DEADLINE FOR APPLICATIONS5 July 2025-23:59-GMT+01:00 Central European Time (Rome)
WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.
ABOUT WFP
The World Food Programme is the worldโs largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.
At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.
To learn more about WFP, visit our website: https://www.wfp.org and follow us on social media to keep up with our latest news: YouTube, LinkedIn, Instagram, Facebook, Twitter, TikTok.
WHY JOIN WFP?
WFP is a 2020 Nobel Peace Prize Laureate.
WFP offers a highly inclusive, diverse, and multicultural working environment.
WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.
A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.
We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).
JOB TITLE: INFORMATION SECURITY ADVISORY SPECIALIST
TYPE OF CONTRACT: CST2
UNIT/DIVISION: TECI (
DUTY STATION (City, Country): REMOTE WORK
DURATION: 11 months
BACKGROUND AND PURPOSE OF THE ASSIGNMENT:
Under the general supervision of the Chief Information Security Officer and supervision of the Head of Cybersecurity Advisory Services, the incumbent will conduct consulting activities to the business, including, but not limited to:
โข Authorization to Operate and security compliance
โข Application security
โข Network security
โข Security architecture
โข Third Party Risk Management
โข Securing beneficiary management systems
โข Azure and Active Directory security
โข Identity and access management
ACCOUNTABILITIES/RESPONSIBILITIES:
- Conduct comprehensive risk assessments and manage the Authorization to Operate (ATO) process for IT systems, ensuring that all security controls are effectively implemented and maintained to meet organizational and regulatory requirements.
- Design and oversee the security architecture for new and existing applications, ensuring robust protection measures are in place to safeguard sensitive data and maintain compliance with organizational policies and industry standards.
- Lead the design, implementation and maintenance of cybersecurity procedures and services, aimed at protecting IT systems and sensitive data.
- Produce proposals around technologies to improve the cybersecurity posture of the organization, with sound research to ensure these produce value.
- Propose and maintain new security standards, procedures and guidelines to help raise the current security maturity level of the organization. In close collaboration with the Architecture branch, perform regular baseline and hardening reviews of WFP security solutions and technologies.
- Provide expert support and advisory services to County Offices and Regional Bureaus to address cybersecurity challenges and maintain compliance with organizational security standards.
- Conduct third-party risk assessments, ensuring cybersecurity compliance and effective risk management. Provide guidance to IT solution owners across the organization to:
- Properly design the needed measures to ensure the cybersecurity of the solution.
- Protect data as appropriate for their classification.
- Understand and propose secure software development lifecycle (SDLC) principles.
- Ensure the compliance with Enterprise Architecture and security guidelines.
- Advise the organization on other risk and data classification concerns.
- Consistently find opportunities to innovate, extend and enhance service delivery wherever possible.
- Maintain a record of decisions taken and assessments performed, in cooperation with other members of the Advisory team.
- Identify and execute improvements to existing processes, through solutions to address recurring problems and enhancements to existing solutions or documentation.
- Become Subject Matter Expert (SME) on platforms and applications for which consultant is assigned to review.
- Produce high quality reports.
- Provide leadership and advice to more junior colleagues.
- Manage cybersecurity related projects.
- Additional duties as requested.
DELIVERABLES AT THE END OF THE CONTRACT:
- Comprehensive reports detailing the risk assessments conducted for IT systems, including identified risks, mitigation measures, and residual risks.
- Complete documentation for the Authorization to Operate (ATO) process, including security controls, compliance status, and any necessary remediation actions.
- Detailed design documents for the security architecture of new and existing applications, ensuring robust protection measures are in place.
- Well-researched proposals for technologies and strategies to improve the organization's cybersecurity posture.
- Updated security standards, procedures, and guidelines to raise the corporate security maturity level, including baseline and hardening reviews.
- Repeatable, high-level methodologies to set expectations to the business of what cyber security requirements must be addressed related to software development.
- High-quality reports on cybersecurity challenges, solutions, and advisory services provided to Country Offices and Regional Bureaus, including records of decisions taken and assessments performed.
QUALIFICATIONS & EXPERIENCE REQUIRED:
Education:
- Degree in the field of Computer Science/Engineering or related STEM disciplines or equivalent working experience
Experience:
- At least 6 years of relevant work experience
Knowledge & Skills:
- Solid IT Security skills, with both academic background and professional experience
- Solid IT SDLC expertise
- Solid network experience
- Understanding of IT architecture and design concepts.
- Managed stakeholder relationships, aligning cybersecurity risk strategies with business objectives
- Understand cybersecurity risk concepts to assess threats, vulnerabilities, and mitigation strategies.
- Good project management skills
- Experience in multinational organizations
- Desirable: IT Security and IT Audit certifications
- Desirable: Security architecture in the cloud.
- Desirable: experience in ISO, NIST, HIPAA or PCI compliance process
Languages:
Fluency in oral and written English is mandatory with an intermediate knowledge of another official UN language (Arabic, Chinese, French, Russian and Spanish) or Portuguese (one of WFPโs working languages) is desirable.
WFP LEADERSHIP FRAMEWORK
WFP Leadership Framework guides to the common standards of behavior that guide HOW we work together to accomplish our mission.
Click here to access WFP Leadership Framework
REASONABLE ACCOMMODATION
WFP is committed to supporting individuals with disabilities by providing reasonable accommodations throughout the recruitment process. If you require a reasonable accommodation, please contact: global.inclusion@wfp.org
NO FEE DISCLAIMER
The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.
REMINDERS BEFORE YOU SUBMIT YOUR APPLICATION
We strongly recommend that your profile is accurate, complete, and includes your employment records, academic qualifications, language skills and UN Grade (if applicable).
Once your profile is completed, please apply, and submit your application.
Please make sure you upload your professional CV in the English language
Kindly note the only documents you will need to submit at this time are your CV and Cover Letter
Additional documents such as passport, recommendation letters, academic certificates, etc. may potentially be requested at a future time
Please contact us at global.hrerecruitment@wfp.org in case you face any challenges with submitting your application
Only shortlisted candidates will be notified
All employment decisions are made on the basis of organizational needs, job requirements, merit, and individual qualifications. WFP is committed to providing an inclusive work environment free of sexual exploitation and abuse, all forms of discrimination, any kind of harassment, sexual harassment, and abuse of authority. Therefore, all selected candidates will undergo rigorous reference and background checks.
No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.
- At least 6 years of relevant work experience
- Degree in the field of Computer Science/Engineering or related STEM disciplines or equivalent working experience