CFA - Information and Communication Technology (ICT) Associate (Security and NIST Compliance) (GS)
Role details
Job location
Tech stack
Job description
Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.
IOM is committed to ensuring a workplace where all employees can thrive professionally, while working towards harnessing the full potential of migration. Read more about IOM's workplace culture at IOM workplace culture | International Organization for Migration
Applications are welcome from internal and external candidates. For all IOM vacancies, applications from qualified and eligible first-tier candidates are considered before those of qualified and eligible second-tier candidates in the selection process. For the purpose of this vacancy, internal candidates are considered first-tier candidates.
Context:
Under the overall supervision of the Senior Information Security Officer and the direct supervision of the ICT Officer (Information Security officer), the Information and Communication Technology (ICT) Associate (Security and National Institute of Standards and Technology (NIST) Compliance) ensures that IT systems, services, and data in the IOM-ICT ecosystem meet NIST cybersecurity standards. Key responsibilities include developing and improving data security policies and controls, ensuring regulatory compliance, and collaborating with business units to maintain security requirements throughout system lifecycles. The role requires collaboration, technical leadership, and translating security needs into solutions, with occasional support for other teams.
This position reports to the Senior Information Security Officer within the Information Security & Compliance Unit. All IOM staff must perform duties according to job descriptions, delegated authorities, UN and IOM rules, and uphold IOM's values of professionalism, integrity, and respect for diversity. RESPONSIBILITIES Develop, implement, and maintain data security policies, procedures, and controls in alignment with NIST frameworks (e.g., NIST SP 800-53, NIST Cybersecurity Framework), ISO 27001, and other applicable standards.
-
Conduct risk assessments and vulnerability analyses to identify, evaluate, and mitigate risks to organizational data, applications, and ICT infrastructure.
-
Collaborate with cross-functional teams, including project managers, system architects, application developers, and business analysts, to integrate security requirements into all phases of the application and system development lifecycle.
-
Ensure data protection and privacy compliance, including GDPR and other relevant regulations for both applications and data, through the implementation of technical and organizational measures.
-
Support the design and implementation of security controls for data-in-transit and data-at-rest, including encryption, access controls, and monitoring.
-
Assist and support in regular security audits, penetration testing, and incident response exercises to validate the effectiveness of controls and preparedness of the organization.
-
Provide technical guidance and mentorship to other team members and business users on secure application and data management practices, fostering a culture of continuous improvement and security awareness.
-
Develop and maintain security documentation, including risk registers, incident response plans, data flow diagrams, and user guides- specific to applications and data processes.
-
Monitor emerging threats, vulnerabilities, and trends in application and data security, and recommend adoption of new technologies or practices as appropriate.
-
Support organizational objectives by ensuring that business needs are met with secure, compliant, and cost-effective solutions.
-
Participate in production "go/no go" decisions for system and applications deployments, certifying that security requirements have been met and risks are documented and managed.
-
Engage in training and awareness programs to promote application and data security best practices and compliance across the organization.
-
Perform other duties as may be assigned., * Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
-
Professionalism : Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
-
Courage : Demonstrates willingness to take a stand on issues of importance.
-
Empathy : Shows compassion for others, makes people feel safe, respected and fairly treated.
Core Competencies - behavioural indicators
- Teamwork : Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
- Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
- Managing and sharing knowledge : Continuously seeks to learn, share knowledge and innovate.
- Accountability : Takes ownership for achieving the Organization's priorities and assumes responsibility for own actions and delegated work.
- Communication : Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.
Requirements
Do you have experience in SIEM?, Do you have a High school diploma or GED?, * High school diploma with six years of relevant experience; or,
- University degree in Computer Science, Information Technology, Cybersecurity or a related field from an accredited academic institution with four years of relevant experience; or,
- Essential: CompTIA Security+, CISSP, CISM, CISA, or equivalent information security certifications.Desirable: NIST Cybersecurity Framework Practitioner, ISO 27001 Lead, CIS Controls.
Experience
- Experience implementing and managing application and data security programs in accordance with NIST, ISO, or similar frameworks;
- Strong understanding of data protection regulations (e.g., GDPR, HIPAA) and experience implementing compliance measures in applications and data management;
- Experience with security technologies such as SIEM, DLP, IAM, endpoint protection, encryption, and cloud security controls (Azure, AWS, etc.);
- Experience working collaboratively with business partners and technical teams to translate business needs into secure applications and data solutions; and,
- Experience operating in humanitarian, development, or United Nations organizations., * Ability to develop solution documentation, security policies, and user training materials using industry-standard methods and tools;
- Proven track record in risk assessments, security audits, and incident response for applications and enterprise systems;
- Excellent communication skills for articulating complex technical concepts to technical and non-technical audiences;
- Strong analytical, conceptual, and problem-solving skills;
- Knowledge of IOM/UN-specific ICT processes and technologies;
- Working knowledge of any other official UN language;
- Strong interpersonal skills;
- Solid organization and document, project management;
- Strong investigative skills;
- Strong ability to continue to learn and grow;
- Basic knowledge of reporting tools (e.g., MS Excel, Power BI, Power BI Report Builder);
- Ability to translate technical security vulnerabilities into business risk/impact to applications;
- Demonstrated skill in creating security policies and procedures based on ISO27001, NIST 800-53 and Computer Information System (CIS) controls;
- Strong analytical and problem-solving skills and proactive thinking skills; and,
- Able to articulate complex, technical concepts to non-technical audiences.
Languages:
All IOM staff members in all categories are required to be fluent in one of the IOM's official languages (English, French, Spanish).
For this position, fluency in English is required (oral and written). Working knowledge of Spanish is highly desirable and another official UN language (Arabic, Chinese, French, and Russian) is an advantage.
Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments
Required Competencies:
IOM's competency framework can be found at this link Competencies will be assessed during the selection process.
