Information Security Specialist
UNOPS , Mexico, Mexico
The United Nations Office for Project Services (UNOPS) is an operational arm of the United Nations, supporting the successful implementation of its partners' peacebuilding, humanitarian and development projects around the world. Mandated as a central resource of the United Nations, UNOPS provides sustainable project management, procurement and infrastructure services to a wide range of governments, donors and United Nations organisations.
UNOPS Mexico Country Office supports different collaboration initiatives by the Government of Mexico that are aimed at the fight against corruption and promoting transparency in public management, as well strengthening government actions in the areas of acquisitions, infrastructure and management of high impact projects in Mexico. The work requires strategic and operational perspectives, management of resources ensuring transparency, effectiveness and efficiency that promotes the development and continuous strengthening of internal management, in order to ensure high quality results, in accordance with the needs of the partner in Mexico. The objective of the most prominent project (PharmaMX) is to support the Government of Mexico in its effort to guarantee the right to health to the largest number of inhabitants through the planning and management of the consolidated purchase of medicines (period 2021-2024), as well as assistance in the profiling of the system and model of consolidated purchase of medicines for the health sector of the Government of Mexico.
The Risk Management Unit is a new unit in the Mexico Country Office. It is managed independently from the PharmaMX project and is dedicated to controlling and managing key internal and external risks with organizational wide consequences, associated with the PharmaMX project. This involves an active collaboration with HQ function (such as Legal Group, Ethics & Compliance Office, Internal Audit and Investigations Group, Procurement Group, UNOPS Enterprise Risk Management - ERM Unit, the Chief Information Security Officer, and Finance Group) and include aspects linked to:
personnel/vendor due diligence;
ensuring effective management and assurance of key risks associated with corruption, collusion, safeguarding, ethics, information security and supply chain;
implementation of management actions;
coordinating training and awareness efforts on the topics of all the relevant risks.
Under the direct supervision of the Risk Management Advisor (Mexico Country Office) with support from the Chief Information Security Officer (HQ) and in collaboration with the ICT Specialist, the Risk Management Specialist- Information Security will focus on information risk management, info security compliance, training and awareness, incident management, implementation of appropriate governance & policies, privacy management, and threat intelligence & mitigation.
Summary of Functions in relation to the PharmaMX project
- Technology risk management
- Information security management
- Training and awareness raising
- Knowledge Management
If you are interested in more detailed information about the functional responsibilities, please download the attached Terms of Reference.
- An advanced university degree (Master’s degree or PhD) preferably in Computer Science, Information Systems, Information Management, Risk Management or related field;
A first-level university degree (Bachelor’s degree or equivalent) with a minimum of two (2) additional years of relevant work experience may be accepted in lieu of the advanced university degree.
- A minimum of five (5) years (or more depending on academic credentials) of experience in the design, development, and deployment of secure ICT applications and infrastructure;
- Strong experience developing and implementing information security policies, standards, and guidelines is required;
- Strong experience in cross-functional collaboration in evaluating information security risks and implementing information security mitigating actions is required;
- A strong grasp of privacy program implementation is an asset;
- Solid experience in providing support for standardization and consistent integration of information security processes across existing and new (cloud) ICT environments is desirable;
Working knowledge of Google Suite is desirable.Skills:
Strong interpersonal and analytical skills;
Excellent written and oral skills. **
Fluency in Spanish is required;
Full working knowledge in English (intermediate level) is required.