Chief Security Officer

1.Organizational Context

(a) Organizational Setting

The post is located in the Security and Information Assurance Division (SIAD) in the Administration, Finance and Management Sector (AFMS). This Division is responsible for the management of all aspects of WIPO’s information and physical security and safety and ensures that appropriate policies and procedures are in place and effective measures and controls are established to assess and mitigate threats/risks to the Organization.

The Division defines the controls for the implementation of information security solutions and monitors if adequate assurance is maintained over WIPO’s information assets. As the owner of WIPO’s Data Protection Program, the Division is also tasked with ensuring the protection of personal information. It provides professional safety and security services for WIPO staff, its delegates and visitors and ensures the protection of the Organization’s facilities and assets.

Appropriate balance of the roles between “service” and “control” is the key for its success in enabling and sustaining WIPO’s operations in an environment with increasing demands for openness and connectivity on the one hand and rapidly evolving information security risks on the other hand.

(b) Purpose Statement

The Chief Security Officer leads and directs security operations and is responsible for directing and implementing WIPO security and information assurance strategy, managing risks, ensuring compliance and overseeing all aspects of the safety and security of WIPO personnel, premises and information assets.

Acting as the Organization’s Data Protection Officer (DPO), the Chief Security Officer is responsible for directing the Organization’s Data Privacy Program, and for the provision of information and advice on specific protection requirements pertaining to personal information received from both internal and external stakeholders.

The Chief Security Officer also oversees the Organization’s Digital Responsibility program, ensuring ethical, sustainable and secure use of digital technologies by the Organization in line with the UN Sustainable Development Goals (SDGs).

(c) Reporting Lines

The incumbent works under the supervision of the Assistant Director General responsible for the Administration, Finance and Management Sector (AFMS).

(d) Work Relations

The incumbent works closely with senior officials throughout the organization as well as with external entities, including partner institutions, law enforcement, vendors and service providers and, on occasion, WIPO Member State representatives.

2.Duties and Responsibilities

The incumbent will perform the following principal duties:

(a) Oversee WIPO’s risk-oriented security and information assurance management approach.

(b) Provide expert advice on the definition of security and information assurance goals, objectives, practices and metrics that are consistent with the Organization’s strategies and objectives.

(c) Direct the development, implementation and continuous improvement of security and information assurance strategies, policies, standards, procedures, and metrics in line with evolving business needs.

(d) Direct the design, implementation, and verification of adequate and cost-effective internal controls; manage key security risks of a critical or sensitive nature.

(e) Direct the development, implementation and monitoring of data protection policies in line with the UN Secretary General’s Data Protection Principles and aligning with other international data protection standards as best practice.

(f) Provide expert advice on the integration of security and information assurance into the development and implementation of WIPO’s Business and ICT Strategies, including on selection and management of security and information assurance capabilities.

(g) Assess information assurance, safety and security implications of WIPO’s business continuity plans and advise relevant services on the development of respective plans, in line with WIPO’s business continuity management strategy; regularly verify the effectiveness of such plans, capabilities
and procedures to ensure compliance with internal controls.

(h) Assume accountability for safety, security and information systems security operations; respond to information security incidents, audit recommendations and investigation requests, etc.

(i) Direct the Division’s portfolio of work and take overall management and supervision responsibility for its human and financial resources. Determine priorities and allocate resources in accordance with Results-Based Management (RBM) priorities.

(j) Direct the development and implementation of on-going engagement programs for management and staff at large and ensure awareness of the current trends to enhance or adjust security response programs.

(k) Establish and maintain relationships with external entities, to ensure optimal availability of external expertise and services as required;

(l) Direct the development and implementation of reporting mechanism relating to Digital Responsibility, with a view to providing centralized capabilities for tracking and publicizing internal and external facing activities in this area.

(m) Perform other duties as required.

3.Requirements

Education (Essential)

Advanced university degree in Computer Science, Information Technology, Information Management or related discipline. A first-level university degree plus two years of relevant professional experience in addition to the experience requested below may be accepted in lieu of an advanced university degree.

Experience (Essential)

At least 15 years’ experience in safety and security, information assurance and information risk management, including at least five years’ experience in managing medium to large enterprise security programs.

Sound experience in managing information risks throughout the entire information management life cycle from creation to archiving and destruction, in comparable enterprise environments.

Sound experience in managing large projects under internationally well recognized project management methodologies.

Sound experience in mitigation measures, including business practices, in a large and complex enterprise environment.

Sound experience in leading a team.

Experience (Desirable)

Experience in the development and implementation of data protection programs and policies aligned with international data protection practices.

Language (Essential)

Excellent knowledge of English.

Language (Desirable)

Knowledge of French or other UN official languages.

Job Related Competencies (Essential)

Ability to manage multiple and diverse security units.

Demonstrated leadership skills in managing a security operation.

Proficiency in managing diverse teams and leveraging diversity to foster inclusive group dynamics and inclusive security outcomes.

Excellent understanding of the common internal and external threats that are faced by an Organization that is large, complex, has offices outside the Headquarters and that routinely processes classified information and requires explicit differentiation in treatment of such information.

Excellent insight of trends and technologies related to safety, security and information assurance, their intersection and business implications.

Excellent understanding of pertinent international practices, such as COBIT and ISO 27001, with proven experience in implementing and using COBIT for managing risks and internal controls and with at least one active professional certification such as CISM, CISA, CISSP, CRISC.

Excellent organizational and interpersonal skills, ability to influence others for positive results within or outside the formal hierarchical structures.

Excellent written and verbal communication skills and the proven ability to communicate security-related concepts to a broad range of technical and non-technical staff.

Job related Competencies (Desirable)

Knowledge of security and internal controls related to ERP systems and Public and Private Key Infrastructure.

Knowledge of the UN Security Management System (UNSMS).
Understanding of the UN SDGs and how Digital Responsibility plays a part in achieving them.

General understanding of relevant laws and regulations.

Knowledge of PRINCE 2 project management methodology.

Demonstrates knowledge of and commitment to diversity strategies

4. Organizational Competencies

1. Communicating effectively.
2. Producing results.
3. Showing service orientation.
4. Demonstrating integrity.
5. Showing team spirit.
6. Valuing diversity.
7. Seeking change and innovation.
8. Seeing the big picture.
9. Developing yourself and others

5. Information

Mobility:WIPO staff members are international civil servants subject to the authority of the Director General and may be assigned to any activities, office or duty station of the Organization. Accordingly, the selected candidate may be required to move from time to time to new functions and/or to another duty station.

Annual salary:

Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment. Please note that this estimate is for information only. The post adjustment multiplier (cost of living allowance) is variable and subject to change (increase or decrease) without notice. The figures quoted below are based on the December 2023 rate of 82.7%

Please refer to WIPO’s Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances.

Additional Information

• Initial period of two years renewable, subject to satisfactory performance. No fixed-term appointment or any extension hereof shall carry with it any expectancy of, nor imply any right to, (further) extensions or conversion to a permanent appointment.

This vacancy announcement may be used to fill other posts at the same grade with similar functions in accordance with Staff Rule 4.9.5.

The Organization reserves the right to make an appointment at a grade lower than that advertised.

___________________________________________________________________

By completing an application, candidates understand that any willful misrepresentation made on this web site, or on any other documents submitted to WIPO during the application, may result in disqualification from the recruitment process, or termination of employment with WIPO at a later date, if that employment resulted from such willful misrepresentations.

In the event that your candidature is shortlisted, you will be required to provide, in advance, a scanned copy of an identification and of the degree(s)/diploma(s)/certificate(s) required for this position. WIPO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/. Some professional certificates may not appear in the WHED and these will be reviewed individually.

Additional testing/interviewing may be used as a form of screening. Initial appointment is subject to satisfactory professional references.

Additional background checks may be required.