East Europe Foundation, within the framework of the USAID/UK Aid Project Transparency and Accountability in Public Administration and Services (TAPAS), announces a competition for a post of Information and Cyber Security Expert to ensure cyber security of Ministry of Youth and Sports and subordinate agencies (hereinafter – the Ministry and subordinate agencies).
Expected duration of expert support services: up to nine (9) months.
Work format: hybrid (online and offline).
Scope of Work and Responsibilities:
- Information and advisory support; general coordination of work and interaction between the Ministry and subordinate agencies’ subdivisions and individual staff members responsible for cyber security.
- Identify cyber security requirements; conduct an audit of the current state of information security; develop recommendations to implement the information security assessment system; implement improvement of certain security aspects; develop information security guidelines and procedures; draw up reports based on the result of this audit, in particular:
– provide recommendations on improving the technical infrastructure; participate in infrastructure audits (conducted by a third party);
– provide advisory support on the preparation of terms of reference and contracts for infrastructure audits, system migration, lease of computing capacities; implementation of monitoring, registration, and audit services for administrators; deployment, authorization and authentication of administrative users of the system; and, integration with external systems.
- Review the functional state of the Information and Communication Systems (hereinafter – the ICS) of the Ministry and subordinate agencies:
– performance evaluation of the comprehensive information security system (hereinafter referred to as the CISS) within the Ministry’s ICS; documentation on the development of the CISS and other related documents; review of other technical documentation;
– consultations on the implementation of best practices in the CISS and support in the creation of the CISS within the Ministry and subordinate agencies’ ICS.
- Advise on the development of technical specification, terms of reference and other related documentation to create new ICS for the Ministry and subordinate agencies to ensure their cyber security.
- Develop proposals on cooperation with the main cybersecurity entities, other government agencies and organizations to enhance the resilience of the Ministry and subordinate agencies’ ICS.
- Advise and provide methodological assistance in establishing technical cooperation with specialized platforms to ensure information exchange and immediate response to cyber incidents and cyber attacks.
- Advise on the inventory taking; compile a list of critical information infrastructure facilities (the Ministry and subordinate agencies’ ICS); provide guidance on their classification and status reviews.
- Advise on the Ministry and subordinate agencies’ information infrastructure cyber attack readiness assessment.
- Support the creation and assessment of the current and target profile of the Ministry and subordinate agencies, in particular:
– identify the target cybersecurity measures, including the current risk environment assessment and risk management;
– create a plan for bridging the gap between the current and target cybersecurity resilience profile and approve it for the current year according to the methodology of the State Special Communications Service of Ukraine to improve the Ministry and subordinate agencies’ cyber defense.
- Develop recommendations for the creation of a cybersecurity resilience self-assessment plan for the Ministry and subordinate agencies.
- Advise on the Ministry and subordinate agencies’ information infrastructure vulnerability assessment.
- Advise on the development of cyber incident response plans and relevant internal policies (rules for managing user and administrator access, incidents, etc.) to govern the activity of the work of the Ministry and subordinate agencies.
- Develop proposals how to secure funding to finance cybersecurity measures; procurement of technical equipment; planning of individual cybersecurity expenditures, including review and identification of priority areas to involve potential international technical assistance and other possible sources of funding and support for cybersecurity measures at the Ministry and subordinate agencies.
- Provide advisory support on the formation of the information security structural unit withinthe Ministry and subordinate agencies; advise on qualification requirements for candidates for the posts of information and cybersecurity officers.
- Develop proposals on how to conduct the needs assessment for upskilling the staff of the Ministry and subordinate agencies in cyber awareness and cyber hygiene; develop an action plan and a training curriculum in the field of cybersecurity.
- Review the national and international legal framework and standards to ensure cybersecurity and develop proposals on drafting and ameliorating internal documentation and related regulations of the Ministry and subordinate agencies.
- Study the best national and international practices in implementing cybersecurity measures.
- Perform other tasks within the framework of ensuring cybersecurity of the Ministry and subordinate agencies, including participation in the development of programs, plans and other documents to facilitate the implementation of cyber security measures.
- Coordinate the work of cybersecurity team at the Reforms Project Office under the Ministry.
- Test the cyber vulnerability of the Ministry and subordinate agencies’ ICS.
- Implement anti-phishing measures.
- Knowledge of Ukrainian legislation in the field of digitalization, cyber security, and information protection.
- Experience in writing technical specifications and terms of references for IT projects, information security and cyber security projects.
- Understanding IT development project management; IT development project management skills and skills of using Waterfall and Agile
- Experience with Jira and Confluence.
- More than three (3) years of project management experience in the development and implementation of information and communication systems, software, or experience in the successful implementation of IT systems in large enterprises (at least three (3) projects) in a managerial or key positions.
- Management experience in the public sector.
- Experience in communication with government agencies (clarifying requirements, making presentations).
- Command of English will be an advantage.
- Academic degree, academic title, certificates of R&D experience will be an advantage.
To apply, send your application (CV with relevant work experience, skills, and personal contact information) before 23:00 on August 28, 2023 to the email address: ATkachenko@eef.org.ua with a note “Expert_Cyber Security”.
Anna Tkachenko, East Europe Foundation