Information and Computer Security Officer

IMPORTANT NOTICE REGARDING APPLICATION DEADLINE: Please note that the closing date for submission of applications is indicated in local time as per the time zone of the applicant's location.

Organizational Setting

The Department of Nuclear Safety and Security (NS) formulates and implements the IAEA's nuclear safety and security programme, which encompasses the Agency's activities to protect people and the environment from radiation exposure and responds to the needs of its Member States related to nuclear safety and nuclear security.

The Division of Nuclear Security (NSNS) is responsible, upon request, for establishing, coordinating and implementing the IAEA's nuclear security programme to protect against, detect and respond to nuclear security events and threats thereof. NSNS comprises four Sections:

*Information Management Section *Nuclear Security of Materials Outside of Regulatory Control Section *Nuclear Security of Materials and Facilities Section *Programme Development and International Cooperation Section

The Information Management Section (INMA) is responsible for the establishment and maintenance of the mechanisms required to collect, collate and analyse nuclear security related information required for the effective implementation of activities to strengthen the international nuclear security framework. The Section is responsible for managing and maintaining the Incident and Trafficking Database and related information, as well as the system to develop and coordinate the implementation of Integrated Nuclear Security Support Plans. For this purpose, it liaises with other international organizations and Member States to enhance cooperation in and increase the outreach of nuclear security information. The Section is also responsible for managing and maintaining the information technology systems necessary for implementing the work of the Division and providing for information exchange through internal and external information portals. Additionally, the Section is responsible for managing and implementing the programme of activities for raising States' awareness of the threat of cyber-attacks, and their potential impact on nuclear security. The Section is also responsible for implementing arrangements to maintain the confidentiality of sensitive information.

Main Purpose

Under the direct supervision of the Section Head, Information Management Section (INMA), the Information and Computer Security Officer (Technical Lead) will coordinate and implement information and computer security activities as part of the nuclear security programme. This includes information and computer security activities based on needs identified by States in Integrated Nuclear Security Sustainability Plans, information and computer security assessment missions and International Physical Protection Advisory Service (IPPAS) missions. Additionally, the Information and Computer Security Officer develops and implements the Divisions internal information and IT security activities in alignment with and support of the IAEAs information and IT security

Role

The Information and Computer Security Officer (Technical Lead) is: (1) a technical lead, leading programme design, coordination and delivery of activities related to the information and computer security within the nuclear security programme, monitoring and supervising their implementation in accordance with relevant Agency's and policies and procedures; (2) a substantive and recognized expert in information and computer security specifically related to the nuclear industry, (3) a coordinator and manager of projects of particular technical complexity and/or sensitivity involving the participation of experts from Member States and other relevant international organizations and/or initiatives as well as inter-agency collaborative projects; (4) a scientific secretary to international scientific meetings related to computer security as a component of nuclear security, overseeing the preparation and editing of scientific or technical reports, manuals, proceedings and other publications that provide information and computer security guidance for nuclear security regimes, as well as scientific or technical documentation and papers for discussions; and (5) coordinator and developer of the Division's information and IT security programme in alignment with and support of the IAEAs information and IT security programme.

Functions / Key Results Expected

Coordinate and provide technical input to the work of the information and computer security team. Lead the development of the information and computer security programme of activities, including within the Integrated Nuclear Security Sustainability Plan (INSSP) requests in support of Member State activities to improve information and computer security as a component of nuclear security. Lead the development of information and computer security guidance, within the IAEA Nuclear Security Series of publications. Provide expert support to Member States efforts to establish effective information and computer security within their nuclear security regimes. Contribute to capacity building, including conduct of training, workshops, exercises and seminars related to information and computer security in States as a component of their nuclear security regimes. Lead the design and delivery of information and computer security activities specifically for the benefit of Member States. Represent the IAEA at national and international meetings as required; establish and maintain relationships with relevant international organizations, initiatives, committees and scientific societies. Conduct, as requested, information and computer security assessment missions and International Physical Protection Advisory Service (IPPAS) missions. Serve as the Divisional Information Security Officer, coordinating and developing the Division's information and IT security programme in alignment with and support of the IAEAs information and IT security programme.

Competencies and Expertise

Core Competencies (Competency Framework)

Name Definition Communication Communicates orally and in writing in a clear, concise and impartial manner. Takes time to listen to and understand the perspectives of others and proposes solutions. Achieving Results Takes initiative in defining realistic outputs and clarifying roles, responsibilities and expected results in the context of the Department/Division's programme. Evaluates his/her results realistically, drawing conclusions from lessons learned. Teamwork Actively contributes to achieving team results. Supports team decisions. Planning and Organizing Plans and organizes his/her own work in support of achieving the team or Section's priorities. Takes into account potential changes and proposes contingency plans.

Functional Competencies

Name Definition Client orientation Helps clients to analyse their needs. Seeks to understand service needs from the client's perspective and ensure that the client's standards are met. Commitment to continuous process improvement Plans and executes activities in the context of quality and risk management and identifies opportunities for process, system and structural improvement, as well as improving current practices. Analyses processes and procedures, and proposes improvements. Technical/scientific credibility Ensures that work is in compliance with internationally accepted professional standards and scientific methods. Provides scientifically/technically accepted information that is credible and reliable.

Nuclear Security Cyber Security for Nuclear Facilities Extensive knowledge in IAEA Nuclear Security Series guidance. Experience in IAEA guidance development is beneficial Information Technology Information Security Expertise in information security including information classification and security requirements for classified information Nuclear Security National Nuclear Security Regimes In depth knowledge of the nuclear security regime and the application of associated digital control systems within the regime Management and Programme Analysis Project Management Demonstrated expertise in successful project management Training Training Implementation Significant experience in conducting computer security training. Prior experience in IAEA training activities is beneficial

Qualifications, Experience and Language skills

• Advanced university degree in information science, computer science, nuclear science, nuclear engineering or related fields. A university degree in information science, computer science, nuclear science, nuclear engineering or related fields with two additional years of relevant experience may be considered in lieu of advanced university degree.
• A minimum of seven years of relevant professional experience, including technical leadership, in computer security in the nuclear field. Prior experience working at nuclear facilities/nuclear operations is highly desirable.
• International or national experience in nuclear security activities related to information and computer security.
• Demonstrated strong organizational skills in leading and coordination of large-scale meetings/conferences.
• Demonstrated technical writing skills.
• Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, French, Russian and Spanish) is an asset.