Senior Information Security Officer (P)

Job Identification (Reference Number): 15176
Position Title: Senior Information Security Officer
Duty Station City: Valencia
Duty Station Country: Spain
Grade: P-4
Contract Type: Fixed-term (1 year with possibility of extension)
Recruiting Type: Professional
Vacancy Type: Vacancy Notice
Initial duration: 1 year with possibility of extension   
Closing date: 22 June 2025

Introduction:    

Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.

IOM is committed to ensuring a workplace where all employees can thrive professionally, while working towards harnessing the full potential of migration. Read more about IOM's workplace culture at IOM workplace culture | International Organization for Migration

Applications are welcome from first- and second-tier candidates, particularly qualified female candidates as well as applications from the non-represented member countries of IOM. For all IOM vacancies, applications from qualified and eligible first-tier candidates are considered before those of qualified and eligible second-tier candidates in the selection process.                                                                              

For the purpose of this call, the following are considered first-tier candidates:  

1. Internal candidates
2. External female candidates:
3. Candidates from the following non-represented member states:

Antigua and Barbuda, Bahamas, Barbados, Comoros, Congo (the), Cook Islands, Dominica, Federated States of Micronesia, Grenada, Guinea-Bissau, Holy See, Iceland, Israel, Kiribati, Lao People's Democratic Republic, Madagascar, Marshall Islands, Namibia, Nauru, Palau, Saint Kitts and Nevis, Saint Lucia, Samoa, Sao Tome and Principe, Seychelles, Solomon Islands, Suriname, Tonga, Tuvalu, Vanuatu

Second tier candidates include:
All external candidates, except candidates from nonrepresented member states of IOM and female candidates.

Context:

Under the direct supervision of Chief Information Officer (CIO) and in close collaboration with relevant Information and Communications Technology (ICT) Units at Headquarters (HQ) and worldwide ICT Teams, the successful candidate will be responsible for leading the definition and implementation of the Global Cybersecurity Strategy, in the area of Information Security and Risk Management including  application security, data security, threat, vulnerability, risk, and compliance  management.

1. Lead and manage the cybersecurity Blue Team functions, processes and team members.
2. Ensure that the information security and risk management functions, processes, procedures, training sessions, and playbooks are developed, implemented, auditable and repeatable, as well as aligned with business and strategic organizational objectives.
3. Improve the maturity level of data security to the defined higher level, and evaluate and advise on progress, risk monitoring and performance,ensuring the development of Key Performance Indicators (KPI)/metrics.
4. Provide advice and subject matter expertise for the review, consistent implementation and compliance-monitoring of IOM-wide information security policies, operating procedures standards, and guidelines.
5. Lead the response to security audit requests and provide advisory services to ensure the implementation of recommendations (including FISMA/NIST 800-53 controls, ISO 27001).
6. Define and coordinate the implementation of the Global Cybersecurity Strategy, including the formulation of awareness-related activities and delivery of global workshops / webinars.
7. Create security policies and procedures based on ISO27001, NIST 800-53 and Computer Information System (CIS) controls.
8. Conduct complex threat, vulnerability, risk and compliance assessments, audit information security controls, simulate cyber-attacks and data breaches, and provide authoritative advice on cybersecurity governance, risk and compliance practices as well as change management.
9. Lead and manage a variety of cyber security projects, including the management of resources.
10. Carry out complex and/or sensitive investigations and audits. 
11. Provide authoritative advice to queries/requests/tickets related to data security, risks, rotation, access and other information security matters.
12. Provide authoritative advisory services for decision-making activities related to information security topics.
13. Perform such other duties as may be assigned.

Education 

• Master’s degree in computer science, information systems, mathematics, statistics or related field from an accredited academic institution with seven years of relevant professional experience; or
• University degree in the above fields with nine years of relevant professional experience.
• Professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO), Certified Secure Software Lifecycle Professional (CSSLP), Governance, Risk, and Compliance Professional (GRCP), Project Management Professional (PMP), or related will be a distinct advantage in addition to leaders
• Information Technology Infrastructure Library (ITIL) and Prince2 Foundation are added advantages.

Accredited Universities are those listed in the UNESCO World Higher Education Database. 

Experience

• Extensive experience in building a cybersecurity defensive team (BLUE TEAM);
• Extensive experience in building a cybersecurity governance, risk, and compliance practices;
• Extensive experience in creating policies, standards, and guides;
• Extensive experience in all aspects of application / data security (definition, implementation and validation);
• Extensive experience in simulating cyber-attacks and data breaches;
• Experience managing projects and teams; and,
• Experience defining security strategies aligned with business and strategic objectives.

Skills

• Strong interpersonal skills;
• Solid organization and document, project management; 
• Strong investigative skills;
• Strong ability to continue to learn and grow;
• Basic knowledge of reporting tools (e.g., MS Excel, Power BI, Power BI Report Builder);
• Ability to translate technical security vulnerabilities into business risk/impact to applications;
• Demonstrated skill in creating security policies and procedures based on ISO27001, NIST 800-53 and Computer Information System (CIS) controls;
• Strong analytical and problem-solving skills and proactive thinking skills; 
• Able to articulate complex, technical concepts to non-technical audiences; and,
• Strong English oral and written communications skills.

Languages

IOM's official languages are English, French and Spanish. 

For this position fluency in English is required (Oral and Written). Working knowledge of French, Spanish and/or an official UN Language (Arabic, Chinese, and Russian) is an advantage.

Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.

Required Competencies

IOM's competency framework can be found at this link. Competencies will be assessed during the selection process.

Values - all IOM staff members must abide by and demonstrate these five values:

• Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.
• Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
• Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
• Courage: Demonstrates willingness to take a stand on issues of importance.
• Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.

Core Competencies – behavioural indicators Level 3

• Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
• Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
• Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.
• Accountability: Takes ownership for achieving the Organization's priorities and assumes responsibility for own actions and delegated work.
• Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.

Managerial Competencies – behavioural indicators Level 3

• Leadership: Provides a clear sense of direction, leads by example and demonstrates the ability to carry out the Organization's vision. Assists others to realize and develop their leadership and professional potential.
• Empowering others: Creates an enabling environment where staff can contribute their best and develop their potential.
• Building Trust: Promotes shared values and creates an atmosphere of trust and honesty.
• Strategic thinking and vision: Works strategically to realize the Organization's goals and communicates a clear strategic direction.
• Humility: Leads with humility and shows openness to acknowledging own shortcomings.

Notes

Internationally recruited professional staff are required to be mobile.

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

This selection process may be used to staff similar positions in various duty stations. Recommended candidates will remain eligible to be appointed in a similar position for a period of 24 months.

The list of NMS countries above includes all IOM Member States which are non-represented in the Professional Category of staff members. For this staff category, candidates who are nationals of the duty station's country cannot be considered eligible.

Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, security clearances.
IOM has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and IOM, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender, nationality, age, race, sexual orientation, religious or ethnic background or disabilities.

IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.

IOM only accepts duly completed applications submitted through the IOM e-Recruitment system (for internal candidates link here). The online tool also allows candidates to track the status of their application.

For further information and other job postings, you are welcome to visit our website: IOM Careers and Job Vacancies