Head, Information Security Section

Security and Information Assurance Division, Administration, Finance and Management Sector Grade - P5 Contract Duration - 2 years * Duty Station : CH-Geneva Publication Date : 22-Jan-2025 Application Deadline : 18-Feb-2025, 4:59:00 PM

IMPORTANT NOTICE REGARDING APPLICATION DEADLINE: please note that the deadline for applications is indicated in local time as per the time zone of the applicants location.

1. Organizational Context

a. Organizational Setting The post is located in the Information Security Section of the Security and Information Assurance Division. This Division is responsible for the management of all aspects of WIPOs information and physical security and safety and ensures that appropriate policies and procedures are in place and effective measures and controls are established to assess and mitigate threats/risks to the Organization. In particular, the Division defines the controls for the implementation of information security instruments and monitors if adequate assurance is maintained over WIPOs information assets. The Division also provides professional safety and security services for WIPO staff, its delegates and visitors and ensures the protection of the Organizations facilities and assets. Appropriate balance of the roles between “service” and “control” is the key for its success in enabling and sustaining WIPOs operations in an environment with increasing demands for openness and connectivity on the one hand and rapidly evolving information security risks on the other hand. b. Purpose Statement The incumbent as Head of the Information Security Section is responsible for ensuring the security of information owned by and entrusted to WIPO and for safeguarding WIPOs information systems while enabling their most efficient use. c. Reporting Lines The incumbent works under the supervision of the Chief Security Officer. d. Work Relations The incumbent works closely with senior officials throughout the organization as well as with external entities, including partner institutions, law enforcement, vendors and service providers and, on occasion, WIPO Member State representatives.

2. Duties and Responsibilities

The incumbent will perform the following principal duties: a. Lead, plan and control the Sections work, determining priorities and allocating resources for the completion and timely and quality delivery of work products in accordance with results-based management principles; provide input to the Divisions program and budget, develop annual work plans for the Section and manage the implementation within time, cost and quality objectives. b. Manage the staff of the Section, including consultants and other external resources, and supervise their work; provide regular feedback on performance and ensure timely finalization of performance evaluation exercises; cultivate good cooperation and teamwork amongst colleagues within and outside the Section; recognize the value of diversity in building effective teams for complex domains such as cybersecurity; lead the team with an inclusive approach that leverages diverse perspectives, and ensure WIPOs security infrastructure remains accessible and usable for persons with disabilities. c. Build and manage relationships with internal and external stakeholders, including Member States, to influence information assurance strategies, manage expectations, and rally support for information security initiatives. d. Provide expert input for the formulation and implementation of information assurance strategies and policies in response to evolving business needs, information risks and threats; develop and manage implementation of supporting policies, standards, and procedures. Communicate and report on information security risk and compliance metrics to management and governance groups. e. Manage the information systems security operations, including selection and management of security solutions; management of security events, threat intelligence, vulnerabilities and timely mitigations. Lead coordinated incident response, digital forensics, and authorized investigation efforts through intelligence backed decisions and close collaboration with internal business units and external partners. f. Manage and lead a Computer Security Incident Response Team (CSIRT) in the event of a true positive information security incident. g. Manage the ongoing assessment and treatment of information security risks of external service providers and information systems throughout the system development lifecycle. Manage a continuous compliance program including maintenance of relevant industry information security certifications. h. Manage the implementation of an annual information security awareness program and ensure WIPO staff receive relevant and up-to-date awareness and training on information security. i. Provide expert advice to the architecture, design and implementation of logical controls via control systems, processes and procedures to prevent unauthorized access, disclosure, manipulations, or destruction of WIPO information or information systems, and ensure that such controls and systems are accessible. j. Track industry trends in information security and evolving information security threats, inform and educate management and staff at large as appropriate, and implement measures to continuously improve WIPOs security posture in light of these trends and threats. k. Perform other related duties as required.

3. Requirements

Education (Essential) Advanced university degree in Computer Science, Information Technology, Information Management or related discipline. A first-level university degree plus two years of relevant professional experience in addition to the experience requested below may be accepted in lieu of an advanced university degree. Certification in information security such as CISSP, or CISM. Education (Desirable) Certification in Incident Handling or Incident Response (GCIH or GCFA). Certification in Business Relationship Management (BRMP or similar). Certification in SABSA Security Architecture (SCF or better). Certification in project management, on well recognized project management methodologies. Experience (Essential) At least ten years of professional experience in information security, information assurance and information risk management including at least three years of managerial experience in managing medium to large information assurance programs. Experience in managing information systems security in comparable enterprise environments that routinely process highly sensitive information and that require advanced measures in securing related information systems. Experience in managing projects under internationally well recognized project management methodologies. Experience in leading diverse teams with an inclusive approach, ensuring that cybersecurity solutions and processes leverage diverse perspectives and remain accessible and usable for persons with disabilities. Experience in the development and implementation of Information assurance strategies and policies. Language (Essential) Excellent written and spoken knowledge of English. Language (Desirable) Knowledge of other UN official languages. Job Related Competencies (Essential) Excellent understanding of the technologies and practices related to information systems controls, such as firewalls, network, directory services, cryptograph and key/certificate management, secured software life-cycle management, etc. and their relationships to achieve optimal controls. Excellent insight of trends and technologies related to information security risks and threats, and their business implications. Excellent understanding of pertinent international practices, such as ISO 27001, with proven experience in implementing and using such practices for managing information security risks. Good organizational and interpersonal skills to influence others for shared vision and positive results with or without the line of command. Excellent written and verbal communication skills and the ability to communicate security-related concepts to a broad range of technical and non-technical staff and stakeholders, including Member States. Ability to build and manage diverse team(s), fostering an inclusive team culture that values diversity, ensuring that cybersecurity strategies address the needs of all users, including persons with disabilities Analytical and problem-solving skills. Sound judgment and decision-making skills with the ability to make quick decisions in emergencies and to remain calm in stressful situations. Excellent communication and interpersonal skills and ability to establish and maintain effective partnerships and working relations in an international environment with sensitivity and respect for diversity. Functional knowledge of at least one of the big three (AWS, Azure, Google) public cloud environments and their associated security control architectures and tools, to support the organization in its go to cloud initiative. Job Related Competencies (Desirable) Knowledge of security and internal controls related to ERP systems, and Public and Private Key Infrastructure.

4. Organizational Competencies

1. Communicating effectively. 2. Showing team spirit. 3. Demonstrating integrity. 4. Valuing diversity. 5. Producing results. 6. Showing service orientation. 7. Seeing the big picture. 8. Seeking change and innovation. 9. Developing yourself and others.

5. Information

Mobility: WIPO staff members are international civil servants subject to the authority of the Director General and may be assigned to any activities, office or duty station of the Organization. Accordingly, the selected candidate may be required to move from time to time to new functions and/or to another duty station.

Annual salary:

Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment. Please note that this estimate is for information only. The post adjustment multiplier (cost of living allowance) is variable and subject to change (increase or decrease) without notice. The figures quoted below are based on the January 2025 rate of 67.6%.

P5

Annual salary

$92,731

Post adjustment

$62,686

Total Salary

$155,417

Currency USD

Salaries and allowances are paid in Swiss francs at the official rate of exchange of the United Nations.

Please refer to WIPOs Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances. Additional Information

• Initial period of two years, renewable, subject to satisfactory performance. No fixed-term appointment or any extension hereof shall carry with it any expectancy of, nor imply any right to, (further) extensions or conversion to a permanent appointment.

This vacancy announcement may be used to fill other posts at the same grade with similar functions in accordance with Staff Rule 4.9.5.

The Organization reserves the right to make an appointment at a grade lower than that advertised. ___________________________________________________________________

By completing an application, candidates understand that any willful misrepresentation made on this web site, or on any other documents submitted to WIPO during the application, may result in disqualification from the recruitment process, or termination of employment with WIPO at a later date, if that employment resulted from such willful misrepresentations.

In the event that your candidature is shortlisted, you will be required to provide, in advance, a scanned copy of your identification and the degree(s)/diploma(s)/certificate(s) required for this position. WIPO recognizes higher educational qualifications obtained from institutions accredited/recognized in the World Higher Education Database (WHED), a list maintained by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed here: http://www.whed.net/. Some higher educational qualifications may not be listed in WHED, and will be reviewed on a case-by-case basis.

Additional testing/interviewing may be used as a form of screening. Initial appointment is subject to satisfactory professional references.

Additional background checks may be required.