Head, Confidentiality and Information Security (CIS) P-4

PRINCIPAL FUNCTIONS

Under the supervision and guidance of the Head, Office of Confidentiality and Security (OCS), you will be responsible in the performance of the following duties:

1.   Monitoring overall implementation of the OPCW confidentiality regime to ensure compliance with relevant provisions of the Chemical Weapons Convention. Develop and oversee the implementation of Secretariat-wide confidentiality and information security related policies, procedures and working instructions:

• Supervise development of, and internally coordinate within the Secretariat, all policies and procedures intended to be applicable Secretariat-wide to facilitate the work of the Organisation.Ensure the effectiveness of all such guidance documents and help minimise negative impacts on efficiency and that, in general, confidentiality concerns are adequately addressed.

• Assist the Head of OCS in representing the Secretariat at all meetings and informal consultations with Member States in which Confidentiality issues are discussed.Brief and otherwise inform such meetings/consultations as required and, when necessary, provide feedback to the Head of OCS and the Director-General.

• Co-ordinate with Human Resources Branch regarding staff movements and the hiring of new staff to ensure that confidentiality requirements of the CWC are met in a timely manner.

• Supervise the maintenance of Statements of Access to Confidential Information (SACIs), ensuring an accurate, up-to-date SACI is available for all Secretariat staff members to outline the confidential information ‘need-to-know’ requirements for their post.

• Supervise the upkeep of the relevant security and confidentiality policies governing the handling and protection of confidential material, by overseeing the implementation of all specific amendments and the drafting of all new versions of the policies (including OPCW derived material).

• Delineate the policy/procedures used to provide and monitor access to the Secretariat’s Security Critical Areas (SCAs) and Security Critical Network (SCN) in accordance with the OPCW Policy on Confidentiality and the MCP. Implement, update, and run systems to support the controls in place.

• Oversee maintenance of the Confidential Information Access Register (CIAR) and co-ordinate the physical access rights of staff and non-staff to the SCAs with relevant Directors.

• Delineate and review the proper implementation of procedures used to monitor user access on all classified and unclassified systems ensuring procedures are working to control the access rights of individual users in line with the ‘need-to-know’ principle.Assess the validity and volume of classified documents held by staff members against their established ‘need-to-know’ profile.

• Monitor the activities of IT administrators and other support staff within the SCAs and SCN server room to ensure operations are consistent with confidentiality requirements and all relevant standard operating procedures/working instructions.

• Supervise the regular use of log-in applications to monitor access to classified information on any system and follow-up access anomalies and/or questionable access to ensure (possible) breaches of confidentiality procedure are properly documented, reported and managed.

• Oversee the provision of confidentiality-related advice/assistance to all OPCW inspection teams before, during and after the conduct of their inspection activities and advice the Head of OCS of (potential) problem areas that may require review by OCS or the assistance of OPCW senior management.

• Supervise the activities of the Secretary to the Confidentiality Commission, particularly in policy matters and in the drafting and implementation of procedures for the Commission’s use of Permanent Court of Arbitration (PCA) facilities.

2.   Oversees and coordinates all aspects of the OPCW Information & Communications Technology (ICT) security programme, guiding the implementation of all ICT security measures to ensure the preservation of the confidentiality, integrity and availability of OPCW’s information assets:

• Guide the implementation of an Information Security Management System;
• Identify critical situations/sites and functions;

• Develop policy and standards for the resiliency, backup and archiving of the organisations information to ensure its confidentiality, availability and integrity at all times, especially relating to:
  • Software development requirements;
  • Access control & user authentication;
  • Controls & testing procedures;
  • Change/configuration management;
  • System logging;
  • Virus protection, etc.;
  • Business continuity.
• Performing market analysis for new security technology; scanning the information technology market for new products that may enhance the security of OPCW’s ICT systems and programmes

3.   Monitoring the implementation of all security procedures; receiving and investigating (at the direction of the Director-General and Head of OCS) security incident reports, assessing/reporting weak spots in security. 

4.  Performing auditing activities on the Secure Critical Network (SCN); determining the existence of and compliance with relevant policies and procedures and recommending improvements to system security and existing control measures.

5. Implements the OPCW confidentiality training and awareness programme:

• Plan and organise training for all Secretariat staff, subsidiary organs of the OPCW and National Authority personnel on the handling and protection of confidential information.
• Ensure that all Secretariat staff receive Confidentiality and Security Induction training and annual refresher courses, and ensure that specialised training is provided for distinct user groups with varying levels of access to confidential information and security critical computing systems.
• Oversee confidentiality briefings and, as necessary, debriefings for inspection teams and establish liaison with both the Verification and Inspectorate Divisions to immediately address problem areas.
• Represent the Secretariat on issues relating to confidentiality at Confidentiality Commission, Scientific Advisory Board meetings and at national/regional Member States seminars to provide participants a better understanding of confidentiality requirements, as well as the rights and obligations incurred by Member States under the Confidentiality Regime.

6.  Liaise directly with the relevant OPCW Senior Management regarding Information Security Policy within the wider OPCW Information Management Policy Framework.

7.  Liaise directly with the OPCW external Security Audit & Assessment Team (SAAT) to coordinate and plan all ICT audit activities. 

8. Managerial and supervisory activities. Managing the CISS Information Security Officers and Information Security Clerk.

9. Undertake duties as Acting Head of OCS in the absence of Head of OCS.

RECRUITING PROFILE

Education (Qualifications):

Essential:

Advanced university degree in Computer Science, Information Management, Risk Management or similar graduate discipline.  A first level degree with at least 9 years of experience can be excepted in lieu of an advanced degree;

Additional Professional qualification(s) in information security, such as CISSP, CISA, CISM certification, along with strong technical (ICT) security skills and demonstrable experience in the design/implementation of secure IT environments are a must.

Experience: 

Essential: 

At least 7 years of progressively responsible and recent related experience in administration and management of the IT security function in large organizations, including the supervision of all aspects of ICT security operations;

Substantial experience in development and implementation of ICT and information security policies, standards and procedures;

Recent and well-rounded supervisory experience with responsibilities in a classified or sensitive working environment to a level of at least SECRET;

Understanding key concepts of designing and running classified systems including cryptographic assurance, secure thin client architectures and compartmentalisation;

Solid understanding of telecoms related security concepts (endpoint defence, packet switched networks) in a sensitive environment.

Desirable: 

Experience in implementing and/or auditing information security programmes based on ISO 27001/27002 and a detailed knowledge of other IT security standards is highly desirable;

Experience in accreditation and assurance programmes from a national security perspective.

Skills and Abilities (key competencies):

• Demonstrated leadership with a focus to assure business results are achieved through and with people
• Ability to deal with complex issues and interpret procedures and guidelines in order to adapt them to cover complex situations
• Proven ability to work effectively under pressure, displaying sound initiative and good personal judgement
• Proven ability to learn quickly and thoroughly while continually recognizing and adapting to changing conditions is critical
• Ability to deliver training as necessary and to prepare documents of a technical nature
• Excellent communications skills, including the ability to draft and edit professional documents in the English language, are required
• Personal qualities must include tact, discretion, accuracy and the ability to work harmoniously in a multi-national environment
• Ability to translate technical concepts into plain language to enable decision makers make the right decision.
• Advanced computer skills.

Language Requirements:

Fluency in English is essential. A good working knowledge of one of the other official languages (Arabic, Chinese, French, Russian, and Spanish) is desirable.