ITU is the leading United Nations agency for information and communication technologies, with the mission to connect the world. To achieve this, ITU manages the radio-frequency spectrum and satellite orbits at the international level, works to improve communication infrastructure in the developing world, and establishes global standards that foster seamless interconnection of a vast range of communication systems. 


Critical Information Infrastructure Protection Training Developer Consultant 


Vacancy notice no: 1370 
Sector: BDT
Department: DNS
Country of contract: Remote
Duty station: Home Based


Position number: [[positionNumber]] 
Grade: [[PositionGrade]] 
Type of contract: Consultant
Duration of contract: 48 working days
Recruitment open to: External
Application deadline (Midnight Geneva Time): 2 October 2023




The Telecommunication Development Bureau (BDT) is responsible for the organization and coordination of the work of the Telecommunication Development Sector (ITU-D) of the Union which deals mainly with ICT-focused development policies, strategies and programmes, as well as technical cooperation activities, to promote digital inclusion and drive digital transformation at community, country and regional levels. To effectively and efficiently serve the needs of ITU members, BDT is organized into four functional areas:

  • Office of the Deputy to the Director and Field Operations Coordination Department
  • Partnerships for Digital Development Department
  • Digital Networks & Society Department
  • Digital Knowledge Hub Department

The Digital Networks & Society Department is responsible for BDT activities in the areas of spectrum management, network development, cybersecurity and emergency telecommunications. This department is also responsible for supporting ITU Member States in their transition to digital societies by providing tools and guidelines to address environmental challenges (in particular, climate change and e-waste), and for promoting innovation, ICT applications/services, digital inclusion and ecosystems, with the ultimate goal to 'leave no one behind'.



As a Critical Information Infrastructure Protection Training Developer, the consultant will play a pivotal role in designing and developing a comprehensive curriculum and training materials focused on identifying and protecting Critical Information Infrastructure (CII) assets and services. The training program aims to enhance incident response and cybersecurity capabilities, ensuring the proper functioning of critical infrastructure services like energy supply, telecommunications, financial systems, drinking water, and governmental services, which are reliant on the proper functioning of Critical Information Infrastructures (CII).

Curriculum Development:

  • Develop a well-structured and comprehensive training curriculum for the Critical Information Infrastructure Protection programme.
  • Design and organize the content into chapters to facilitate effective learning and skills development.

The suggested structure for the Critical Information Infrastructure Protection training course:

Course Title: Critical Information Infrastructure Protection Training

Chapter 1: Introduction to Critical Information Infrastructure (CII)

  • Understanding the significance of Critical Information Infrastructure (CII) in modern society.
  • Interdependency with Critical Infrastructure (CI) services (e.g., energy supply, telecommunications, financial systems, etc.).
  • Overview of various cyber threats and attacks that pose risks to Critical National Information Infrastructure (CNII).
  • Real-world examples and case studies of cyber incidents targeting CII.
  • Identifying and understanding challenges faced by governments and stakeholders in safeguarding CII. Strategies to overcome common challenges and enhance CII protection.

Chapter 2: Developing Critical Information Infrastructure Protection Plans

  • Importance of robust Critical Information Infrastructure Protection (CIIP) plans.
  • Risk assessment and mitigation strategies for safeguarding CII assets and services.
  • Incident response plan for CII protection, role of national CIRT. 
  • Monitoring and Continuous Improvement for CII Protection: Implementing effective monitoring mechanisms for potential threats and vulnerabilities.

Chapter 3: Use Cases and Good Practices from Different Countries

  • Case studies showcasing successful CIIP initiatives and strategies from at least six different countries.
  • Benchmark methodologies for identifying and classifying CII assets and services at the national level.
  • Governance Structures for Critical National Information Infrastructure (CNII): Examples of governance structures utilized by countries for managing CIIP efforts.
  • Roles and responsibilities of different stakeholders in protecting CNII.
  • Example of Information Sharing Mechanisms for CII Protection.

Chapter 4: Tabletop Exercise (TTX): Identification and Classification of CII Assets and Services

  • Design a tabletop exercise focused on the identification and classification of Critical Information Infrastructure (CII) assets and services.
  • Use of best practices and real-world scenarios to test the participants' skills and knowledge.

Each chapter will be accompanied by interactive presentations, case studies, discussions, and hands-on exercises to engage participants and reinforce their understanding of Critical Information Infrastructure Protection concepts and strategies.



  1. A well-structured and comprehensive training curriculum for the Critical Information Infrastructure Protection course.
  2. Interactive presentations and case studies for each chapter to engage participants effectively.
  3. A tabletop exercise designed to challenge participants' skills in identifying and classifying CII assets and services.
  4. Training materials and resources to support the curriculum, including slide decks, reference documents, and other relevant materials.

The copyright for all materials produced shall be vested with ITU.



  • Proven track record of leading and managing complex cybersecurity projects at the national level.
  • In-depth knowledge of cybersecurity threats, risks, and best practices, as well as Critical Information Infrastructure Protection frameworks (CIIP), standards, and regulations.
  • Ability to design and develop comprehensive and effective training curriculums that are engaging, interactive, and relevant to the target audience.
  • Exhibits excellent communication, coordination, and editing skills, producing high-quality reports and documentation in English.



Education: Advanced university degree in telecommunication, computer science, information technology or relevant field. 


Experience: At least five (5) years of progressively responsible experience in the field relevant to the Special Service Agreement (SSA). 

Strong knowledge of cybersecurity and CII concepts. 

Proven experience in developing cybersecurity training materials and curriculum, with a focus on Critical Information Infrastructure Protection.


Languages: Knowledge of English at advanced level.



250 USD per working day (a total of 12 000 USD)




  • ITU training material and CIIP guidelines
  • The Meridian process:
  • Global Forum on Cyber Expertise:


Please note that all candidates must complete an on-line application and provide complete and accurate information. To apply, please visit the ITU Careers website. The evaluation of candidates is based on the criteria in the vacancy notice, and may include tests and/or assessments, as well as a competency-based interview. ITU uses communication technologies such as video or teleconference, e-mail correspondence, etc. for the assessment and evaluation of candidates. Please note that only selected candidates will be further contacted and candidates in the final selection step will be subject to reference checks based on the information provided. Messages originating from a non ITU e-mail account - - should be disregarded. ITU does not charge a fee at any stage of the recruitment process.

ITU applies a zero-tolerance policy against all forms of harassment. ITU is committed to diversity and inclusion within its workforce, and encourages all candidates, irrespective of gender, nationality, religious and ethnic backgrounds, including persons with disabilities, to apply to become a part of the organization. Achieving gender balance is a high priority for ITU.