- The deadline for applications is indicated in local date and time.
- This post is a project post.
1. Organizational Context
a. Organizational Setting
The post is located in the Security and Information Assurance Division (SIAD). This Division is responsible for the management of all aspects of WIPO’s information and physical security and safety and ensures that appropriate policies and procedures are in place and effective measures and controls are established to assess and mitigate threats/risks to the Organization. In particular, the Division defines the controls for the implementation of information security instruments and monitors if adequate assurance is maintained over WIPO’s information assets.
The Division also provides professional safety and security services for WIPO staff, its delegates and visitors and ensures the protection of the Organization’s facilities and assets. Appropriate balance of the roles between “service” and “control” is the key for its success in enabling and sustaining WIPO’s operations in an environment with increasing demands for openness and connectivity on the one hand and rapidly evolving information security risks on the other hand.
b. Purpose Statement
The incumbent is responsible for the program management aspects of WIPO’s security (information and physical security) portfolio that includes over 20 projects. The incumbent is expected to balance scope, budget, schedule, business alignment, competing priorities, program risks and communications; and ensure program completeness, quality, and timely delivery. The incumbent works with project managers across safety and security, information security, business and ICT teams to ensure project management discipline in the execution of security projects.
c. Reporting Lines
The incumbent works under the supervision of the Chief Security Officer (CSO).
2. Duties and Responsibilities
The incumbent will perform the following principal duties:
a. Establish and maintain effective relationships with a wide range of internal and external stakeholders in security, ICT and business areas to listen to needs, analyze issues, influence strategies, and rally support of security initiatives; make clear and accurate predictions with regards to project timeframes, cost and functionality and address possible setbacks and delays early.
b. Gather, analyze, evaluate and further define program and project requirements; establish and communicate accurate and reliable program and project estimates; determine resource requirements and form project teams; develop detailed program and project plans and schedules; provide work direction and leadership to projects, assign work, monitor quality of deliverables and give feedback to project teams.
c. Monitor program and project milestones, costs and key performance indicators, to identify and resolve potential issues; propose program risk remediation to projects and program boards for review and decision making.
d. Facilitate the organization of Program Board meetings through drafting of agenda, minutes, and action tracking; clearly and effectively communicate the achievement of value to the business; conduct formal reviews at project completion to confirm acceptance and satisfaction of clients.
e. Provide expert advice to Security Steering Committees and Boards on risk based project priorities, dependencies, and investment decisions as it relates to security.
f. Develop documents for tendering exercises, evaluate responses and select service providers and vendors.
g. Provide inputs to the CSO for the development of annual security budgets and participate in the annual budget formulation and evaluation process; track actual vs. projected expenses, analyze variances, and forecasts end-of-year results for area of responsibility; recommend reallocation of resources and technology to improve results.
h. Foster collaboration among project team members by addressing issues and/or concerns that could impede the division from reaching its goals; provides clear direction on priorities, feedback, and coaching to project managers.
i. Represent SIAD programs and projects at other program and project meetings to understand dependencies and ensure alignment.
j. Perform any other duties as assigned.
Advanced university degree in computer science, engineering, mathematics, business or related discipline. A first-level university degree in computer science, engineering, mathematics, business or related discipline plus two years of relevant experience in addition to the experience requested below may be accepted in lieu of an advanced degree.
Qualification in project or program management such as PRINCE2, MSP or PMP.
Information security certification such as CISSP or risk management qualification (ISO 31000 foundation).
At least nine years’ relevant professional experience in regulated industries, preferably financial or Information Technology, or related to Intellectual Property.
Experience managing security projects, programs or portfolios that involve the processing of highly sensitive information in campuses with high physical security requirements, across multiple security, IT and business teams.
Experience in developing, tracking and using security metrics to drive/influence security decision making and investments.
Experience in managing security projects and programs in the areas of vulnerability remediation, security process improvement, configuration management, Security Operations Centers, security awareness, GRC, Identity and Access Management, outsourced or managed security services, Duty of Care, security incident management, security risk assessments, and cloud security.
Experience managing vendor relationships and complex negotiations.
Excellent knowledge of written and spoken English.
Job Related Competencies
Knowledge of project management frameworks and leading tools in the areas of estimation and cost management, cost benefit analyses, business value demonstration, contract management, and effective program performance reporting. Familiarity with PMBOK, TCM, agile and lean project management, and tools like MS Project.
Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance.
Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
General understanding of the UN Security Management System (UNSMS) balanced against commercial standards such as ISO 31000.
Excellent analytical skills that enable synthesis of inputs from many sources, and allow for strategic thinking and tactical implementation.
Vendor management skills.
People management skills, with the ability to matrix manage project teams consisting of internal staff and on- and off-shore resources.
Change management skills.
Excellent communication and interpersonal skills and ability to maintain effective partnerships and working relations in a multi-cultural environment with sensitivity and respect for diversity.
Knowledge of (i) risk management and control frameworks including ISO 27003, ISO 22301, NIST SP 800-53, SSAE 16 SOC I/II, COSO, and COBIT; (ii) IT GRC tools like MetricStream, Archer, RSAM; (iii) security architecture principles and models like SABSA; (iv) identity and access management technologies; (v) managed security operations (vi) web services security; (vii) infrastructure security: n-tier architectures, firewalls, intrusion detection/prevention tools, endpoint security, application whitelisting, network admission controls, policy detection and enforcement controls, web application firewalls, proxies, SOA firewalls, reverse proxies, server and network security controls, database security (SQL DB/Oracle); (viii) application security processes and methodologies- Secure SDLC, OWASP; and (ix) Incident management techniques and processes; and (x) mobile and cloud security; (xi) building security systems- CCTV surveillance, screening, intrusion prevention systems; (xii) fire safety systems; (xiii) major incident medical management and support.
4. Organizational Competencies
1. Communicating effectively.
2. Respecting individual and cultural differences.
3. Showing team spirit.
4. Managing yourself.
5. Producing results.
6. Embracing change.
7. Respecting ethics and values.
Mobility: WIPO staff members are international civil servants subject to the authority of the Director General and may be assigned to any activities, office or duty station of the Organization. Accordingly, the selected candidate may be required to move from time to time to new functions and/or to another duty station.
Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment. The post adjustment (cost of living allowance) is variable and subject to change without notice in accordance with the rates as set within the UN Common System for salaries and allowances. The figures quoted below are based on the February 2018 rate of 81.6%
Salaries and allowances are paid in Swiss francs at the official rate of exchange of the United Nations.
Please refer to WIPO’s Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances.
* This contract is granted in the context of an approved project which is foreseen to run for approximately three years. The initial contract is granted for 1 year, renewable, subject to continuity of the project and satisfactory performance. No fixed-term appointment or any extension hereof shall carry with it any expectancy of, nor imply any right to, (further) extensions or conversion to a permanent appointment.
Applications from qualified women as well as from qualified nationals of unrepresented Member States of WIPO and underrepresented geographical regions are encouraged. Please click on the following links for the list of unrepresented Member States and the list of underrepresented regions and the WIPO Member States in these regions.
The Organization reserves the right to make an appointment at a grade lower than that advertised.
By completing an application, candidates understand that any willful misrepresentation made on this web site, or on any other documents submitted to WIPO during the application, may result in disqualification from the recruitment process, or termination of employment with WIPO at a later date, if that employment resulted from such willful misrepresentations.
In the event that your candidature is shortlisted, you will be required to provide, in advance, a scanned copy of an identification and of the degree(s)/diploma(s)/certificate(s) required for this position. WIPO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. Some professional certificates may not appear in the WHED and these will be reviewed individually.
Additional testing/interviewing may be used as a form of screening. Initial appointment is subject to satisfactory professional references.
Additional background checks may be required.