Organisation for the Prohibition of Chemical Weapons vacancy search engine

Information Security Officer (P-3)


COMPLETE OUTLINE

PRINCIPAL FUNCTIONS

Under the general supervision of the Head Confidentiality and Information Security Section, the Information Security Officer is responsible for the following:

Coordinate all aspects of the OPCW information security programme with daily management and implementation of information and ICT security measures to ensure the preservation of the confidentiality, integrity and availability of OPCW’s information.

  • Serve as an information security focal point at the detailed technical level for all information security related programmes and projects and advises the Head Confidentiality and Information Security on all information security related matters.
  • Ensure compliance with the organisational and relevant industry standards (i.e., ISO 27001) is maintained for all ICT, data systems and assets.
  • Develop and maintain information security related policies, procedures, standards, and guidelines for secure ICT to support the mandate of the OPCW by maintaining an adequate balance between effective confidentiality and information security controls and an efficient and unimpeded discharge of the OPCW’s tasks.
  • Communicate and enforce information security policies, procedures, standards, and guidelines to all personnel and relevant stakeholders.
  • Conduct and review security audits of ICT service providers, to include the full supply chain, in accordance with the relevant contractual agreements.
  • Perform routine security monitoring of all networks (internet connected and non-internet connected), to include identification of critical functions and vulnerabilities in accordance with relevant policies and procedures.
  • Collaborate with staff members of other branches/units and relevant stakeholders to provide guidance on confidentiality and information security requirements to ensure the Organisation is compliant with the security standards.
  • Monitor user access across all networks ensuring access to confidential and sensitive information is in line with that authorised within the framework of relevant policies and procedures.
  • Ensure ICT assets are managed and monitored for performance to ensure effective security measures are in place.
  • Participate in activities related to changes to the organisation, business processes, information process facilities and systems to ensure internal controls are in place.

    Perform security risk assessments to identify vulnerabilities and related risks to the organisation, to recommend, develop and implement security controls and measures that reduce the risks to an acceptable level and to prioritise tasks and activities in accordance with the identified risks and risk levels.

  • Identify, analyse, evaluate, and mitigate risks to ICT and data systems in close coordination with relevant stakeholders;
  • Perform regular assessments of the OPCW infrastructure to identify potential vulnerabilities, prioritising and categorizing the risks, and developing implementation plans to remediate or mitigate them;
  • Maintain currency with emerging information security threats, standards, products, techniques, and technologies;
  • Stay abreast of market standards and development of new technologies to advise the Head of Section on relevant and applicable information security controls and measures.

    Contribute to the maintenance of a strong information security resilience strategy. 

  • Participate in security investigations and events related to ICT, data systems, networks, and devices and assist in maintaining the divisional and organisational Business Continuity Plan (BCP);
  • As authorised and under the direction of management, handle coordinated incident response, digital forensics, and authorised investigation efforts through close collaboration with business units and relevant stakeholders;
  • Ensure resilience strategies are implemented on all ICT and data systems and applications;
  • Prepare briefings and presentations to communicate the possible impact of information security incidents to senior management;
  • Plan and perform routine vulnerability and security testing activities (i.e., pen-testing, compliance audits, table-top exercises, etc.) on ICT and data systems and applications. Where appropriate, liaise with external vendors for security testing.

    Conduct preliminary enquiries into (alleged) breaches of confidentiality and security incidents and/or violations of confidentiality procedures.

  • Report all violations of the Confidentiality Regime to the Head of Section and advice on the conduct of respective enquiries and investigations;
  • Advise/assist staff members on the proper reporting of (potential) breaches of confidentiality and/or security incidents and, as/when necessary, ensure such breaches/incidents are highlighted to the Head of Section and Head of OCS as soon as practically possible;
  • Assist in the collection of information pertaining to specific (potential) beaches of confidentiality or security incidents as part of the preliminary enquiry process;
  • Assist in conducting the full investigation of confidentiality incidents and other security incidents when authorised/directed by the Director-General.

Contribute to the confidentiality and information security education and awareness programme by developing relevant curriculum, delivery of training to relevant stakeholders, and providing briefings to address specific information security-related topics.

Contribute to data collection to be used to inform senior leadership about the information security posture of the organisation as well as to assist with measuring effectiveness of the information security programme at the Organisation.

Assist the Head of Section and contribute to the drafting of the Director General's “Annual Report on the Implementation of the Regime Governing Confidentiality” to the Conference of States Parties and any other report requiring input from the OCS Confidentiality and Information Security Section.

Serve as Acting Head, Confidentiality and Information Security when required.

Perform other duties as required.

 

 Education (Qualifications):

  • Essential: 

    • Advanced university degree in information security or related field;
    • A first level university degree in any relevant subjects in combination with qualifying experience (minimum 7 years) may be accepted in lieu of the specified university degree.

    Required Certification: 

  • Relevant industry certifications (e.g., CISSP, CISM, CCSP, etc.)

Desirable Certification: 

  • CRISC, GIAC, Vendor certifications, network administration, etc.

     

  Experience: 

  Essential:

At least 5 years of relevant working experience in the information security profession (minimum 7 years with a first level university degree) with significant experience in      information security implementation, to include practical experience in:

  • Designing ICT security solutions;
  • Experience in incident monitoring and security investigations;
  • Experience in assisting and conducting of security risk assessments;
  • Experience in advising on and testing of security of ICT environments;
  • Firewall administration and monitoring;
  • Experience in the supervision of operations within secure environments and information processing systems;

Desirable:

  • Experience with certificate authority management, Microsoft Office 365 Security, Cloud security, and digital forensics;
  • Experience in an international organisation.

Skills and Abilities (key competencies):

  • Knowledge of information security principles and best practices;
  • Knowledge of industry standards and frameworks (e.g., NIST, ISO 27001, etc.)
  • Experience in the development and drafting of information security-related policies.
  • Hands on experience in using information security tools and technologies (e.g., SIEM, IDS/IPS, antivirus, firewalls, etc.);
  • Excellent analytical and conceptualisation skills and an ability to plan and organise complicated processes;
  • Excellent inter-personal, interview and negotiation skills;
  • Excellent communication skills, with a demonstrated ability to present information clearly and logically both verbally and in writing;
  • Demonstrated ability to draft, edit and present documents/papers in the English language.
  • Ability to act with discretion and tact in sensitive situations;
  • Ability to work well in a team with people of different national/cultural backgrounds.

  Other Skills:

  • Diplomacy and demonstrated ability to work in an international organisation with diverse cultures.

Language Requirements:  Fluency in English is essential and a good working knowledge of one of the other official languages (Arabic, Chinese, French, Russian, and Spanish) or Dutch is desirable.