Cybersecurity Operations Monitoring Team Lead

About UNICC

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

Purpose of the Position

Within the Cyber Security Operations team, the incumbent will provide support and guidance to the Cyber security operations centre (SOC).

Objectives of the Programme

UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.

Main duties and responsibilities

The incumbent will work under the direct supervision and guidance of the Chief, Cyber Security Operations Section (CSO) and in close collaboration with other Cybersecurity (CS) teams. The incumbent could be requested to do any other tasks of similar level in related fields.

• Collaborate in the implementation and execution of the annual work plan for the Cybersecurity Operations Monitoring team by monitoring or coordinating assigned activities and tracking progress against planned objectives in order to ensure timely delivery of priorities and alignment with the organization’s cybersecurity strategy.
• Provide oversight and operational guidance of the 24×7 Security Operations Center (SOC) analysts, ensuring continuous monitoring, effective incident detection and response, adherence to defined procedures, and consistent service quality across all shifts.
• Support the onboarding of new agencies to Security Operations Center (SOC) capabilities, ensuring effective integration of services, operational processes, and security monitoring capabilities.
• In collaboration with other Cybersecurity Operations teams (CSIRT, CTI), implement tools, procedures, and processes to enhance prevention, detection, and respond to cybersecurity threats.
• Execute and report on continuous improvement initiatives to assess and enhance Cybersecurity Operations monitoring capabilities.
• Define, implement, and report on key performance indicators (KPIs) to ensure monitoring services are effective and delivered at the expected quality level.
• Implement security monitoring capabilities and use cases derived from security incidents, risk assessments, audit activities, and strategic roadmap initiatives, to mitigate identified risks and strengthen the organization’s overall security posture.
• Contribute to the organization and delivery of the annual Common Secure Conference by supporting planning, coordination and execution activities in order to promote cybersecurity awareness, knowledge sharing and stakeholder engagement.

Other Information

• Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management.
• The incumbent could be required to support on-call rotation.

Recruitment Profile

Experience and Skills required:

Essential:

• Proven experience of minimum five (5) years in working within a Cybersecurity Operations Centre including three or more of the following requirements:
• Having supported the establishment of cybersecurity Operations centres for International Organizations
• Having managed and mentored SOC analysts across Tier 1, Tier 2, and Tier 3 functions
• Having led SOC operations on a 24/7 basis, ensuring effective monitoring, detection, and response to security incidents
• Having monitored SOC KPIs and SLAs, producing management and executive-level security reports
• Contributing to the establishment or enhancement of cybersecurity operations centres within international or large organizations
• Providing technical guidance and mentoring to SOC analysts across Tier 1, Tier 2 and Tier 3 functions
• Coordinating or supporting 24/7 SOC operations to ensure effective monitoring, detection and response to security incidents
• Monitoring SOC KPIs and SLAs and preparing operational and management-level security reports

Desirable:

• Strong understanding of network and security.
• Exposure to cloud security monitoring (e.g., AWS, Azure, GCP) and hybrid environments.
• Exposure with SOAR platforms and automation use cases to improve SOC efficiency.
• Previous experience with international or large organizations.

Education:

Essential:

First university degree in Information Technology or related field.

Desirable:

One of the following technical certifications: OSWP, OSCP, GCIH, or other GIAC/similar certifications.

Languages:

English: Expert knowledge is required. Knowledge of another UN official language will be considered an advantage.

UNICC Global Competencies:

• Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
• Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
• Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
• Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
• Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
• Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.

Key skills/competency

• Cybersecurity Operations
• Security Operations Center (SOC)
• Incident Detection and Response
• Cybersecurity Strategy
• Security Monitoring
• Key Performance Indicators (KPIs)
• Risk Management
• Cloud Security
• SOAR Platforms
• Team Leadership