Identity and Access Management Specialist, Geneva

Εργασιακά Θέματα

Closing date: Sunday, 15 February 2015

World Intellectual Property Organization

Tools

  • e-Recruitment
  • Contact Us
  • My Account

English

  • Français

IDENTITY AND ACCESS MANAGEMENT SPECIALIST (WIPO/14/P4/FT0138)

11 January 2015

Vacancy Announcement No: WIPO/14/P4/FT0138

Title: IDENTITY AND ACCESS MANAGEMENT SPECIALIST

Grade: P4

Appointment/Contract type: Fixed-Term Appointment

Duration: two years *

Publication Date: 23 December 2014

Application Deadline: 15 February 2015

Organizational Unit: Systems Management and Integration Section

IT Technical Division, Information and Communication Technology (ICT) Department, Administration and Management Sector

Duty Station: Geneva, Switzerland

Post Number: B233 / 10000219

Organizational Context

The post is located in the System Management and Integration Section, IT Technical Division, ICT Department.

The primary responsibility of the Section is to provide efficient and cost-effective ICT platforms for the hosting of business systems that fulfill the business and technical requirements. This entails the provision of system resilience and availability, ongoing system consolidation, the use of standardized solutions and a progressive move towards integrated ICT architectures for sustainability to accommodate WIPO's fee-generating services that almost exclusively rely on such systems to receive and process information online. The Section ensures that business systems can be used as integrated services and meet the business requirements as a whole, regardless of the intricacies and interdependencies of the underlying technical systems.

The incumbent is responsible for planning, deploying and ensuring efficient operations of an enterprise-wide Identity and Access Management (IAM) platform with the goal of progressively integrating applications into the IAM system, thereby achieving single-sign-on capabilities and establishing a single point of control for IAM within the Organization.

The incumbent reports to the officer in charge of the Systems Management and Integration Section.

Main duties

The incumbent performs the following main duties

  1. Design and oversee the development of WIPO's current IAM solutions comprising varying degrees of security requirements, including strong multi factor, context aware based authentication techniques, an access management and authentication framework and automated workflows for user provisioning and synchronization of user data between different sources and destinations.
  2. Advise on the integration of existing Internet facing applications with the planned IAM system, and on design, engineering, development and implementation of a robust highly available operations platform supporting these applications that enables single sign-on capabilities. Integrate the Oracle-PeopleSoft based ERP application suite with the IAM platform, promoting the use of role based access controls;
  3. Lead the development of the strategic IAM road map under the direction of the Enterprise Architecture and ICT Program Management Division, the Information Assurance Division; and business system managers.
  4. Design, propose and establish standard IAM solutions to application developers and business architects; Advise developers on the integration of business applications into the standard IAM stacks for User Authentication, Web SSO and Access Control;
  5. Develop and implement IAM related auditing, logging and reporting on access rights;
  6. Maintain a corporate data dictionary of directory attributes, usage requirements, owners and synchronization processes. Ensure coherent use of LDAP groups and dynamic groups; Take the lead in consolidating current solutions;
  7. Federate external and internal IAM platforms in order to ensure a seamless user experience for securely accessing WIPO's internal and Internet facing services by external users and by WIPO staff working remotely;
  8. Develop and maintain ICT Service Continuity measures for IAM services and propose improvements in accordance with business continuity requirements. Collaborate with the Information Assurance Division for the development, implementation and assurance of operational processes and control mechanisms that apply information security policies and standards in relation to the IAM service. Propose solutions to enhance operational security.
  9. Manage supplier contracts related to the IAM platforms in order to maintain reliable and efficient delivery of IAM services.
  10. Perform other duties as required.

Competencies

WIPO Core Competencies

  1. Communicating effectively.
  2. Respecting individual and cultural differences.
  3. Showing team spirit.
  4. Managing yourself.
  5. Producing results.
  6. Embracing change.
  7. Respecting ethics and values.

REQUIRED QUALIFICATIONS

Education

Essential

Advanced university degree, preferably in Computer Science, Engineering or related discipline. A first-level university degree plus two years of relevant experience in addition to the experience requested below may be acceptable in lieu of the advanced university degree.

Desirable

Specialized training or certification in one or more leading IAM product suites.

Advanced security certifications.

Experience

Essential

At least nine years of professional work experience in the design, deployment and operations related to large scale, enterprise-level IAM platforms, and in the integration of business applications with IAM systems for authentication and access control.

Proven track record in implementing highly secure IAM solutions.

Experience with using directory services, LDAP, Federation and in particular the Microsoft Active Directory environment.

Experience with at least two of the following: Forgerock OpenAM, nexus access management, NetIQ Identity Manager, Novell E-directory,

Desirable

Experience with multiple SSL gateways and reverse proxy services, VPN, OpenCMS, CAS, Websense, and Apache/Tomcat basic authentication.

Skills

Essential

  • Excellent technical knowledge of application integration with IAM systems, hands-on programming experience in at least one application development platform (Java/Linux and/or .NET/Windows).
  • Expert knowledge of at least three of the following technologies: Authentication/Authorization; Access Provisioning; Web technologies (SSL, reverse proxies, Web SSO); Public Key Infrastructure; Multi-factor authentication.
  • Excellent analytical skills and the ability to document IAM platforms and processes, as well as related operating and risk management procedures.
  • Able to clearly explain complex issues, and communicate with technical actors, and business area representatives.
  • Proven ability to work as part of diverse technical teams in a cross cultural environment.
  • Understanding of internet security technology and concepts.
  • Service orientation and attention to quality.
  • Ability to work under pressure and successfully prioritize tasks in order to manage multiple commitments and deadlines.
  • Excellent communication and interpersonal skills, with the ability to influence others without always relying on the line-of-command.

Desirable

  • Knowledge of PRINCE 2 project management methodology.
  • Knowledge of Enterprise Architecture concepts.
  • Knowledge of ITIL Service Management methodology.
  • Knowledge of managing and configuring web and application servers - Apache, Tomcat, Jboss, and others.
  • Knowledge of Networking and Information Security concepts.

Languages

Essential

Excellent knowledge of written and spoken English.

Desirable

Knowledge of French.

Annual salary

(Net of tax)

67,611 USD

72,605 USD (with primary dependants)

Post adjustment

93.1 % of the above figure(s). This percentage is to be considered as indicative since variations may occur each month either upwards or downwards due to currency exchange rate fluctuations or inflation.

Additional Information

Salaries and allowances are paid in Swiss francs at the official rate of exchange of the United Nations.

  • Initial period of two years, renewable, subject to satisfactory performance. No fixed-term appointment or any extension hereof shall carry with it any expectancy of, nor imply any right to, (further) extensions or conversion to a permanent appointment.

This vacancy announcement is available in English only.

This vacancy announcement may be used to fill other posts at the same grade with similar functions in accordance with Staff Rule 4.9.4.

Additional testing/interviewing may be used as a form of screening.

  • *Please refer to WIPO's Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances.

Applications from qualified women candidates are encouraged.

  • *The Organization reserves the right to make an appointment at a grade lower than that advertised.
  • *Initial appointment is subject to a satisfactory medical examination.
  • *Not applicable for interns and to Individual Contractual Service subscribers.

For further instructions regarding the online application process, please visit the WIPO internet page at: http://www.wipo.int/erecruitment/en/ 

Επιστροφή