Roster - Senior CIRT Governance and Policy Consultant (Home Based, Remote)

INTERNATIONAL TELECOMMUNICATION UNION ITU is the leading United Nations agency for information and communication technologies, with the mission to connect the world. To achieve this, ITU manages the radio-frequency spectrum and satellite orbits at the international level, works to improve communication infrastructure in the developing world, and establishes global standards that foster seamless interconnection of a vast range of communication systems. ITU also organizes global Telecom events bringing together the most influential representatives of government and the private sector to exchange ideas and knowledge for the benefit of all. ITU applies a zero-tolerance policy against all forms of harassment. ITU is committed to diversity and inclusion within its workforce, and encourages all candidates, irrespective of gender, nationality, religious and ethnic backgrounds, including persons with disabilities, to apply to become a part of the organization. Achieving gender balance is a high priority for ITU. Roster - Senior CIRT Governance and Policy Consultant Vacancy notice no: 2239 Sector: BDT Department: DNE Country of contract: Remote Duty station: Home Based Position number: [[positionNumber]] Grade: [[PositionGrade]] Type of contract: Consultant Duration of contract: Open Recruitment open to: External Application deadline (Midnight Geneva Time): 31 December 2026 ORGANIZATIONAL UNIT The Telecommunication Development Bureau (BDT) is responsible for the organization and coordination of the work of the Telecommunication Development Sector of the Union. BDT deals mainly with development policies, strategies, programming, projects, as well as technical cooperation activities to enable and foster universal access to affordable, high-quality and secure telecommunications/ICTs and Foster equitable and inclusive use of telecommunications/ICTs to empower people and societies for sustainable development. To effectively and efficiently serve the needs of Member States, BDT is organized into four functional areas: • Operations Coordination Department (Office of the Deputy to the Director) (DDR) • Projects, Partnerships & Digital Skills Department (PPS) • Digital Networks & Environment Department (DNE) • Digital Knowledge Society Department (DKS) The Digital Networks & Environment Department (DNE) is responsible to assist the Member States, especially the G77 countries, in a wide range of ICT development challenges, as basic connectivity, spectrum management, evolution of current to future broadband networks and technologies, enabling universal and affordable access, and strengthening the security through the cybersecurity support. In addition, the DNE Department provides expertise and needed support for emergency telecommunications and the increasingly important and urgent aspects related to the environment and climate change. BACKGROUND INFORMATION As part of multi-country National Computer Incident Response Team (CIRT) implementation projects coordinated by the ITU, this roster will provide on-demand expertise to strengthen national cybersecurity incident response capabilities across various countries. The Senior CIRT Governance and Policy Consultant will focus on establishing robust cybersecurity governance structures by developing national CIRT policies, standard operating procedures (SOPs), and related documentation in line with the ITU’s CIRT Framework. TERMS OF REFERENCE Under the guidance of the ITU Project Manager and in collaboration with the ITU Senior Cybersecurity Coordinator, the Consultant will contribute to the following activities for each country assignment: • Policy and Governance Review: Review the existing national CIRT mandate, institutional positioning, mission, vision, legal basis, and relevant policy and governance documentation, including human resources policies and organizational models, to establish a comprehensive baseline. • Gap Analysis: Conduct a structured gap analysis aligned with the SIM3 maturity model and relevant FIRST-endorsed good practices and guidance, covering governance, policies, organizational structure, human resources, operational processes, and physical and environmental security, to identify gaps and priority areas for improvement. • Governance and Organizational Framework Development: Develop a comprehensive national CIRT policy and governance framework aligned with the ITU CIRT Framework, relevant FIRST-endorsed good practices and guidance, and the SIM3 model, defining the CIRT mandate, scope of services, stakeholders and constituency, organizational structure, staffing models and roles, human resource requirements and competencies, decision-making and escalation mechanisms, and inter-agency coordination arrangements. • Critical Information Infrastructure Protection (CIIP) Policy Alignment: Support the development or harmonization of policies, roles, and coordination frameworks related to CIIP, clarifying the CIRT’s role in national CIIP governance, incident coordination, and information-sharing mechanisms. • Standard Operating Procedures, Guidelines, and Checklists: Develop and structure a comprehensive set of practical Standard Operating Procedures, operational guidelines, and checklists covering core CIRT functions, including incident management, escalation, coordination, information sharing, reporting, HR-related processes, access control, premises security, and business continuity management. • Stakeholder Validation: Plan and facilitate validation workshops or working sessions with CIRT staff and relevant national stakeholders to review, refine, and reach consensus on the governance framework, SOPs, and associated policies and procedures. • Sustainability and Knowledge Transfer: Develop a sustainability, capacity-building, and knowledge-transfer approach to support the long-term institutionalization, maintenance, and continuous improvement of CIRT governance frameworks, policies, SOPs, procedures, and documentation. CONCRETE DELIVERABLES • National CIRT Policy and Governance Framework: Submission of a consolidated document outlining the mandate, governance aspects, and institutional setup of the national CIRT. • CIRT Gap Analysis Report: Delivery of a high-level assessment identifying key gaps and priority areas for strengthening national CIRT policy, governance, and operational readiness. • CIRT Standard Operating Procedures, Policies, and Guidelines: Submission of a consolidated set of approved SOPs, policies, procedures, and checklists supporting the consistent and effective functioning of the national CIRT. COMPETENCIES • Good technical and analytical problem-solving skills including demonstrated ability to understand and analyse project priorities. • Experience in conducting monitoring and evaluation for project implementation. • Effective communication and writing skills in English with strong drafting and documentation skills to produce high-quality policy and procedural documents. • Ability to work independently and as part of a team, maintaining efficient working relationships, while demonstrating sensitivity to ITU's multi-cultural, multi-ethnic environment and respect for diversity. • Strong understanding of ITU’s CIRT framework and SIM3 maturity model. • Excellent analytical skills. QUALIFICATIONS REQUIRED Education: Advanced university degree in cybersecurity, information security policy, computer science, public policy, or a related field OR education from a reputed college of advanced education, with a diploma of equivalent standard to that of an advanced university degree in one of the fields above. Recognized professional certifications such as CISSP, CISM, CISA, ISO/IEC 27001 Lead Implementer or equivalent would be an asset. Experience: At least seven (7) years of professional experience in cybersecurity policy development, national CSIRT/CIRT establishment, governance, or related cybersecurity strategy roles, including at least three (3) at the international level. A Doctorate in a related field can be considered as a substitute for three years of working experience. Languages: Knowledge of English is at advanced level. Knowledge of another official language of the Union (Arabic, Chinese, French, Russian, Spanish) would be an advantage. REMUNERATION INFORMATION Between USD 280 and USD 450 per working day to be defined according to the work experience of the consultant. INFORMATION ON RECRUITMENT PROCESS Please note that all candidates must complete an on-line application and provide complete and accurate information. To apply, please visit the ITU career website. The evaluation of candidates is based on the criteria in the vacancy notice, and may include tests and/or assessments, as well as a competency-based interview. ITU uses communication technologies such as video or teleconference, e-mail correspondence, etc. for the assessment and evaluation of candidates. Please note that only selected candidates will be further contacted and candidates in the final selection step will be subject to reference checks based on the information provided. Messages originating from a non ITU e-mail account - @itu.int - should be disregarded. ITU does not charge a fee at any stage of the recruitment process. Apply tot his job Apply To this Job