Analista de Gestão de Conformidade Operacional

Job Posting Organization:
The United Nations Development Programme (UNDP) is a global development network established in 1965, with a mission to eradicate poverty and reduce inequalities through sustainable development. UNDP operates in approximately 170 countries and territories, working with governments and people to address development challenges. The organization values diversity, equity, and inclusion, and is committed to fostering an inclusive workplace where all personnel can contribute to its mission. UNDP emphasizes the importance of representation from underserved populations and encourages applications from marginalized or excluded groups. The organization has a strict policy against sexual exploitation, abuse, and harassment, ensuring that all selected candidates undergo rigorous background checks.

Job Overview:
The position of Analista de Gestão de Conformidade Operacional is crucial for managing and ensuring the technical and operational compliance of cybersecurity initiatives within the project BRA/25/025, which aims to strengthen cybersecurity and transparency in the judiciary. The role involves close collaboration with teams from the National Justice Council (CNJ) and UNDP, focusing on risk identification and mitigation, alignment with security" style="border-bottom: 1px dotted #007bff !important;">security standards, and continuous improvement of processes and policies. The candidate is expected to work remotely, requiring adequate work conditions and necessary infrastructure to perform their duties effectively. The position entails overseeing various operational compliance fronts, including identity management, archival compliance, operational monitoring, incident response, and business continuity planning, all aimed at enhancing the efficiency and security of judicial processes.

Duties and Responsibilities:

• Integrated Coordination, Governance, and Continuous Improvement of the operational compliance front: Plan, coordinate, and supervise the integrated execution of fronts dedicated to authentication, monitoring critical environments, preventive protocols, disaster recovery actions, and more. Ensure technical, methodological, and operational coherence among the fronts. Promote alignment of activities with program guidelines and institutional governance. Define performance, maturity, and compliance indicators for the front. Continuously monitor results and operational security levels. Produce technical and executive reports to support strategic decision-making. Act as a focal point for coordination between the operational compliance front and other program fronts and governance instances. Stimulate process standardization, automation of controls, and continuous improvement of operational security practices.
• Governance of Identities, Access, and Information Security: Ensure alignment of authentication, authorization, and identity management mechanisms with best security practices. Ensure traceability, access control, and institutional compliance. Promote standardization of processes related to identity and access security.
• Archival Compliance and Information Integrity: Ensure adherence of procedural and administrative systems to system requirements (MoReq-Jus). Promote integrity, authenticity, interoperability, and preservation of information. Guide the technical adequacy of systems to archival and document management standards.
• Operational Monitoring and Vulnerability Management: Coordinate the implementation and evolution of monitoring critical environments as an operational monitoring core. Ensure consolidation and analysis of data related to access, systems, and vulnerabilities. Supervise the cycle of Continuous and Corrective Audit of Vulnerabilities (ACCV). Ensure that audit results feed back into other fronts of the project.
• Prevention, Response, and Incident Management: Structure and operationalize the preventive action and security protocol. Transform technical alerts into standardized preventive and corrective responses among courts. Promote integration between detection, prevention, response, and recovery of incidents. Consolidate a systemic view of compliance and operational security.
• Business Continuity and Disaster Recovery: Coordinate the development and updating of the CNJ's cybersecurity disaster recovery plan. Ensure the existence of effective tactical disaster recovery plans. Guarantee continuity of essential services in incident or unavailability situations. Support periodic tests and reviews of continuity plans.
• Leadership and People Management: Develop, guide, and monitor the respective team, promoting a collaborative, safe, inclusive work environment aligned with UNDP values. Conduct performance evaluation processes, providing continuous feedback, strategic direction, and support for professional development. Plan the distribution of activities and responsibilities, ensuring understanding of roles, proper prioritization, and operational efficiency. Promote the well-being and psychosocial health of the team, identifying risks, preventing overload, and fostering a healthy organizational climate. Ensure clear, timely, and dialogical communication with the team, aligning expectations, deadlines, priorities, and institutional guidelines. Facilitate the development of knowledge and capacities, knowledge sharing, and advocacy for relevant interests in the assigned thematic areas. The incumbent will perform other functions compatible with their functional profile deemed necessary for the project's proper functioning.

Required Qualifications:
Minimum education requirements include an advanced university degree (Master's or equivalent) in Information Technology, Information Security, Computer Engineering, Information Systems, Statistics, or related fields. Alternatively, a Bachelor's degree combined with two additional years of qualified experience will be considered in lieu of the advanced university degree. Candidates with an advanced university degree do not require professional experience, while those with a Bachelor's degree must have at least two years of experience in information security management, information security project management, or operational cybersecurity governance in critical environments.

Educational Background:
Candidates must possess an advanced university degree (Master's or equivalent) in relevant fields such as Information Technology, Information Security, Computer Engineering, Information Systems, or Statistics. A Bachelor's degree combined with two years of relevant experience will also be accepted. This educational background is essential to ensure the candidate has the necessary knowledge and skills to manage complex cybersecurity initiatives effectively.

Experience:
The position requires a minimum of two years of relevant professional experience for candidates with a Bachelor's degree. Those with an advanced university degree do not need prior experience. Relevant experience should include information security management, project management related to information security, or operational cybersecurity governance in critical environments. Experience in public sector projects or activities, particularly in the judiciary, is highly desirable, as is familiarity with compliance requirements and technical metrics for project maturity.

Languages:
Fluency in Portuguese is required for this position, as it is essential for effective communication within the team and with stakeholders. A basic level of English is desirable, which would be beneficial for understanding international standards and collaborating with global partners.

Additional Notes:
This position is remote, and candidates are expected to have suitable working conditions, including the necessary infrastructure and equipment to perform their duties effectively. The role is full-time, and UNDP reserves the right to select multiple candidates from this vacancy announcement. The organization does not charge any fees during the recruitment process and is committed to creating an inclusive workplace where all personnel can thrive.