ABOUT WFP

The United Nations World Food Programme is the world's largest humanitarian agency fighting hunger worldwide. The mission of WFP is to help the world achieve Zero Hunger in our lifetimes.

Every day, WFP works worldwide to ensure that no child goes to bed hungry and that the poorest and most vulnerable, particularly women and children, can access the nutritious food they need. WFP operates in 80 countries assisting 80 million people. It has deep field presence and local knowledge and relationships and relies on its people to work around the world, especially in difficult conditions with high risk to security and safety.

ORGANIZATIONAL CONTEXT

The information security landscape is changing and information security has become a high priority for WFP. With an extensive network of offices worldwide, and a decentralised decision making structure, WFP wants to create an environment of proactive IT operations processes to reduce risk exposure, detect and respond to advanced threats, ensure continuous compliance and drive down security operations costs. 

Within this context, we are seeking an experienced, energetic and engaging Chief Information Security Officer (CISO) at the P5 level, based at our Headquarters in Rome, Italy who wants to become part of an exciting, vibrant community of information technology professionals supporting WFP’s mission to fight hunger.  

JOB PURPOSE

The CISO will report to the CIO and Director Information Technology or his/her delegate, and will become an advocate for WFP’s information security needs. The incumbent will be responsible for the development and delivery of a global information security strategy to optimize the security posture of the Organisation.

As Chief Information Security Officer, he/she will have the opportunity to establish the strategic direction of the information security across our global Organization by developing and implementing a comprehensive security and risk management framework and maintaining and enhancing standards and practices to manage the confidentiality, integrity and availability of assets and data. 

The complexity of this position requires a leadership approach that is engaging and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the Organisational level.

KEY ACCOUNTABILITIES (not all-inclusive)

1. Serve as an expert advisor to executive leadership in the development, implementation, and maintenance of a strong information privacy and security program and infrastructure including network access and monitoring policies;
2. Direct strategy and operations for the protection of the Organization’s information and data assets;
3. Work with the business and technology leaders in the Organization to identify current and/or potential security risks and develop, implement, drive and optimize security solutions, methodologies and/or practices;
4. Oversee the development, implementation, and maintenance of the global security policy, enterprise security standards, guidelines and procedures, develop emergency procedures and incident response protocol, act as the control point during significant privacy and security incidents;
5. Collaborate with Organizational legal, compliance, risk management and oversight functions, to conduct reviews/audits, recommend policies and procedures, monitor status, and report violations to appropriate management;
6. Develop and implement information security initiatives, conduct and oversee the monitoring and auditing of compliance with regulatory and internal standards;
7. Develop, integrate, implement, and maintain the security roadmap and budgets in order to manage cybersecurity investments in management plans;
8. Create an information privacy and security-conscious culture through establishing policies, practices and training.

STANDARD MINIMUM QUALIFICATIONS

Education:

Advanced university degree in Computer Sciences, Information Security, Information Technology, Engineering or other relevant field, or first university degree with additional years of related work experience or trainings/courses.

Language:

Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.

Experience and Knowledge:

• At least eleven (11) years of relevant progressively responsible experience in information security.
• Understanding of network security technology, including strategy, design, and architecture.
• A Certified Information System Security Professional (CISSP) or equivalent certification from a recognized professional organization such as issued by the International Informational Systems Security Certification Consortium (ISC)2, Global Assurance Certification (GIAC) or Information Systems Audit and Control Association (ISACA) in Information Security required.
• Detailed knowledge related to code of practice for information security management like ITIL, COBIT and ISO 27001, ISO 27035 or other information security standards.
• Broad knowledge related to the creation of IT risk management processes and security and fraud prevention frameworks.
• Comprehensive skills in analysing the protection needs (i.e., security controls) for corporate information systems and networks, including security design, methods and techniques.
• Experience in assessing the robustness of systems and solutions, including conducting vulnerability scans and performing system security health checks, recognizing vulnerabilities and recommending opportunities for improvement.
• Experience in managing information security incidents and emotional maturity to understand the impact and sensitivity of IT security incidents.
• Knowledge of data protection and confidentiality management from private and/or public environments Familiarity with investigations and computer forensics.
• CISA CISM, CRISC, CGEIT certification will be considered a plus.
• Background in at least two of the following domains: Application security; security products and technologies; security engineering, networking protocols and data center; security analysis and investigations; risk assessment and management.

DESIRED EXPERIENCES FOR ENTRY INTO THE ROLE

• Strong written and verbal communication and presentation skills, to interact effectively with all levels of management, customers, IS staff, and vendors.
• Experience in planning (i.e., process improvement, desired application functionality, organizational structures and planning, etc.).
• Considerable knowledge of and experience in managing operations and staffing needs with the ability to prioritize multiple projects.
• Considerable knowledge of multiple technologies and experience with enterprise-wide applications and systems in an integrated work environment.
• Ability to work with and lead teams effectively.
• Must be comfortable operating in a collaborative, shared leadership environment.
• Must possess a personal presence that is characterised by a sense of honesty, integrity, and caring with the ability to inspire and motivate others to promote the mission, vision, goals, and values of the organization.

TERMS AND CONDITIONS

Non-Rotational Nature

Mobility is and continues to be a core contractual requirement in WFP. This position is however classified as “non-rotational” which means the incumbent shall not be subject to the regular reassignment process unless the position is reclassified as rotational.

Terms and Conditions

The selected candidate will be employed on a fixed-term contract with a probationary period of one year. He/she will be required to travel abroad sometime to remote and difficult locations.

WFP offers an attractive compensation and benefits package, including basic salary, post adjustment, relocation entitlement, travel and shipment allowances, 30 days’ annual leave, home leave, an education grant for dependent children, pension plan and medical insurance. For more details please visit icsc.un.org

DEADLINE FOR APPLICATIONS

9. March 2018

.

Female applicants and qualified applicants from developing countries are especially encouraged to apply

WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status.

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.