Development of information technology security (cybersecurity) policy for Fiji

Job Advertisement

Position Title: Development of information technology security" style="border-bottom: 1px dotted #007bff !important;">security (cybersecurity) policy for Fiji
Location: Fiji
Country: Fiji
Deadline Date: 17-Feb-25 @ 07:11 PM (New York time)

Job Details

Job Posting Organization:
The job is posted by the United Nations Capital Development Fund (UNCDF), which is an organization focused on promoting financial inclusion and sustainable development in developing countries. Established in 1966, UNCDF operates in multiple countries, providing support for local development initiatives and fostering economic growth through innovative financing solutions. The organization aims to help the world's poorest people access financial services and improve their livelihoods, thereby contributing to the achievement of the Sustainable Development Goals (SDGs).

Job Overview:
The position involves the development of a comprehensive cybersecurity policy for Fiji, specifically tailored to the needs of the Fiji Development Bank (FDB). The consultant will be responsible for assessing the current IT infrastructure and cybersecurity governance, identifying vulnerabilities, and aligning the policy with regulatory standards. The role requires collaboration with various stakeholders, including internal department heads and external partners, to ensure that the policy addresses the unique cybersecurity risks faced by the organization. The consultant will also be tasked with creating specific protocols for secure operations, particularly in managing financial data, and will provide guidance on the implementation of these protocols. Additionally, the consultant will conduct training sessions to enhance the skills of staff in cybersecurity practices and compliance, ensuring that the organization is well-equipped to handle potential cybersecurity threats.

Duties and Responsibilities:

• Conduct a comprehensive review of FDB’s IT infrastructure, cybersecurity governance, and operational processes to assess current capabilities and identify vulnerabilities.
• Consult with internal stakeholders (e.g., department heads) and external partners (e.g., vendors, regulatory bodies) to understand cybersecurity risks and align with regulatory standards.
• Create a tailored Cybersecurity Policy Document focusing on governance, data protection, incident response, access control, cryptographic measures, staff competence, third-party risk management, and business continuity.
• Develop specific protocols for secure operations and management of financial data, including access control and secure data handling, with emphasis on vulnerable sectors like agriculture.
• Develop Standard Operating Procedures (SOPs) based on a review of existing controls and workflows, defining roles, responsibilities, and secure handling practices.
• Validate SOPs through stakeholder consultation and align them with internal and regulatory requirements.
• Develop an implementation roadmap for progressive cybersecurity improvements.
• Conduct a training needs assessment to identify knowledge gaps among staff.
• Develop and conduct tailored training, including workshops and scenario-based exercises, to enhance staff skills in cybersecurity practices, data handling, and compliance. 1
• Follow up with evaluations and refresher sessions to ensure ongoing staff competency in cybersecurity.

Required Qualifications:
The ideal candidate should possess a strong background in information technology and cybersecurity, with proven experience in developing and implementing cybersecurity policies and frameworks. The candidate should have a deep understanding of regulatory standards related to cybersecurity and data protection, as well as experience in conducting risk assessments and vulnerability analyses. Strong analytical and problem-solving skills are essential, along with the ability to communicate effectively with diverse stakeholders. The candidate should also demonstrate a commitment to capacity building and training, with experience in developing training materials and conducting workshops.

Educational Background:
A bachelor's degree in information technology, cybersecurity, computer science, or a related field is required. A master's degree or relevant certifications in cybersecurity (such as CISSP, CISM, or equivalent) would be an advantage. The candidate should have a solid understanding of cybersecurity principles, practices, and technologies, as well as familiarity with the latest trends and threats in the cybersecurity landscape.

Experience:
The position requires a minimum of 5 years of relevant experience in the field of cybersecurity, with a focus on policy development and implementation. Experience working with financial institutions or in a regulatory environment is highly desirable. The candidate should have a track record of successfully managing cybersecurity projects and initiatives, as well as experience in stakeholder engagement and collaboration.

Languages:
Fluency in English is mandatory, as all documentation and communication will be conducted in English. Knowledge of Fijian or Hindi would be considered an asset, as it may facilitate better communication with local stakeholders and enhance the effectiveness of training sessions.

Additional Notes:
This position is home-based with travel to Fiji required, involving approximately 30 working days distributed over a 3-month period. The consultant will work as an individual contractor under the procurement process of UNCDF. The deadline for submitting proposals is set for February 17, 2025, at 07:11 PM New York time. Interested candidates must submit their proposals directly through the designated supplier portal, following the specific instructions provided in the job posting.