education
An advanced university degree (master’s or equivalent) in computer sciences, information security, information technology or a related field.
Work Experience
At least two (2) years of relevant professional experience and proven capacity in threat analysis and security incident response, of which preferably 1 year acquired at international level.
Skills and Competencies
Good knowledge of operating systems, Windows and Linux, as well as networking protocols.
Broad knowledge of current and emerging technologies, industry trends and best practices together with demonstrated experience evaluating their strategic value.
Analytical skills and the ability to effectively troubleshoot and prioritize needs, requirements and other issues.
Good communication skills.
Languages
Excellent knowledge (written and spoken) of English or French and good knowledge of the other language.
DESIRABLE QUALIFICATIONS
Educati