Apply now »

Title:  ICT Security Operations Officer

Requisition ID: 7511 
Grade: P3 
Country: Austria 
Duty Station: Vienna 
Category: Professional and Higher 
Type of Job Posting: Internal and External
Employment Type: Staff-Full-time
Appointment Type: Fixed Term - 100 series
Indicative Minimum Net Annual Salary: 109,999 USD 
Application Deadline: 26-Jun-2026, 11:59 PM (Vienna, Austria time)

 

Vacancy Announcement
Female candidates from all Member States are particularly encouraged to apply.

UNIDO welcomes applications from qualified persons with disabilities. Reasonable accommodation will be provided to applicants and employees with disabilities to support full participation in the recruitment process and in the performance of their duties.

 

 

ORGANIZATIONAL CONTEXT

 

The United Nations Industrial Development Organization (UNIDO) is the specialized agency of the United Nations that promotes industrial development for poverty and hunger reduction, inclusive and fair globalization and environmental sustainability.  The mission UNIDO, as described in the Lima Declaration adopted at the fifteenth session of the UNIDO General Conference in 2013, the Abu Dhabi Declaration adopted at the eighteenth session of UNIDO General Conference in 2019 as well as the Riyadh Declaration adopted at the twenty-first session of UNIDO General Conference in 2025, is to promote and accelerate inclusive and sustainable industrial development in Member States. The relevance of this mission as an integrated approach to all three pillars of sustainable development is recognized by the 2030 Agenda for Sustainable Development and the related Sustainable Development Goals (SDGs), which will frame United Nations and country efforts towards sustainable development. UNIDO’s mandate is fully recognized in SDG-9, which calls to “Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation”. The relevance of inclusive and sustainable industrial development, however, applies to all SDGs.

 

The medium-term programme framework (MTPF) 2026 - 2029 is UNIDO’s core strategic document and it is in line with UNIDO’s Vision 2050. It sets a renewed vision to support Member States and shape their industries for development. The priorities include fair and sustainable global and regional supply chains, ending hunger through innovation and local value addition, renewable and clean energy, sustainable energy access and climate action. Cross-cutting priorities focus on industrial and economic policy advice, skills development, fostering digitalization and artificial intelligence, gender equality and the empowerment of women, supporting youth, promoting cleaner production and circular economy, and leveraging private sector investment and development finance.

 

Each of these programmatic fields of activity contains a number of individual programmes, which are implemented in a holistic manner to achieve effective outcomes and impacts through UNIDO’s four enabling functions: (i) technical cooperation; (ii) analytical and research functions and policy advisory services; (iii) normative functions and standards-related activities; and (iv) convening and fostering partnerships for knowledge and technology transfer, investment mobilization, networking and industrial cooperation. Such core functions are carried out in Divisions/Offices in its Headquarters, Sub-regional Offices and Country Offices.

 

 

The Directorate of Corporate Services and Operations (COR), headed by a Managing Director, is responsible and accountable for the management of UNIDO’s human, financial and material resources, ensuring the capacity of the Organization to fulfil its mandate. The Directorate oversees a full range of corporate services to meet the support needs of the Organization, acts as a custodian for corporate management policies, and promotes a culture of cooperation, service orientation and corporate excellence throughout the Organization to deliver efficient and effective high-quality work and enable tangible impact on the ground to achieve ISID worldwide.

 

The position is located under the Digitalization, Innovation, and TC Optimization Services (COR/DIT). COR/DIT focuses on enabling the organization through innovative digital solutions and ensuring secure and efficient IT services. It implements and oversees digital, IT related initiatives aimed at optimizing TC delivery. COR/DIT collaborates closely with all Directorates to enable digitalization, innovation and optimization of processes, thereby supporting greater synergy and integration.

 

The ICT Security Operations Officer works under the direct supervision of the Chief, Division of Digitalization, Innovation, and TC Optimization Services; and in close collaboration with the colleagues to support the mandate of the Division. In line with the UNIDO Internal Control Framework and its “three lines” model, this position contributes to the first line  by directly implementing, operating, and improving cybersecurity controls; and coordinates security-related activities with the second line (in particular, the Information Security Officer within COR/AIT/RCU), as needed and applicable.

 

At the P3 level, the incumbent is expected to deliver: (a) work from a seasoned analyst; (b) in creating an enabling environment for work which is solid and anchored to achieving results; (c) in building relationships which contributes to relationship management, and (d) in achieving results within a professional team. The measure of success is in consistent and dependable delivery of results.

 

The UNIDO Staff Performance Management System reinforces the collaboration within formal units as well as among cross-functional teams. In this context, the incumbent collaborates with his/her supervisor and colleagues, within as well as outside the unit. Within the formal teams, the incumbent may be expected to backstop other team members as required.

 

Staff members are subject to the authority of the Director-General and in this context all staff are expected to serve in any assignment and duty station as determined by the needs of the Organization.

 

  1. Main Responsibilities

 

As a member of COR/DIT, the ICT Security Operations Officer operates as part of the first line of defence and is responsible for the implementation, operation, and maintenance of cybersecurity controls and security systems across the organization. The incumbent manages the deployment, configuration, daily operation, and optimisation of ICT security technologies and services, including the technical integration and coordination of security capabilities across corporate systems, while prioritizing and executing security operations activities.


The role performs hands-on technical security analysis, operations, and security engineering activities, including security monitoring, incident response, threat analysis, vulnerability management, and the technical optimisation of operational security processes. In addition, the incumbent operates application security controls such as web and application scanning, automated security testing (SAST/DAST), and coordinates remediation activities with development teams to support secure software delivery throughout the application lifecycle. In collaboration with relevant technical teams, the role also supports the operation and enforcement of AI security controls for enterprise AI systems and workloads, including monitoring AI usage, detecting anomalous or malicious interactions such as prompt injection or data leakage attempts, and enforcing technical safeguards. Furthermore, the incumbent is responsible for operating protection, detection, and forensic capabilities, as well as executing the technical response and resolution of ICT security incidents to ensure the continuous, reliable, and resilient operation of security controls supporting system performance, capacity, and recovery requirements.

 

The ICT Security Operations Officer serves as an infrastructure security expert, monitoring and forensics expert, and project manager.

 

Functions / Key Results Expected

  • Lead delivery of technical enterprise services across infrastructure security, application security, network security, security incidents monitoring & response, and threat and vulnerability management domains.
  • Assure management and optimal configuration of the technical tools portfolio for SIEM, EDR, vulnerability analysis and mitigation, and systems hardening tools, IPS, WAF, as well as related capabilities.
  • Oversee secure implementation of the enterprise capabilities operating in a hybrid multi-cloud infrastructure environment.
  • Operate AI security monitoring and enforcement controls for enterprise AI workloads and platforms, including continuous monitoring of AI usage, enforcement of secure access and usage policies, detection of prompt injection and data leakage attempts, and investigation and response to AI-related security events.
  • Operate enterprise data protection controls, including data classification, sensitivity labeling, DLP enforcement, and encryption mechanisms across systems and cloud environments.
  • Perform continuous security monitoring, incident detection, triage, and response activities.
  • Execute vulnerability management processes, including scanning, tracking, validation, and remediation.
  • In cooperation with other technical experts within COR/DIT, develop security baselines for platforms, services and capabilities.
  • Monitors secure and correct operation of Enterprise Backup systems, and leads restore and disaster recovery drills.
  • Provides regular updates to the Risk Management and Compliance Unit (COR/AIT/RCU) on action plans against relevant cybersecurity incidents or trends. 
  • Maintains the COR/DIT Risk Mitigation Plan up to date, in close cooperation with COR/AIT/RCU.
  • Develop and lead the implementation of strategic, long-term improvements for security management services and capabilities.
  • Backstop and monitor the delivery of 3rd-party services, in particular managed security service providers (MSSP) services.
  • Deliver operational functions supporting relevant policies and guidelines, including but not limited to, UNIDO's Information Security Management System, the latest DTN Minimum Baseline for Cybersecurity, ICT Policy.
  • Analyze security events, vulnerabilities and trends, and provide operational recommendations to support timely mitigation actions.
  • Contribute to an enabling and secure ICT environment that allows programmes and corporate services to operate effectively and safely
  • Collaborate with ICT teams, oversight and compliance functions and relevant stakeholders to promote consistent application of security controls and shared understanding of operational risks.
  • Perform other related duties and assignments as required by the Chief of the Division.

 

 

  1. Core Values and Competencies

 

Core Values

WE LIVE AND ACT WITH INTEGRITY: work honestly, openly and impartially.

WE SHOW PROFESSIONALISM: work hard and competently in a committed and responsible manner.

WE RESPECT DIVERSITY: work together effectively, respectfully and inclusively, regardless of our differences in culture and perspective.

 

Key Competencies

WE FOCUS ON PEOPLE: cooperate to fully reach our potential –and this is true for our colleagues as well as our clients. Emotional intelligence and receptiveness are vital parts of our UNIDO identity.

WE FOCUS ON RESULTS AND RESPONSIBILITIES: focus on planning, organizing and managing our work effectively and efficiently. We are responsible and accountable for achieving our results and meeting our performance standards. This accountability does not end with our colleagues and supervisors, but we also owe it to those, we serve and who have trusted us to contribute to a better, safer and healthier world.

WE COMMUNICATE AND EARN TRUST: communicate effectively with one another and build an environment of trust where we can all excel in our work.

WE THINK OUTSIDE THE BOX AND INNOVATE: To stay relevant, we continuously improve, support innovation, share our knowledge and skills, and learn from one another.

 

 

  1. Minimum Organizational Requirements

 

 

Education:

 

A first‑level university degree (Bachelor’s or equivalent) in Information Security, Computer Science, IT Management, Engineering, or in a related field with a specialization related to  cybersecurity / information security / ICT security is required.

An advanced university degree (Master’s or equivalent) or a Doctorate in the same fields are accepted with a reduced   requirement for years of professional experience.

 

 

Experience, technical knowledge and functional expertise:

 

A minimum of professional experience associated with the educational level is required, as follows:

  • First‑level university degree (Bachelor’s): at least 8 years of relevant professional experience
  • Advanced university degree (Master’s): at least 5 years of relevant professional experience
  • Doctorate: at least 3 years of relevant professional experience

 

Professional experience as a systems and/or security engineering in an Enterprise ICT enterprise environment out of which three (3) years of experience in hands-on configuration, administration and troubleshooting in cybersecurity and ICT Infrastructure contexts is required.

 

  • Hands-on experience with cloud security operations, including cloud security posture management (CSPM), identity and access monitoring, and remediation of misconfigurations in enterprise or hybrid environments, is required.
  • Experience with standard operational procedure development, implementation, and compliance is required.
  • Hands-on experience with security protection systems, tools and techniques (e.g. firewalls, proxies) is required
  • Hands-on experience in security monitoring, threat detection, incident response operations, and vulnerability management is required.
  • Experience with security operations technologies, including Security Information and Event Management (SIEM), Security Operations Center (SOC) platforms, endpoint detection and response (EDR), intrusion prevention systems (IPS), web application firewalls (WAF), and email security systems, is required.
  • Hands-on experience with application security operations, including vulnerability scanning and use of SAST/DAST tools, is required.
  • Operational monitoring of enterprise AI systems, detecting anomalous or malicious interactions, and enforcing secure AI usage policies, is desirable.
  • Experience in contracting and overseeing service delivery of Managed Security Service Providers (MSSP) is desirable.
  • Experience in information security forensics (concepts and tools) is desirable.
  • Experience with ISO 27001 with relevant certifications is desirable.
  • Accredited Certification in Project Management, such as PMP or Prince2, is desirable. 
  • Accredited Certification in ITSM, such as ITIL (v4 or v5), is desirable.
  • Certification in any security operations or incident response, such as GIAC GCIH (Incident Handler), GCIA (Intrusion Analyst), GMON (Continuous Monitoring), GSOC (Security Operations), Microsoft SC‑200 (Security Operations Analyst), or equivalent is desirable.
  • Cloud security certification in any, such as Microsoft AZ‑500 (Azure Security Engineer), AWS Certified Security – Specialty, Google Professional Cloud Security Engineer, CCSP (Certified Cloud Security Professional), or equivalent is desirable.
  • Certification in Digital forensics and incident response (e.g. GIAC GCFA) is desirable.
  • Certification in Application and software security (e.g. CASE, OSWE) is desirable.

 

 

Languages:  Fluency in written and spoken English is required. Fluency in or working knowledge of other United Nations language(s) is desirable.


NOTE: 

For further information on salaries, refer to the International Civil Service Commission website: https://icsc.un.org/

Employees of UNIDO are expected at all times to uphold the highest standards of integrity, professionalism and respect for diversity, both at work and outside. Only persons who fully and unconditionally commit to these values should consider applying for jobs at UNIDO.

All applications must be submitted online through the Online Recruitment System. Correspondence will be undertaken only with candidates who are being considered at an advanced phase of the selection process. Selected candidate(s) may be required to disclose to the Director General the nature and scope of financial and other personal interests and assets in respect of themselves, their spouses and dependents, under the procedures established by the Director General.

Visit the UNIDO careers site for details on how to apply: https://careers.unido.org/ 

NOTE: The Director General retains the discretion to make an appointment to this post at a lower level.

Notice to applicants:
UNIDO does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. If you have received a solicitation for the payment of a fee, please disregard it. Vacant positions within UNIDO are advertised on the official UNIDO website. Should you have any questions concerning persons or companies claiming to be recruiting on behalf of UNIDO and requesting payment of a fee, please contact: recruitment@unido.org

Apply now »