| | | Post Level : | P-3 | Closing Date : 12 June 2018 (6 days left) | | Vacancy Ref : | E-ODG/OCS/ISO/F0180/P-3/23/04-18 | | Branch : | Office of Confidentiality and Security | | Division : | Office of the Director-General | | Date : | 14 May 2018 | | | | | | | | Principal Functions | Requirements | Under the supervision of the Head, Information Security (Confidentiality and Information Security), and in accordance with the OPCW Core Values of Integrity, Professionalism and Respect for Diversity/Gender Equality, the incumbent performs the following duties:
1. Development and Maintain the Business Continuity Plan for the Organisation.
· Carry out a Business Impact Analysis for the Organisation through engagement with all relevant stakeholders;
· Develop and maintain a high-level Business Continuity Plan (BCP) for the Organisation;
· Develop policy and guidance to ensure that subsidiary BCPs can be developed within Divisions, Branches and Sections;
· Coordinate the regular testing and execution of BCPs.
2. Develop and oversee the implementation of confidentiality-related policies, procedures and working instructions affecting all staff members throughout the Secretariat.
Assist the Head of Information Security in developing and internally coordinating all policies and procedures intended to be applicable Secretariat-wide to facilitate the work of the Organisation;
Participate in meetings and informal consultations with Member States in which Confidentiality issues are discussed. As requested by the Head of OCS or the Head of Section, brief and otherwise inform such meetings/consultations on specific confidentiality-related issues;
Co-ordinate with staff members of other branches/units to ensure that confidentiality requirements of the CWC are met during the daily operations of the Secretariat;
Draft all amendments to the Manual of Confidentiality Procedure (MCP), the Secretariat’s primary document
governing the handling and protection of confidential material, and create new versions of the document as required;
Regularly monitor access to confidential information on the SCN and follow-up access anomalies and/or questionable access to ensure (possible) breaches of confidentiality procedure are properly documented and reported to the Head of Section;
Provide confidentiality-related advice/assistance to OPCW inspection teams as necessary during the inspection process and advise the Head of Section of recurring problem areas that may require additional guidance and/or training to be provided;
Serve as Secretary to the Confidentiality Commission providing all necessary assistance to the Chairman and Vice Chairs of the Commission during preparations for, conduct, and follow-up to annual or special meetings of the Commission;
Regularly liaise with the Information Security (ICT) Section to coordinate prospective changes to the SCN and/or other IT networks used by the Secretariat and report potentially adverse impacts of such changes to the Head of Section.
3. As directed by the Head of Section, provide advice on security controls and conduct monitoring of the implemented technical measures to ensure appropriate protection of unclassified but sensitive information (for example, medical, personally identifiable and financial information).
4. Assist the Head of Section and contribute to the drafting of the Director General's “Annual Report on the Implementation of the Regime Governing Confidentiality” to the Conference of States Parties and any other report requiring input from the OCS Confidentiality Section.
5. Serve as Acting Head of Confidentiality and Information Security (in all cases of absence of the Head of Section).
6. Perform other duties as required.
|
Knowledge and Skills | Education (Qualifications):
Essential:
· Advanced university degree in security management, risk management, or information systems with specialisation in information security. A first level university degree in combination with qualifying experience (minimum 7 years) may be accepted in lieu of an advanced university degree;
· Completion of formal government or military security officer and/or security management training and related knowledge of non-IT information security handling procedures measures and controls.
Required Certification:
· Certification in Business Continuity or Management of Safety Critical Systems is required (CBCI, ISEB Practitioner, BS25999/ISO22301 Lead Implementer/Lead Auditor, IEC 61508 Functional Safety Professional or equivalent)
· Certification in a field/regulatory area where security controls are used to protect sensitive information would be advantageous e.g. HIPAA, EU Data Protection Directive/GDPR, PCI-DSS.
Skills and Abilities:
· Excellent knowledge of information security management and risk evaluation/assessment;
· Excellent analytical and conceptualisation skills and an ability to plan and organise complicated processes;
· Excellent inter-personal, interview and negotiation skills;
· Excellent communication skills, with a demonstrated ability to present information clearly and logically both verbally and in writing;
· Strong computer skills and a demonstrated ability to draft, edit and present documents/papers in the English language;
· Ability to act with discretion and tact in sensitive situations;
· Experience as a security auditor would be beneficial; Experience in the implementation of recognised privacy standards/ regulatory requirements would be an asset.
· Experience in the use and monitoring of Host Data Loss Prevention systems.
· Experience in the implementation and monitoring of automated data-labelling/classification systems.
· Ability to work well in a team with people of different national/cultural backgrounds.
| | Experience | Experience:
Essential:
· At least 5 years of progressively responsible experience (7 years with first university degree) in the area of confidentiality/information security management in a national and/or international setting;
· Experience in performing Business Continuity Management or production and maintenance of Safety Cases in corporate, governmental/military or critical national infrastructure environments.
· Experience in assisting with the development and implementation of guidelines for use in managing operations in secure environments, particularly in relation to the handling of confidential and sensitive electronic information and, to a greater degree, hardcopy materials;
· Experience in assisting in the conduct of security investigations and risk assessments;
· Experience in organising and conducting confidentiality/information security training programmes.
Desirable:
· Experience as a security auditor would be beneficial. | | Languages | | Fluency in English is essential and a good working knowledge of one of the other official languages (Arabic, Chinese, French, Russian, and Spanish) is desirable. | | | | | | | | | Annual Salary | $59,151 | | Post Adjustment | $24,665 | | Total Salary | $83,816 | | Currency USD | USD | | | | | | |
