Unit Head (IT Security Infrastructure) (P4)

  • Company: International Atomic Energy Agency
  • Job Location: Vienna - Austria
  • Date: May 7, 2019 15:18
  • Employment Type: permanent
  • Experience: senior
  • Job Functions:

    Information Technology

Job summary

Organization: MTIT-Security Systems Unit
Primary Location: Austria-Vienna-Vienna-IAEA Headquarters
Job Posting: 2019-04-18, 9:33:39 AM
Closing Date: 2019-05-30, 11:59:00 PM
Duration in Months: 36
Contract Type: Fixed Term - Regular
Probation Period: 1 Year

Job description


Organizational Setting

The Division of Information Technology (MTIT) is a high performing team on a continuous improvement journey to deliver ever more value toward the IAEA’s important mission: Atoms for Peace and Development. We focus on Using Technology Better, Using Better Technology, Securely. MTIT is well into a transformation that achieves operational excellence, while also delivering on the six pillars of the IAEA’s Business Technology Strategy: Building an Adaptive IT Workforce, Implementing a Holistic IT Risk Management and Information Security Programme, Improving How the IAEA Works, Collaborating and Cooperating Across IT, Managing and Sharing Information, and Cultivating an Innovation Mindset.
The Infrastructure Services Section (ISS) focuses on the operational excellence, security, reliability, performance, and cost optimization of the IAEA’s network, compute and storage systems. We aim to modernize and use the Cloud when appropriate, ensuring the confidential, integrity, and availability of the IAEA’s information and information systems always come first. The Infrastructure Services Section includes three Units: Network and Telecommunications, Enterprise Systems, and Security Systems. We need innovative thinking to lead the Security Systems Unit. The Security Systems Unit has a unique and special role in the IAEA, as the Security Systems Unit Head will be responsible for the implementation of new security technologies, security incident response methods and plans, security event monitoring systems, malware detection and enterprise-level end-point protection solutions, and forensic investigations.

Main Purpose

As a member of the ISS management team led by the Section Head, the Security Systems Unit (SSU) Head manages a team of ICT security engineers. He/she is responsible for engineering and administering central IT security systems, and integrating and holistically reviewing IT security across all systems on the network. He/she provides technical leadership, resource management and management of projects. The incumbent applies professional expertise on IT security (e.g. threat analysis, vulnerability management). He/she documents, manages and optimises operational security processes such as vulnerability management, security incident monitoring and security assessments. He/she advises on planning, design and implementation of protection, detection and forensic systems. He/she manages and coordinates the resolution of IT security incidents. Furthermore, he/she is responsible for sustaining service support measures and controls to ensure the resilience, performance, capacity and crisis recovery of those systems to meet the requirements of the organization.


The SSU Head performs the roles of supervisor; security, monitoring and forensic expert; and project manager.

Functions / Key Results Expected

• Leadership: provide SSU with a clear direction, define priorities, delegate work and motivate staff.

• Planning: support the Section Head in developing and implementing annual work and resource plans. Assess their applicability within the overall Business-Technology Strategic Plan. Recognize and actively seek ways to secure the Agency’s IT assets and services.

• Security Management: provide guidance by delivering a high level IT security roadmap based on ISO 27002; develop, propose, recommend, and implement security solutions; document procedures and assure compliance; implement technical control mechanisms; assess and integrate IT security controls for the entire network; and perform security assessments, forensic analysis and vulnerability testing, and make recommendations for corrective actions.

• Service Management: take overall responsibility for ensuring the resilience, performance and security of services within agreed service levels.

• Project Management: plan, monitor and control projects using the PRINCE2 methodology.

• Problem Solving: investigate and resolve problems for services within his/her own area of responsibility, delegate to team members as appropriate, following ITIL processes, and manage major incidents through their lifecycle.

Competencies and Expertise

Core Competencies

Name Definition
Planning and Organizing Sets clearly defined objectives for himself/herself and the team or Section. Identifies and organizes deployment of resources based on assessed needs, taking into account possible changing circumstances. Monitors team’s performance in meeting the assigned deadlines and milestones.
Communication Encourages open communication and builds consensus. Uses tact and discretion in dealing with sensitive information, and keeps staff informed of decisions and directives as appropriate.
Achieving Results Sets realistic targets for himself/herself and for the team; ensures availability of resources and supports staff members in achieving results. Monitors progress and performance; evaluates achievements and integrates lessons learned.
Teamwork Encourages teamwork, builds effective teams and resolves problems by creating a supportive and collaborative team spirit, remaining mindful of the need to collaborate with people outside the immediate area of responsibility.

Functional Competencies

Name Definition
Client orientation Examines client plans and develops services and options to support ongoing relationships. Develops solutions that add value to the Agency’s programmes and operations.
Commitment to continuous process improvement Assesses the effectiveness of functions and systems as well as current practices; streamlines standards and processes and develops innovative approaches to programme development and implementation.
Technical/scientific credibility Provides guidance and advice in his/her area of expertise on the application of scientific/professional methods, procedures and approaches.

Required Expertise

Function Name Expertise Description
Information Technology IT Security Strong knowledge of IT Security. Experience in establishing, implementing and maintaining of IT Security Systems.
Information Technology Information Security and Risk Management Strong knowledge and experience in Information Security, Threat Analysis and Risk Management.
Information Technology Project Management Experience in managing large and complex IT Security related projects following Project Management methodology such as PMP and Prince2.

Qualifications, Experience and Language skills

• Master's Degree - Advanced university degree (or university degree and equivalent working experience) in Computer Science, Information Systems, Business Administration or a related field.


• Accredited Certification in Project Management such as PMP or Prince2 is desirable.


• Accredited Certification in IT Security and/or Information Security such as CISSP or equivalent


• Minimum of seven years of professional experience as a systems and/or security engineer in a large and complex IT enterprise environment (500+ servers). These should include five years of hands-on configuration, administration and troubleshooting experience.

• Extensive experience with security protection systems, tools and techniques (e.g. firewalls, proxies, IDS).

• Extensive experience with security detection systems, tools and techniques (e.g. ArcSight, Nessus).

• Extensive experience in information security methodologies, including threat analysis, vulnerability management and security assessments.

• Experience in managing a team of highly specialized IT staff.

• Experience in information security forensic concept and tools.

• Experience in IT service management (i.e. ITIL), supporting innovation and managing change.

• Extensive experience with procedure development, implementation, and compliance.

• Experience with ISO 27001 is preferred.

• Experience with cloud security.

• Experience with classified networks, information classification, and confidentiality requirements associated with high security environments.


•Excellent oral and written command of English. Knowledge of other official IAEA languages (Arabic, Chinese, English, French, Russian and Spanish) is an asset.


The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $72637 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $ 32033*, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave, pension plan and health insurance

Applications from qualified women and candidates from developing countries are encouraged

Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values): Integrity, Professionalism and Respect for diversity. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process



[US] v1.8.5@web02