TERMS OF REFERENCE

 Duty Station of the Consultancy: Kyiv

Duration of Consultancy: 6 Months

Nature of the consultancy: NIST Certification Consultant

Category [A] Consultancy

 Project Context and Scope:

The United States Refugee Admissions Program (USRAP) operates world-wide with a target of providing resettlement opportunities to thousands of individuals each year. IOM provides a range of services and support to the USRAP including, but not limited to, case processing, migration health assessments, cultural orientation training, organized transportation and administration of a travel loan and collections program. The Department of Operations and Emergencies (DOE), specifically the Resettlement and Movement Division (RMM), has the organizational responsibility to provide direction, oversight and guidance to IOM’s global support to all resettlement programs.

Under the direct supervision of the Project Officer, Data Integrity, and the overall supervision of the Senior Project Coordinator, Data Integrity, the incumbent will analyze the USRAP information security framework, develop NIST 800-53 control documentation for the USRAP Resettlement Support Center (RSC) in Eurasia, and monitor the progress of control implementation and effectiveness.

Organizational Department / Unit to which the Consultant is contributing:  RSC Processing in Europe OP.0002

Category A Consultants: Tasks to be performed under this contract

• Examine existing information security framework in IOM Resettlement Support Center (RSC) against NIST 800-53 certification standards and donor requirements, identifying gaps in compliance.
• Produce monthly gap reports.
• Communicate effectively and regularly with RSC management and the National NIST Certification Officer in Washington DC for addressing gaps and mitigating identified risks.
• In coordination with RSC management and technical focal points, produce NIST 800-53 control documentation covering each RSC hub and office.
• Assist the USRAP Data Integrity and Reports Officer (Washington, DC) and the National NIST Certification Officer (Washington, DC) with coordinating the implementation of USRAP information security requirements, NIST controls and external audits between IOM ICT, RSC management, department focal points in IOM and technical focal points for the donor.
• Offer expertise, written and oral, in interpretation of security controls, risk and overall results to RSC management as needed.
• Contribute to Authorization to Operate documentation.
• In cooperation with the ICT security team, perform functional, operational and vulnerability testing of the USRAP information security infrastructure.
• Maintain and ensure the confidentiality and integrity of all personnel-related information by implementing control procedures in line with IOM standards of conduct and data protection rules.
• Perform such other duties as may be assigned.

 Performance indicators for the evaluation of results

• Prepare NIST Control Documentation including but not limited to the below
  • System Security Plan
  • Business Impact Analysis
  • Business Continuity and Disaster Recovery planning
  • configuration Policy and Management
  • Incident Response Policy
• Create SCF, PTA and PIA documents for the GSS
• Perform Gap Analysis
• Recommendations to mitigate the gaps.
• Perform functional, operational and vulnerability testing of the USRAP information security infrastructure

 Education, Experience and/or skills required

• Bachelor’s degree in computer science, information systems, cyber security, computer engineering, or other related discipline from an accredited academic institution with two years of professional experience in information security, information security auditing, or security documentation. OR
• Master’s degree in mentioned spheres from an accredited academic institution with no professional experience.
• Certificates of completion of auditing courses in information security.
• Experience with government or intergovernmental organizations is an advantage.
• Strong analytical and technical skills – ability to assess information security infrastructure with great attention to detail.
• Familiarity with enterprise information technology infrastructure such as Azure, Microsoft 365, cloud hosting and VPN.
• Excellent communication, interpersonal and writing skills.
• Excellent computer skills and proficiency in Microsoft Office applications.
• Relevant experience in IOM policies and procedures would be an advantage
• Languagesю Fluency in English, Ukrainian and Russian is required.

Travel required

No.

Competencies

Values

Inclusion and respect for diversity: respects and promotes individual and cultural differences; encourages diversity and inclusion wherever possible.

• Integrity and transparency: maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
• Professionalism: demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
• Resource Mobilization - Establishes realistic resource requirements to meet IOM needs

Core Competencies – behavioural indicators

• Teamwork: develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
• Delivering results: produces and delivers quality results in a service-oriented and timely manner; is action-oriented and committed to achieving agreed outcomes.
• Managing and sharing knowledge: continuously seeks to learn, share knowledge and innovate.
• Accountability: takes ownership for achieving the Organization’s priorities and assumes responsibility for own action and delegated work.
• Communication: encourages and contributes to clear and open communication; explains complex matters in an informative, inspiring and motivational way.

 How to apply:

Interested candidates are invited to submit their cover letters and CVs with names and contacts of three referees, to [email protected] with subject line “NIST Certification Consultant” by 14 February 2022 at the latest. Only shortlisted candidates will be contacted.

Private entrepreneurs (PE) cannot be considered as applicable for providing services under this consultancy.