Consultant â IT Security (Security Systems Unit),
Vienna
IAEA - International Atomic Energy Agency -
Closing Date: 14-April-2017
Apply
Consultant – IT Security (Security Systems Unit) - (TAL-MTIT20170116-002)
Organization
: MTIT-Security Systems UnitPrimary Location
: Austria-Vienna-Vienna-IAEA HeadquartersJob Posting
: 2017-03-23, 7:00:00 PMClosing Date
: 2017-04-14, 5:59:00 PM
Duration in Months: 12
Contract Type: Special Service Agreement - SSA
Organizational Setting
The Department of Management (MT) provides a 'platform of services' that serves as a foundation for the successful delivery of the IAEA's scientific and technical programmes. Its mission statement is as follows: "MT is a partner and a business enabler that champions change and efficiency, leveraging a common purpose". Thus, among other support activities, it assists a scientific manager in recruiting the right expert, helps a technical officer coordinate the purchase of radiation equipment and ensures that all Board documents are translated and distributed on a timely basis to Member States.
The Division of Information Technology (MTIT) provides support to the IAEA in the field of ICT (information and communication technology), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises state of the art hardware and software platforms in a partially decentralized environment. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.
The Infrastructure Services Section is responsible for administering the central IT servers and virtualization platforms, providing secured services and managing the data centre which are run in compliance with best practices defined by international standards, in particular ITIL and ISO 27001.
The Division of Information Technology (MTIT) provides support to the IAEA in the field of ICT (information and communication technology), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises state of the art hardware and software platforms in a partially decentralized environment. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.
The Infrastructure Services Section is responsible for administering the central IT servers and virtualization platforms, providing secured services and managing the data centre which are run in compliance with best practices defined by international standards, in particular ITIL and ISO 27001.
Main Purpose
The purpose of the post is to help the IAEA information and communication technology services improve repeatable and consistent processes to strengthen IAEA information security. The IT Security Engineer participates in the development and delivery of a comprehensive IT security program for the IAEA. He/she also participates in implementation of IT security projects.
The IT Security Engineer is (a) a technical specialist supporting the design and formulation of security measures, procedures and standards on all aspects of IT security and (b) a project manager/coordinator, soliciting inputs from other specialists and assisting in defining, planning and executing projects.
The IT Security Engineer is (a) a technical specialist supporting the design and formulation of security measures, procedures and standards on all aspects of IT security and (b) a project manager/coordinator, soliciting inputs from other specialists and assisting in defining, planning and executing projects.
Functions / Key Results Expected
Extend and further improve operational security processes across MTIT, both for Agency's IT infrastructure in-house as in the cloud, with regard to the following areas:
•Threat management;
•Vulnerability management;
•Security patch management;
•Logging and monitoring;
Improve the Agency's current and future security systems (e.g. Firewall, IDS/IPS, SIEM, web proxy, reverse proxies, sandboxes, anti-virus) and tools (e.g. Nessus, Dynamic Code Scanners, end point security solutions, Software Vulnerability Management) by:
•Performing security assessments on current setup and provide recommendations to improve;
•Optimising configurations and utilising unused functionality;
•Improving operating procedures and registration of events;
•Improve reporting to get a better overview of the security status;
•Optimising the process of centrally collecting security logs, and further extending exception reports and triggers.
Create and optimise an IT security dashboard for the management scorecard.
Implement end-to-end IT security measures and appropriate technology and processes to ensure the confidentiality, integrity and availability of information systems and data.
Produce high-quality oral and written reports on the security measures implemented, presenting complex technical matters clearly and concisely.
Knowledge, Skills and Abilities
Required -
Functional Competencies
- Client orientation
- Analytical thinking
Skills and Expertise
- Information Security
- Information Security and Risk Management
- Project Management
- Change Management
Qualifications and Experience
- University degree in Computer Science, Information Management, IT Security or a related field;
- Minimum of five years of professional experience in managing IT security programs in an IT enterprise environment and IT Security Systems, managing and optimising IT security infrastructure systems providing access control, vulnerability management and incident identification response.International recognized information Security or IT Security and Risk Management certifications such as CISSP, CISM, CISA or GIAC;
- Accredited certification in Project Management such as PMP or Prince2;
- Experience working in an IT enterprise environment including using change management processes.
- Experience in creating technical documentation.
Remuneration
The remuneration for this consultancy is a daily fee of up to a maximum of € 333, based on qualifications and experience. In case duty travel is required within the assignment, a daily subsistence allowance (DSA) and travel costs are provided. Health coverage and pension fund are the responsibility of the incumbent.