Job Description

OBJECTIVE OF THE OFFICE/DEPARTMENT

This is a requisition for employment at the Pan American Health Organization (PAHO)/Regional Office of the World Health Organization (WHO)

Contractual Agreement:

Non-Staff - International PAHO Consultant

Job Posting:

March 27, 2026

Closing Date:

April 8, 2026, 11:59 PM Eastern Time

Primary Location:

Off Site

Organization:

ITS Information Technology Services

Schedule:

Full time

PURPOSE OF CONSULTANCY

1. Objective of the Department

The Information Technology Services Department (ITS) provides leadership and direction in the deployment of information and communication technologies and systems to support the Pan American Health Organization/Regional Office of the Americas of the World Health Organization (PAHO/WHO) in carrying out its mandate. ITS establishes and maintains strategies, policies, standards, and procedures to ensure the effective and efficient provision of information and communication services in a geographically dispersed environment.

2. Purpose of the Consultancy

The Pan American Health Organization (PAHO) is seeking an experienced Senior Systems Administrator consultant to support the ITS Operations team. The consultant will be responsible for supporting, maintaining, and securing the organization's IT infrastructure, including on-premises servers, virtualization platforms, Microsoft Cloud services, and Microsoft 365 Collaboration Tools.

The Senior Systems Administrator will ensure high availability, performance, and compliance with security standards across PAHO's enterprise IT environment, spanning headquarters and country offices. The consultant will work collaboratively with security, telecommunications, and user support teams, and will play a key role in supporting the organization's ongoing transition to cloud-based infrastructure.

OF DUTIES:

3. Statement of Work

The Senior Systems Administrator consultant will be responsible for the following areas:

3.1 Windows Server & Infrastructure Support

• Provide Tier 2/3 technical infrastructure engineering support for Windows Server systems, including application engineering and integration support, and general server administration.

• Research, diagnose, and resolve Windows Server and workstation issues, including mitigating vulnerabilities identified through security and virus scans.

• Oversee software installations, upgrades, and related package management at the appropriate level across the enterprise.

• Oversee Windows patch installations and upgrades on servers and workstations, ensuring timely application of security advisories.

• Collect and review system data for capacity planning purposes; analyze capacity trends and develop capacity plans for enterprise-wide systems.

• Coordinate with management personnel to implement infrastructure changes in alignment with organizational priorities.

• Coordinate and assist in the implementation of new technologies across headquarters and country offices.

• Collaborate on the decommission of on-premises infrastructure as part of the organization's cloud migration strategy.

3.2 Security & Compliance

• Secure Windows systems using both domain and local policies and third-party tools to create and execute server compliance reports.

• Identify, assess, and remediate vulnerabilities on servers and endpoints identified through security scans.

• Enforce security baselines and compliance standards across all managed systems.

• Collaborate with the security team to ensure all systems meet organizational and regulatory security requirements.

• Develop and maintain documentation for security policies, procedures, and compliance reporting.

3.3 Active Directory & Identity Management

• Provide advanced-level support for Active Directory Services (ADS) including user accounts, group policies, organizational units, and domain trusts.

• Administer and support Microsoft Entra-ID (Azure AD), including Conditional Access policies, identity and access management, and hybrid identity configurations.

• Manage Group Policy Objects (GPOs) for security enforcement, software deployment, and system configuration across the enterprise.

• Support identity governance including role-based access control, privileged identity management, and access reviews.

3.4 Microsoft 365 & Azure Cloud Services

• Support the management of PAHO's Microsoft 365 tenant, including Exchange Online, SharePoint Online, Microsoft Intune, OneDrive for Business, and Microsoft Teams.

• Support and configure Microsoft Intune for device enrollment, compliance policies, configuration profiles, and application deployment.

• Support Microsoft Azure services as required, including networking, virtual machines, webapps, storage, and identity services.

• Configure and support Windows Autopilot zero-touch provisioning and device deployment.

• Set up and maintain application deployment and update strategies via Microsoft Intune.

• Support Microsoft Defender for Endpoint integration and policy configuration.

3.5 Virtualization & Remote Access

• Provide support for managing virtualization technologies including VMware and Hyper-V environments.

• Administer virtual machine provisioning, configuration, snapshots, and lifecycle management.

• Provide support for VPN remote access environments, ensuring secure and reliable connectivity for headquarters and country office staff.

3.6 Monitoring, Performance & Backup

• Monitor and tune systems to ensure optimum performance levels across servers, endpoints, and cloud services.

• Support data and media recoverability through system backups and database archive operations for headquarters and country offices.

• Review system performance metrics, uptime reports, and capacity data; proactively address degradation before user impact.

• Maintain and test disaster recovery and business continuity procedures for critical systems.

3.7 Automation & Scripting

• Develop and deploy PowerShell scripts for automation of administrative tasks, policy enforcement, and system management across Windows, Microsoft 365, and Azure environments.

• Automate routine operational tasks including patch reporting, compliance checks, user provisioning, and system health monitoring.

• Maintain a library of tested, version-controlled scripts with clear documentation for team use and audit purposes.

3.8 Endpoint Management

• Provide Tier 2/3 support for endpoint-related incidents and requests.

• Collaborate with security, networking, and helpdesk teams to ensure seamless endpoint operations.

• Support endpoint lifecycle management including provisioning, configuration, patching, and decommissioning.

• Coordinate and enforce endpoint security policies and compliance baselines via Microsoft Intune and Microsoft Defender.

3.9 Documentation & Communication

• Produce and maintain clear technical documentation for all infrastructure configurations, procedures, and changes.

• Document system architecture, runbooks, troubleshooting guides, and environment-specific configuration notes.

• Contribute to internal knowledge base articles, SOPs, and onboarding materials for the ITS team.

• Communicate system status, incidents, and planned changes proactively to the ITS team lead and stakeholders.

4. Qualifications

4.1 Education & Experience

• Advanced university degree in Computer Science, Information Systems, Engineering, Telecommunications, or a related scientific or technical discipline.

• 13 to 15 years of experience with Windows Server administration, security administration, Microsoft Cloud Services, and Microsoft 365 Collaboration Tools.

• Proven experience supporting remote access technologies and securing Microsoft server systems using Microsoft solutions.

• Proven experience supporting the integration and implementation of virtualization technologies, specifically VMware and Hyper-V.

• Experience providing Tier 2/3 engineering support for Windows Servers in an enterprise environment.

• Experience developing and maintaining scripts for automating administrative tasks in Windows, Microsoft 365, and Azure.

• Proven experience with Microsoft Endpoint Manager using Microsoft Intune, including device enrollment, compliance policies, configuration profiles, and application deployment.

• Experience with Microsoft Entra-ID including Conditional Access and identity and access management.

• Experience with Windows Autopilot for device provisioning and deployment.

• Familiarity with Group Policy, Active Directory, and hybrid identity environments.

• Knowledge of networking fundamentals, VPN, and security baselines.

• Experience with server and endpoint vulnerability remediation.

4.2 Required Technical Skills

Domain/ Skills & Technologies

• Windows Server/ Windows Server 2019/2022/2025, Tier 2/3 support, patch management, compliance reporting, server hardening, vulnerability remediation

• Identity & Access/ Active Directory Services (ADS), Microsoft Entra-ID (Azure AD), Conditional Access, Group Policy (GPO), hybrid identity, RBAC, privileged identity management

• Microsoft 365/ Exchange Online, SharePoint Online, Microsoft Teams, OneDrive for Business, Microsoft Intune, Microsoft Defender for Endpoint, Windows Autopilot

• Cloud & Azure/ Microsoft Azure (VMs, storage, identity), Windows 365, Microsoft Endpoint Manager

• Virtualization/ VMware vSphere/ESXi, Hyper-V, VM provisioning, lifecycle management, snapshots, Dell VxRail hyperconverged infrastructure.

• Remote Access & VPN/ VPN administration, secure remote access, network security baselines

• Automation & Scripting/ PowerShell scripting — automation, policy enforcement, reporting, user provisioning, Azure and M365 administration

• Security & Compliance/ Server and endpoint hardening, vulnerability scanning and remediation, compliance reporting, third-party security tools, OWASP fundamentals

• Monitoring & Backup/ System performance monitoring, capacity planning, backup and disaster recovery, uptime management

• Networking/ Networking fundamentals, DNS, DHCP, TCP/IP, firewall basics, VPN, security baselines

• Endpoint Management/ Microsoft Intune: Device enrollment, compliance policies, configuration profiles, applications and personalization’s deployments

• Documentation/ Technical writing, runbooks, SOPs, change management documentation, knowledge base articles

4.3 Certifications

The following Microsoft certifications are recommended and reflect the level of expertise expected for this role:

Certification/ Issuing Body

Recommended:

• Microsoft Certified: Azure Administrator Associate (AZ-104)/ Microsoft

• Microsoft 365 Certified: Administrator Expert (MS-102)/ Microsoft

• Microsoft Certified: Identity and Access Administrator (SC-300)/ Microsoft

• Microsoft Certified: Endpoint Administrator Associate (MD-102)/ Microsoft

Desirable:

• Microsoft Certified: Windows Server Hybrid Administrator (AZ-800/801)/ Microsoft

• VMware Certified Professional (VCP)/ VMware / Broadcom

4.4 Desirable Skills

• Familiarity with Zero Trust architecture and implementation within Microsoft environments.

• Experience with ITIL frameworks or service management practices.

• Knowledge of Microsoft Azure networking (VNets, NSGs, Azure Firewall, ExpressRoute, Application gateway, VPN gateway, App Services, etc.).

• Experience supporting geographically dispersed environments including country or field offices.

• Experience working in international or multilateral organizations (UN system experience is an asset).

• Experience with Microsoft Sentinel or other SIEM platforms for security monitoring and incident response.

5. Language Skills

• Fluency in English or Spanish (written and spoken) — required, with working knowledge of the other language.

• Knowledge of French or Portuguese — an asset.

6.Work Schedule & Conditions

Position: PAHO International Consultant - Senior Systems Administrator

Duty Station: Remote (Off-site)

Salary: Band C of International PAHO Consultant (IPC- Band C)(Range $ 7,380 - $ 8,980)

ADDITIONAL INFORMATION

• This vacancy notice may be used to identify candidates for other similar consultancies at the same level.
• Successful candidates will be placed on the roster and subsequently may be selected for consultancy assignments falling in this area of work or for similar requirements/tasks/deliverables. Inclusion in the Roster does not guarantee selection for a consultant contract. There is no commitment on either side.
• Only candidates under serious consideration will be contacted.
• All applicants are required to complete an on-line profile to be considered for this consultancy. For assessment of your application, please ensure that your profile in the PAHO Career page is updated; all experience records are entered with elaboration on tasks performed at the time. Kindly note that CV/PHFs inserted via LinkedIn are no accessible.
• A written test may be used as a form of screening.
• If your candidature is retained for interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. PAHO/WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU)/United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: http://www.whed.net/ PAHO will also use the databases of the Council for Higher Education Accreditation http://www.chea.org/search/default.asp and College Navigator, found on the website of the National Centre for Educational Statistics, https://nces.ed.gov/collegenavigator to support the validation process. Some professional certificates may not appear in the WHED and will require individual review.
• Any appointment/extension of appointment is subject to PAHO/WHO Regulations, and e-Manual.
• For information on PAHO please visit: http://www.paho.org
• PAHO/WHO is committed to providing a respectful and supportive workplace for all personnel
• PAHO is an ethical organization that maintains high standards of integrity and accountability. People joining PAHO are required to maintain these standards both in their professional work and personal activities.
• PAHO also promotes a work environment that is free from harassment, sexual harassment, discrimination, and other types of abusive behavior. PAHO conducts background checks and will not hire anyone who has a substantiated history of abusive conduct.
• PAHO personnel interact frequently with people in the communities we serve. To protect these people, PAHO has zero tolerance for sexual exploitation and abuse. People who commit serious wrongdoings will be terminated and may also face criminal prosecution.
• PAHO/WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.
• Applications from women and from nationals of non and underrepresented Member States are particularly encouraged.
• Consultants shall perform the work as independent contractors in a personal capacity, and not as a representative of any entity or authority. The execution of the work under a consultant contract does not create an employer/employee relationship between PAHO and the Consultant.
• PAHO/WHO shall have no responsibility whatsoever for any taxes, duties, social security contributions or other contributions payable by the Consultant. The Consultant shall be solely responsible for withholding and paying any taxes, duties, social security contributions and any other contributions which are applicable to the Consultant in each location/jurisdiction in which the work hereunder is performed, and the Consultant shall not be entitled to any reimbursement thereof by PAHO/WHO.