Information and Communication Technology (ICT) Associate (Security and National Institute of Standards and Technology (NIST) Compliance) – Spain 6 views

Job Identification (Reference Number): 18760
Position Title: Information and Communication Technology (ICT) Associate (Security and National Institute of Standards and Technology (NIST) Compliance)
Duty Station City: Valencia
Duty Station Country: Spain
Grade: UG
Contract Type: Special short-term ungraded
Recruiting Type: Professional
Initial duration: Five months with possibility of extension
Closing date: 12 February 2026

Job Description

Introduction

Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.

IOM is committed to ensuring a workplace where all employees can thrive professionally, while working towards harnessing the full potential of migration. Read more about IOM’s workplace culture at IOM workplace culture | International Organization for Migration

Applications are welcome from internal and external candidates. For all IOM vacancies, applications from qualified and eligible first-tier candidates are considered before those of qualified and eligible second-tier candidates in the selection process. For the purpose of this vacancy, internal candidates are considered first-tier candidates.

Context:

Under the overall supervision of the Senior Information Security Officer and the direct supervision of the ICT Officer (Information Security officer), the Information and Communication Technology (ICT) Associate (Security and National Institute of Standards and Technology (NIST) Compliance) ensures that IT systems, services, and data in the IOM-ICT ecosystem meet NIST cybersecurity standards. Key responsibilities include developing and improving data security policies and controls, ensuring regulatory compliance, and collaborating with business units to maintain security requirements throughout system lifecycles. The role requires collaboration, technical leadership, and translating security needs into solutions, with occasional support for other teams.

This position reports to the Senior Information Security Officer within the Information Security & Compliance Unit. All IOM staff must perform duties according to job descriptions, delegated authorities, UN and IOM rules, and uphold IOM’s values of professionalism, integrity, and respect for diversity.

Responsibilities

1. Develop, implement, and maintain data security policies, procedures, and controls in alignment with NIST frameworks (e.g., NIST SP 800-53, NIST Cybersecurity Framework), ISO 27001, and other applicable standards.
2. Conduct risk assessments and vulnerability analyses to identify, evaluate, and mitigate risks to organizational data, applications, and ICT infrastructure.
3. Collaborate with cross-functional teams, including project managers, system architects, application developers, and business analysts, to integrate security requirements into all phases of the application and system development lifecycle.
4. Ensure data protection and privacy compliance, including GDPR and other relevant regulations for both applications and data, through the implementation of technical and organizational measures.
5. Support the design and implementation of security controls for data-in-transit and data-at-rest, including encryption, access controls, and monitoring.
6. Assist and support in regular security audits, penetration testing, and incident response exercises to validate the effectiveness of controls and preparedness of the organization.
7. Provide technical guidance and mentorship to other team members and business users on secure application and data management practices, fostering a culture of continuous improvement and security awareness.
8. Develop and maintain security documentation, including risk registers, incident response plans, data flow diagrams, and user guides- specific to applications and data processes.
9. Monitor emerging threats, vulnerabilities, and trends in application and data security, and recommend adoption of new technologies or practices as appropriate.
10. Support organizational objectives by ensuring that business needs are met with secure, compliant, and cost-effective solutions.
11. Participate in production “go/no go” decisions for system and applications deployments, certifying that security requirements have been met and risks are documented and managed.
12. Engage in training and awareness programs to promote application and data security best practices and compliance across the organization.
13. Perform other duties as may be assigned.

Qualifications

Education

• High school diploma with six years of relevant experience; or,
• University degree in Computer Science, Information Technology, Cybersecurity or a related field from an accredited academic institution with four years of relevant experience; or,
• Essential: CompTIA Security+, CISSP, CISM, CISA, or equivalent information security certifications.
• Desirable: NIST Cybersecurity Framework Practitioner, ISO 27001 Lead, CIS Controls.

Experience

• Experience implementing and managing application and data security programs in accordance with NIST, ISO, or similar frameworks;
• Strong understanding of data protection regulations (e.g., GDPR, HIPAA) and experience implementing compliance measures in applications and data management;
• Experience with security technologies such as SIEM, DLP, IAM, endpoint protection, encryption, and cloud security controls (Azure, AWS, etc.);
• Experience working collaboratively with business partners and technical teams to translate business needs into secure applications and data solutions; and,
• Experience operating in humanitarian, development, or United Nations organizations.

Skills

• Ability to develop solution documentation, security policies, and user training materials using industry-standard methods and tools;
• Proven track record in risk assessments, security audits, and incident response for applications and enterprise systems;
• Excellent communication skills for articulating complex technical concepts to technical and non-technical audiences;
• Strong analytical, conceptual, and problem-solving skills;
• Knowledge of IOM/UN-specific ICT processes and technologies;
• Working knowledge of any other official UN language;
• Strong interpersonal skills;
• Solid organization and document, project management;
• Strong investigative skills;
• Strong ability to continue to learn and grow;
• Basic knowledge of reporting tools (e.g., MS Excel, Power BI, Power BI Report Builder);
• Ability to translate technical security vulnerabilities into business risk/impact to applications;
• Demonstrated skill in creating security policies and procedures based on ISO27001, NIST 800-53 and Computer Information System (CIS) controls;
• Strong analytical and problem-solving skills and proactive thinking skills; and,
• Able to articulate complex, technical concepts to non-technical audiences.

Languages:

All IOM staff members in all categories are required to be fluent in one of the IOM’s official languages (English, French, Spanish).

For this position, fluency in English is required (oral and written). Working knowledge of Spanish is highly desirable and another official UN language (Arabic, Chinese, French, and Russian) is an advantage.

Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments

Required Competencies:

IOM’s competency framework can be found at this link Competencies will be assessed during the selection process.

Values – all IOM staff members must abide by and demonstrate these five values:

• Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.
• Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
• Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.
• Courage: Demonstrates willingness to take a stand on issues of importance.
• Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.

Core Competencies – behavioural indicators

• Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
• Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.
• Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.
• Accountability: Takes ownership for achieving the Organization’s priorities and assumes responsibility for own actions and delegated work.
• Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.

Notes

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

Only candidates possessing the right of residence and right to work in Spain can be considered for this vacancy. Candidates for this vacancy will be considered to be locally recruited and will be eligible for allowances and benefits available to locally-recruited staff.

Vacancies close at 23:59 local time Geneva, Switzerland on the respective closing date. No late applications will be accepted.

IOM has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and IOM, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender, nationality, age, race, sexual orientation, religious or ethnic background or disabilities.

IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.

IOM only accepts duly completed applications submitted through the IOM e-Recruitment system (for internal candidates link here). The online tool also allows candidates to track the status of their application.

Only shortlisted candidates will be contacted.

For further information and other job postings, you are welcome to visit our website: IOM Careers and Job Vacancies