Consultant - ICT Officer (Security Strategy and Governance)

Madrid | Valencia

  • Organization: IOM - International Organization for Migration
  • Location: Madrid | Valencia
  • Grade: Consultancy - Consultant - Contractors Agreement
  • Occupational Groups:
    • Operations and Administrations
    • Development Cooperation and Sustainable Development Goals
    • International Relations
    • Democratic Governance
    • Information Technology and Computer Science
    • Security and Safety
    • Public Policy and Administration
  • Closing Date: 2025-10-28

Job Description

Position Title: ICT Officer (Security Strategy and Governance)
Duty Station: Valencia, Spain - onsite
Classification: Consultant, Grade Other
Type of Appointment: Consultant, six months
Estimated Start Date: As soon as possible
Closing Date: 28 October 2025

Project Context and Scope:

Under the overall supervision of Chief Information Officer/ Director, ICT and direct supervision of Senior ICT Security Officer (SISO) and in close collaboration with relevant Units at Headquarters (HQ) and worldwide Information and Communications Technology (ICT) Teams, the ICT Officer (Security Strategy and Governance) will be responsible for enhancing the maturity and capabilities of the International Organization for Migration (IOM) global cybersecurity focusing on cybersecurity governance (policy, risk and compliance). This covers all aspects of global cybersecurity, that is security of data, users, applications and workspace.

Organizational Department / Unit to which the Consultant is contributing:

ICT Department -  Information Security and Risk Management

Responsibilities

Category A Consultant: Tasks to be performed under this contract 

  • Lead the development and execution of a comprehensive cybersecurity strategy that aligns with organizational goals and ensures robust risk and compliance management frameworks that address current and emerging threats.
  • Establish and maintain a robust cybersecurity governance framework to ensure effective oversight, accountability, and decision-making across the organisation.
  • Continuously assess and enhance IOM’s global security posture, including the evaluation of cybersecurity maturity across systems and processes.
  • Develop and maintain cybersecurity roadmaps, including objectives, milestones and performance indicators for cybersecurity initiatives to guide the execution of strategic initiatives and track progress.
  • Oversee vendor, contract, and change management activities related to cybersecurity, ensuring alignment with strategic objectives and compliance standards.
  • Design and implement targeted communication campaigns and user awareness programs in collaboration with business management, fostering a culture of cybersecurity and risk consciousness.
  • Collaborate with cross-functional teams to integrate cybersecurity into business processes and initiatives across all projects and programs.
  • Deliver tailored training and technical advisory services to both ICT and non-ICT units, incorporating innovative approaches such as gamification and establishing a cybersecurity centre of excellence.
  • Conduct comprehensive security assessments of on-premises and cloud environments, and manage third-party penetration testing engagements, including drafting terms of reference and performing quality assurance on deliverables.
  • Identify, document, and report global cybersecurity risks, maintaining a centralized risk register and tracking mitigation efforts.
  • Develop and maintain security policies and procedures based on international standards (e.g., ISO 27001, NIST, CIS), and produce essential documentation to support project and operational needs.
  • Provide strategic guidance on the implementation of security controls to protect organizational assets and ensure resilience against emerging threats.
  • Perform additional duties as assigned by the Senior Information Security Officer, contributing to cross-functional initiatives and organizational priorities

Performance indicators for the evaluation of results

Governance Framework Delivery Rate: 

Percentage of planned cybersecurity governance documents dashboards, and frameworks developed, updated, or implemented within agreed timelines and quality standards (Target: ≥90% on-time completion with positive stakeholder feedback).

Assessment Response Efficiency: 

Average turnaround time and completeness in responding to internal and external security assessments (Target: 100% of assessment requests addressed within established SLAs).

Risk Mitigation Action Rate: 

Percentage of identified risk mitigation actions initiated or resolved during the reporting period (Target: ≥75% of risk mitigation actions tracked or closed).

Exception and Waiver Processing Accuracy: 

Proportion of policy exceptions, waivers, and security control recommendations accurately documented, reviewed, and processed through proper approval workflows (Target: 100% compliance, zero overdue requests at month-end)

Qualifications

Education
  • Master’s degree in Computer Sciences, Information Systems Management, Engineering or Business Administration from an accredited academic institution with five years of relevant professional experience; or
  • University degree in Computer Sciences, or relevant field from an accredited academic institution with seven years of relevant professional experience.
  • Professional certification as CISSP, CISM, CCISO, CSSLP, CASE, CSWAE, GRCP, CEH, or related will be a distinct advantage in addition to cloud computing certifications at associate/professional/specialty level from Azure and/or AWS.
  • ITIL and Prince2 Foundation are added advantages.
Experience
  • Minimum of five years of experience in programme and project management of cybersecurity globally; 
  • Minimum of five years of experience in vulnerability testing and auditing and cloud security;
  • Minimum of five years of experience with vulnerability scanning and configuration assessment solutions (e.g., Nessus, BurpSuite, CIS-CAT Pro, and Rapid7); 
  • Minimum of five years in all aspects of cybersecurity;
  • Minimum of five years of Information Security / Cybersecurity experience, working with on-prem and cloud-based security solutions (e.g., Microsoft Threat Protection suite, AWS Security Solutions, Zscaler);
  • Minimum of five years of relevant security analysis and reporting work experience (security consulting);
  • Experience defining security strategies aligned with business and strategic objectives; and,
  • Experience with SIEM solutions (e.g., Azure Sentinel, IBM QRadar, etc.)
Skills
  • Strong analytical and interpersonal skills;
  • Solid organization and document, project management; 
  • Strong ability to continue to learn and grow;
  • Experience in conducting security checks, verification and risk management;
  • Demonstrated ability to respond against information security alerts;
  • Knowledge and experience of reporting tools (e.g., MS Excel, Power BI, Power BI Report Builder);
  • Ability to translate technical security vulnerabilities into business risk/impact;
  • Strong knowledge for designing, building, testing, and implementation of security controls;
  • Demonstrated skill in creating security policies and procedures based on ISO27001:2013, NIST 800-53 and CIS controls;
  • Demonstrated technical skill in infrastructure architecture, security, and cloud computing with emphasis on AWS and Microsoft Azure;
  • Solid knowledge and experience in mitigating human cybersecurity risks and coaching users to shift towards more security and risk aware culture; 
  • Strong knowledge and experience in change and communication management; 
  • Strong analytical and problem-solving skills and proactive thinking skills; and,
  • Strong English oral and written communications skills.
Languages
 
IOM’s official languages are English, French and Spanish.
 
For this position, fluency in English is required (oral and written). Working knowledge of an official UN language (Arabic, Chinese, French, Russian, and Spanish) is an advantage.
 
Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.
 
Travel required
  • Travel may be required for the delivery of activities defined in the TOR.
Required Competencies
 
IOM’s competency framework can be found at this link. Competencies will be assessed during the selection process.
 
Values - all IOM staff members must abide by and demonstrate these three values:
  • Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.
  • Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
  • Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
  • Courage: Demonstrates willingness to take a stand on issues of importance.
  • Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.
Core Competencies – behavioural indicators
  • Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
  • Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
  • Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.
  • Accountability: Takes ownership for achieving the Organization’s priorities and assumes responsibility for own actions and delegated work.
  • Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.
Notes
  1. Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.
  2. Appointment will be subject to certification that the candidate is medically fit for appointment, verification of residency, visa, and authorizations by the concerned Government, where applicable.
  3. IOM covers Consultants against occupational accidents and illnesses under the Compensation Plan (CP), free of charge, for the duration of the consultancy. IOM does not provide evacuation or medical insurance for reasons related to non-occupational accidents and illnesses. Consultants are responsible for their own medical insurance for non-occupational accident or illness and will be required to provide written proof of such coverage before commencing work.
  4. IOM has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and IOM, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender, nationality, age, race, sexual orientation, religious or ethnic background or disabilities.
  5. IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.
  6. IOM only accepts duly completed applications submitted through the IOM online recruitment system. The online tool also allows candidates to track the status of their application.
For further information and other job postings, you are welcome to visit our website: IOM Careers and Job Vacancies

Required Skills

Job info

Contract Type: Consultancy (Up to 11 months)
Initial Contract Duration: 6 months
Vacancy Type: Consultancy
Recruiting Type: Consultant
Grade: C-1
Alternative Required Language 1: English
We do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify.
Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.
Fellow badge

This feature is included in the Impactpool Fellowship.

Become a Fellow and get a summary of the job description to quickly understand the role and the requirements

Become a Fellow Signin