IMPORTANT NOTICE REGARDING APPLICATION DEADLINE: please note that the deadline for applications is indicated in local time as per the time zone of the applicant’s location.
1. Organizational Context
a. Organizational Setting
The post is located in the Information Security Section, Security and Information Assurance Division (SIAD), Administration and Management Sector.
The Division is responsible for the management of all aspects of WIPO’s information and physical security and safety and ensures that appropriate policies and procedures are in place and effective measures and controls are established to assess and mitigate threats/risks to the Organization. In particular, the Division defines the controls for the implementation of information security instruments and monitors if adequate assurance is maintained over WIPO’s information assets. The Division also provides safety and security services for WIPO staff, delegates and visitors and ensures the protection of the Organization’s facilities and assets.
b. Purpose Statement
WIPO is seeking an experienced Information Security Operations Center Manager, to be responsible for establishing and enhancing WIPO’s overall IT security monitoring and operational activities. As a subject matter expert, s/he will revamp WIPO’s IT security operations from the ground up, establish policies and standard operating procedures/response plans/playbooks and develop a team of highly skilled contracted cyber security analysts to proactively detect malicious behavior and enact countermeasures. A key objective for this role will be to lower the information security risk profile of WIPO through establishing capabilities for proactive and continuous monitoring, detection and coordinated responses to common and advanced information security threats.
This role will require the handling of sensitive or confidential data. Active or prior government security clearance is preferred.
c. Reporting Lines
The incumbent works under the supervision of the Head of Information Security Section.
2. Duties and Responsibilities
The incumbent will perform the following principal duties:
a. Identify and present tactical and strategic recommendations on improving WIPO’s information security posture to management, in close coordination with business and technology teams.
b. Provide oversight and first-line supervision of Security Operations Center (SOC) services to ensure delivery within the agreed service levels; provide technical assistance to the Head of the Information Security Section on administrative activities of security operations including oversight of cyber security analysts, recruitment of analysts, shift management, technical training, cost management, monitoring non-compliance to SOC policies and procedures, and secure management of privileged access by analysts.
c. Ensure continuous security monitoring through management of business and technology rules to detect common and advanced information security threats; collect and report metrics to management for decision-making and provide real-time situational awareness.
d. Lead processes to investigate, analyze and profile the structure and dynamics of a particular sector or group within an adversary community of interest to WIPO; analysis and determination of intent, operational and technical capabilities, tradecraft, and modus operandi of threat actors; keep up-to-date a threat profile map specific to WIPO; in conjunction with the SOC service provider.
e. Investigate or lead processes to investigate infrastructure and application intrusions and data theft by threat actors and threat vectors; lead the implementation of the incident response capability through intelligence backed decisions; develops and deliver management summaries and presentations on intrusions and intrusion attempts.
f. Enhance and operate WIPO’s vulnerability management program (configuration, scanning, tracking, remediation and verification).
g. Work closely with the Information Security, Enterprise and Solution Architects to monitor and refine reference architectures for security monitoring, detection, and policy enforcement processes and tools.
h. Lead the implementation and operation of SOC service management capability, including change management, incident, and problem management according to established processes and procedures; optimize service delivery processes and demonstrate measurable value by identifying opportunities for automation and streamlining of processes.
i. Establish and maintain relationships at technical and management levels with security product vendors and MSSPs to manage contracted security services, and drive product functionality, break-fix, training and service delivery improvements; ensure SOC analysts are equipped with the latest security intelligence from subscribed feeds and through partnerships with other IOs, intelligence communities and external law enforcement agencies.
j. Perform any other duties as assigned.
Advanced university degree in information security, computer science, engineering, mathematics, business or related discipline. A first-level university degree in a relevant discipline plus two years of relevant experience in addition to the experience requested below may be accepted in lieu of an advanced degree.
Additional certifications such as CISSP-ISSEP, GCIH, EnCE, CFE, CEH, GWAPT, GPEN or GREM.
At least seven years’ relevant professional experience in regulated industries (preferably financial) working as an Information Security Manager or similar, including experience managing security operations center teams in organizations facing multiple and sophisticated threats.
Experience leading intelligence gathering and incident response in complex and advanced threat environments.
Experience managing vendor relationships with security service providers and security product vendors.
Experience architecting, building and operating SOCs.
Experience managing IT Security in the areas of infrastructure, network, endpoints, applications, cloud and database system technologies.
Excellent written and spoken knowledge of English.
Knowledge of other UN official languages, particularly French.
Job Related Competencies
Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance.
Excellent people and vendor management skills.
Excellent analytical and organizational skills.
Excellent interpersonal skills with the ability to establish and maintain effective partnerships and working relations in a multi-cultural environment with sensitivity and respect for diversity.
Knowledge and/or skills in the following areas: i) development of SOC standard operating procedures and playbooks, SOAR processes and platforms; ii) advanced scripting (PERL, PYTHON); iii) web services security-SAML, WS-federation, WS-security, SOA; iv) threat modeling techniques; v) infrastructure security: n-tier architectures, firewalls,anti-virus, network/host/wireless intrusion detection/prevention tools, network penetration testing, endpoint detection and response, wireless security, DNSSEC, application whitelisting, network admission controls, policy detection and enforcement controls, web application firewalls, proxies, SOA firewalls, reverse proxies, server and network security controls (Windows/LINUX/AIX), virtualization security, database security (SQL DB/Oracle), DDoS protection; vi) application security: application penetration testing, OWASP, BSIMM, OpenSAMM; vii) incident management techniques and processes: malware analysis, designer malware detection, APT response, forensics; viii) security monitoring: log aggregation technology, SEIM, advanced correlation logic.
Knowledge and/or skills in the following areas: i) security architecture principles and models like SABSA, Zachman; ii) identity and access management technologies- RBAC, SSO, cloud SSO and federation; iii) authentication and authorization technologies- multifactor, AD, kerberos, LDAP, fine and coarse-grained authorization, PKI, cryptographic techniques/algorithms; iv) security tools and products like IBM Proventia, SNORT, WebSense proxy, SQUID proxy, Symantec and McAfee EPO, Etheral, TCP Dump, NMap, Nessus, Retina, NetFlow, Packet capture tools, Nikto, NetlQ, CA Siteminder, Checkpoint and Cisco ASA firewalls, DataPower SOA, FireEye, Crowdstrike, ForeScout NAC, Juniper remote access gateways, ArcSight and LogRhythm, SEIMs, TippingPoint, EnCase etc.
4. Organizational Competencies
1. Communicating effectively.
2. Showing team spirit.
3. Demonstrating integrity.
4. Valuing diversity.
5. Producing results.
6. Showing service orientation.
7. Seeing the big picture.
8. Seeking change and innovation.
9. Developing yourself and others.
Mobility: WIPO staff members are international civil servants subject to the authority of the Director General and may be assigned to any activities, office or duty station of the Organization. Accordingly, the selected candidate may be required to move from time to time to new functions and/or to another duty station.
Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment. The post adjustment (cost of living allowance) is variable and subject to change without notice in accordance with the rates as set within the UN Common System for salaries and allowances. The figures quoted below are based on the January 2019 rate of 70.0%
Salaries and allowances are paid in Swiss francs at the official rate of exchange of the United Nations.
Please refer to WIPO’s Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances.
* Initial period of two years, renewable, subject to satisfactory performance. No fixed-term appointment or any extension hereof shall carry with it any expectancy of, nor imply any right to, (further) extensions or conversion to a permanent appointment.
This vacancy announcement may be used to fill other posts at the same grade with similar functions in accordance with Staff Rule 4.9.5.
Applications from qualified women as well as from qualified nationals of unrepresented Member States of WIPO and underrepresented geographical regions are encouraged. Please click on the following links for the list of unrepresented Member States and the list of underrepresented regions and the WIPO Member States in these regions.
The Organization reserves the right to make an appointment at a grade lower than that advertised.
By completing an application, candidates understand that any willful misrepresentation made on this web site, or on any other documents submitted to WIPO during the application, may result in disqualification from the recruitment process, or termination of employment with WIPO at a later date, if that employment resulted from such willful misrepresentations.
In the event that your candidature is shortlisted, you will be required to provide, in advance, a scanned copy of an identification and of the degree(s)/diploma(s)/certificate(s) required for this position. WIPO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. Some professional certificates may not appear in the WHED and these will be reviewed individually.
Additional testing/interviewing may be used as a form of screening. Initial appointment is subject to satisfactory professional references.
Additional background checks may be required.