IMPORTANT NOTICE REGARDING APPLICATION DEADLINE: Please note that the deadline for applications is indicated in local time as per the time zone of the applicant’s location.
1. Organizational Context
The post is located in the Security and Information Assurance Division (SIAD). This Division is responsible for the management of all aspects of WIPO’s information and physical security and safety and ensures that appropriate policies and procedures are in place and effective measures and controls are established to assess and mitigate threats/risks to the Organization. In particular, the Division defines the controls for the implementation of information security technologies and monitors if adequate assurance is maintained over WIPO’s information assets. The Division also provides professional safety and security services for WIPO staff, its delegates and visitors and ensures the protection of the Organization’s facilities and assets. Appropriate balance of the roles between “service” and “control” is the key for its success in enabling and sustaining WIPO’s operations in an environment with increasing demands for openness and connectivity on the one hand and rapidly evolving information security risks on the other hand.
The incumbent will be the principal technical authority on information security architecture within WIPO. S/he will be responsible for ensuring that the design of business solutions meet secure architecture principles and standards, as well as for the continuous development of defensible architecture principles and patterns that align with WIPO’s information security risk tolerances, ensuring they are resilient against an evolving threat environment. The Senior Information Security Architect is expected to advise and influence business and technology decisions on the development and procurement of ICT services and products. The role will represent information security at Enterprise Architecture committees.
The incumbent works under the supervision of the Head of Information Security Section.
2. Duties and Responsibilities
The incumbent will perform the following principal duties:
a. Lead the continuous refinement of WIPO’s strategic security architecture vision, including architecture standards and frameworks ensuring they are closely aligned with WIPO’s Information Assurance and ICT strategies. Contribute to the development and maintenance of WIPO’s Information Assurance strategy.
b. Work closely with the information risk, enterprise architecture, security engineering, ICT operations, and application teams to ensure business relevant and risk-based definition and application of security architecture standards.
c. Define, publish and maintain the information security elements of WIPO’s enterprise architecture blueprint in close coordination with WIPO’s enterprise architect and business ICT teams. Manage the integration of security architecture principles and processes into system development and engineering processes.
d. Ensure that WIPO’s security reference architectures and patterns are up-to-date, standards-based, relevant, and agile to meet evolving business needs for information security. The reference architectures cover, among others identity and access management, service oriented architectures, security auditing and logging, monitoring and reporting architectures, network segmentation, security policy detection and policy enforcement controls, remote access architectures, endpoint strategies, federation, application security architectures, mobility, and cloud security architectures.
e. Review business and technology service and product architectures, identify design gaps, and recommend security enhancements.
f. Represent information security in the WIPO Cloud Management Unit to ensure WIPO applications migrating to, or developed for, cloud deployments are architected securely.
g. Manage a continuous compliance program to ensure compliance with WIPO’s security architecture standards through continuous measurement and reporting of compliance and effectiveness metrics to governance committees.
h. Manage the implementation of an awareness program for promoting information security architecture principles and their application with business and ICT stakeholders. Identify and mentor stakeholders to be champions in developing and maintaining secure architectures.
i. Perform other related tasks as required.
Advanced university degree in information security, computer science, engineering, mathematics, business or related discipline. A first level university degree in information security, computer science, engineering, mathematics, business or related discipline plus two years of relevant experience may be accepted in lieu of an advanced degree.
Certifications in information security- CISSP and SABSA-SCPA.
Additional certifications like SABSA-SCPR, SABSA Master, CISM, CISSP-ISSAP, CSSLP, CCSK, or GSSP.
AWS Certifications: Solutions Architect - Associate or Professional; DevOps/SysOps; Security Speciality.
At least seven years of relevant professional experience in regulated industries (preferably financial) working as an Information Security Architect, including managerial experience in leading matrix teams to architect, design, build, implement and maintain complex information security application and infrastructure architectures for organizations facing multiple and sophisticated threats.
Experience in business analysis and integration of secure system development lifecycles into well recognized project and service management methodologies.
Experience in managing IT Security in the areas of identity and access management, infrastructure, network, endpoints, applications, database system technologies, mobility, cloud, virtualization security architectures, and information security process improvement.
Managing vendor relationships and services with managed security service providers and security product vendors.
Excellent written and spoken knowledge of English.
Knowledge of other UN official languages, particularly French.
Job Related Competencies
Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance.
Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
Excellent insight of business and technology trends and their impact (risks and opportunities) to business enablement.
Analytical skills that enable synthesis and correlation of inputs from many sources, and allow for strategic thinking and tactical implementation.
Ability to establish and maintain effective partnerships and working relations in a multi-cultural environment with sensibility and respect for diversity.
Good organizational and interpersonal skills to influence others towards a shared vision and positive results with or without the line of command.
Excellent written and verbal communication skills that are compelling, convincing and reassuring, with the ability to articulate complex technical ideas to non-technical stakeholders.
Personal drive, ownership and accountability to meet deadlines and achieve agreed-upon results.
Knowledge and/or skills in the following areas- (i) risk management and control frameworks including ISO 27003, ISO 31000, NIST SP 800-53, COSO, and COBIT; (ii) IT GRC tools; (iii) security architecture principles and models like SABSA, Zachman, TOGAF, CAESARS; (iv) identity and access management technologies- RBAC, SSO, cloud SSO, and federation; (v) authentication and authorization technologies- multifactor, AD, kerberos, LDAP, fine and coarse-grained authorization, PKI, cryptographic techniques/algorithms; (vi) web services security- SAML, RestAPI, OpenIDConnect (vii) threat modeling techniques; (viii) infrastructure security: n-tier architectures, firewalls, intrusion detection/prevention tools, endpoint security, application whitelisting, network admission controls, policy detection and enforcement controls, web application firewalls, proxies, SOA firewalls, CASB, reverse proxies, server and network security controls (Windows/LINUX/AIX), database security (SQL DB/Oracle); (ix) application security frameworks like OWASP, BSIMM, OpenSAMM; and (x) security monitoring: SEIM, LogRhythm, Arcsight, advanced correlation logic.
4. Organizational Competencies
Showing team spirit.
Showing service orientation.
Seeing the big picture.
Seeking change and innovation.
Developing yourself and others.
Mobility: WIPO staff members are international civil servants subject to the authority of the Director General and may be assigned to any activities, office or duty station of the Organization. Accordingly, the selected candidate may be required to move from time to time to new functions and/or to another duty station.
Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment. The post adjustment (cost of living allowance) is variable and subject to change without notice in accordance with the rates as set within the UN Common System for salaries and allowances. The figures quoted below are based on the July 2019 rate of 71.0%
Salaries and allowances are paid in Swiss francs at the official rate of exchange of the United Nations.
Please refer to WIPO’s Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances.
* Initial period of two years, renewable, subject to satisfactory performance. No fixed-term appointment or any extension hereof shall carry with it any expectancy of, nor imply any right to, (further) extensions or conversion to a permanent appointment.
This vacancy announcement may be used to fill other posts at the same grade with similar functions in accordance with Staff Rule 4.9.5.
Applications from qualified women as well as from qualified nationals of unrepresented Member States of WIPO and underrepresented geographical regions are encouraged. Please click on the following links for the list of unrepresented Member States and the list of underrepresented regions and the WIPO Member States in these regions.
The Organization reserves the right to make an appointment at a grade lower than that advertised.
By completing an application, candidates understand that any willful misrepresentation made on this web site, or on any other documents submitted to WIPO during the application, may result in disqualification from the recruitment process, or termination of employment with WIPO at a later date, if that employment resulted from such willful misrepresentations.
In the event that your candidature is shortlisted, you will be required to provide, in advance, a scanned copy of an identification and of the degree(s)/diploma(s)/certificate(s) required for this position. WIPO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. Some professional certificates may not appear in the WHED and these will be reviewed individually.
Additional testing/interviewing may be used as a form of screening. Initial appointment is subject to satisfactory professional references.
Additional background checks may be required.