Organizational Setting
The Division of Information Technology provides support to the IAEA in the field of information and communication technology (ICT), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises hardware and software platforms, and cloud and externally hosted services. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices.
Main Purpose
Reporting to the Chief Information Security Officer (CISO), the Information Security Officer will design, develop, implement, and monitor performance of the Agency's information security awareness and training programme and will contribute to the general information security programme and standards.
Role
The Information Security Officer is: 1) an information security professional; 2) the lead in the development and implementation of the Agency’s information and IT security awareness and training programme; 3) a contributor in the further development of the policy framework for the Agency’s Information Security Management System (ISMS); 4) an independent overseer and quality assurance expert, reviewing work by technical staff across the Agency to ensure it conforms with the information International Atomic Energy Agency security programme and standards; and 5) a Chief Information Security Group (CISG) and Division of Information Technology (MTIT) team member.
Partnerships
Under the supervision and guidance of the CISO, the Information Security Officer provides service and project management in the development and delivery of a comprehensive Agency-wide awareness and information security training program. The Information Security Officer works closely with other members of the Central Information Security Group and the MTIT training team to implement projects and resolve problems related to information security. The incumbent also interacts with other staff in the Division, staff from other organisational units, and vendor companies to ensure a tolerable level of information security throughout the Agency.
Education, Experience and Language Skills
• Advanced university in information technology or related field; Bachelor’s degree with three additional years of relevant experience may be considered in lieu of advanced university degree.
• Internationally recognized Information or IT Security relevant certification such as CISSP, CISM, CISA or GIAC; • Internationally recognized Project Management Certification such as PMP or Prince2 desirable.
• A minimum of seven years of experience working in information or IT security teams. • Experience with building and rolling out awareness and training programmes.
• Experience with writing formal policy and technical standards.
• Experience with setting up and managing projects and programmes.
• Experience with working in an IT environment with outsourcing, cloud solutions, and a multitude of vendors.
• Experience with classified networks, information classification, and confidentiality requirements associated with high security environments.
• Experience in a multi-cultural, international organization is desirable, as is experience working with information security at the IAEA.
• Fluency in spoken and written English. Knowledge of other official IAEA languages (i.e. Arabic, Chinese, French, Russian or Spanish) is an advantage.