**Purpose of the Position**:
The Cybersecurity Private Key Infrastructure (PKI) and Identity and Access Management (IAM) specialist will work within the Cybersecurity Architecture and IAM unit (CSA) to design, build and implement UN wide PKI service. Additionally will work closely with the IAM team to integrate PKI services seamelessly into enterprise IAM solutions for UNICC and its client organization.
The incumbent will provide services to client organizations either independently or as a team leader, depending on size and complexity of client organization and related needs. The post holder will also be responsible for managing consultants providing similar services to UNICC and its client organization.




**Objectives of the Programme**:
The objectives of the Centre, is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.
**Main duties and responsibilities**
The incumbent will work under the direct supervision and guidance of the Head, Cybersecurity Architecture and IAM unit within the Cybersecurity Services Division and in close collaboration with other units in the division. The incumbent could be requested to do any other tasks of similar level in related fields. The post holder will work on the following tasks:
- Under guidance, develop, implement and monitor comprehensive enterprise PKI service frameworks, guidelines and best practices with focus on ensuring that the integrity, confidentiality and availability of information is managed and controlled
- In collaboration with the team, contribute to the design and implementation of a common UN wide PKI service following the industry and security best practices based on business requirements
- Under guidance, lead the PKI and IAM projects, design activities to respond to complex requirements focused on cybersecurity, configuration and deployment models for IaaS, PaaS and SaaS and Function as a Service (FaaS)



for Amazon Web Services (AWS), Microsoft Azure and Google Cloud platforms or SaaS offerings
- Plan and implementate secure architectures for on-premise, public, private, and hybrid Cloud based systems within Amazon Web Services (AWS), Microsoft Azure, or other cloud providers
- In close collaboration with the team, design Network controls, Anti-Distributed Denial of Service (Anti-DDoS), Web Application Firewall (WAF) and API Gateways
- Provide regular reporting on the current status of the information security systems/frameworks to senior management and business unit heads as part of a strategic enterprise risk management program
- Keep up to date with security issues and best practices related to risk management. Monitor emerging threats trends, and advise relevant stakeholders on the appropriate courses of action
- Perform other related duties and fulfil responsibilities as required
**Recruitment Profile**
**Experience and Skills required**:




**Essential**:
- Five years experience in one or more of the following areas: Enterprise Identity and access management
Enterprise PKI and certificate management services
Managing enterprise electronic signature, time stamping and digital certificates systems and services
- Good understanding of the various digital certificate management systems and PKI services
- Strong understanding with Federation Protocols (Oauth, SAML, OpenID), and Single Sign On (SSO) models
- Ability to understand technical and business aspects of IT risk, and to communicate those risks to management, business and technical units so that the organization can make informed decisions regarding appropriate levels of information security control
**Desirable**:
- Project management skills and ability to manage multiple projects under strict timelines
**Education**:
**Essential**:
- First University degree in Cybersecurity or relevant IT field




- At least one professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials
**Desirable**:
- Project Management qualification, such as PRINCE2
- Service management qualification, such as ITIL Practitioner
- PKI or Digital certificate manager certification
- IAM certification from Microsoft, Oracle, Okta, Azure, AWS or Google
- Any cloud security certification like CCSP, Azure Security Engineer Associate, AWS Certified Security - Speciality, GCP Security Engineer
**Languages**:
- **English**: Intermediate knowledge is desirable
- **French**: Intermediate knowledge is desirable
- **Spanish**:Intermediate knowledge is desirable
**UNICC Global Competencies**:
- **Teamwork**: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
- **Communicating**:



Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
- **Respecting and promoting in