Head of IT Security, Policy & Compliance

WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles

Selection of staff is made on a competitive basis, and we are committed to promoting diversity and gender balance

ABOUT WFP

The United Nations World Food Programme (WFP) is the world's largest humanitarian agency, fighting hunger worldwide. We are seeking to fill a short-term position of Head of IT Security, Policy & Compliance P3 based at our Headquarters in Rome, Italy.

The information security landscape is changing, and information security has become a high priority for WFP.

With an extensive network of offices worldwide, and a decentralised decision-making structure, WFP wants to create an environment of proactive IT operations processes to reduce risk exposure, detect and respond to advanced threats, ensure continuous compliance and drive down security operations costs.

Within this context, we are seeking an experienced, energetic and engaging Head of IT Security, Policy & Compliance. Under the direct supervision of the Chief Information Security Officer (CISO), the incumbent will lead the day to day activities of cyber security professionals tasked to conduct a number of consulting activities to the business, including, but not limited to:

•        policy development & compliance;

•        awareness;

•        application security;

•        security architecture;

•        data protection;

•        securing beneficiary management systems.

The incumbent will both be an individual contributor for cyber security best practices and drive the same within the Policy & Compliance team. 

ACCOUNTABILITIES/RESPONSIBILITIES:

• Manage day to day activities of Policy & Compliance team and report relevant activities to the Chief.
• Prepare status reports for CISO, CIO, and other stakeholders, as required.
• Liaise with other TEC branches and the business, providing expert cyber security guidance.
• Champion Systems Development Life Cycle (SDLC) with all application development activities, including possible Freedom in a Framework endeavours.
• Drive Bring Your Own Device (BYOD), mobile, and Network Access Control (NAC) policies, implementation and enforcement.
• Review proposed network configurations for potential risks and propose mitigating controls for areas of concern.
• Develop and apply cloud security best practices principles as WFP infrastructure migrates to cloud-based platforms.
• Support development of procedures for threat, vulnerability, and incident management for network-based and cloud-based services. 
• Develop and maintain new security standards, procedures and guidelines to help raise current corporate security maturity level.
• Manage cyber policy development, including approvals, corporate communications, implementation, adoption, and enforcement.
• Primary point of contact representing the Information Security branch (TECI) with OIGA (Office of Inspector General, Audit Branch) activities.
• Function one of WFP’s Data Protection Officers, driving data protection & classification programs.
• Work with the leaders in the organization to identify current and/or potential security risks and develop, implement, drive and optimize security solutions, methodologies and/or practices.
• Serve as an advisor in the development, implementation, and maintenance of a robust information privacy and security program and infrastructure including network access and monitoring policies.
• Collaborate with legal, compliance, risk management, and oversight functions, to conduct reviews and audits, recommend policies and procedures, monitor status, and report violations to appropriate management.
• Manage cyber security awareness activities.
• Conduct performance appraisals for staff and manage staff development plans & growth.
• Occasionally function as Officer-in-Charge for the CISO and perform other related duties as assigned.

QUALIFICATIONS & EXPERIENCE REQUIRED 

Education: University Degree in the field of Computer Science/Engineering.

Experience: At least 7 years of progressively responsible work experience in information security.

Technical Skills & Knowledge:

• Sound IT Security skills, with both academic background and practical hands-on experience
• Solid IT SDLC expertiseSolid cloud & network experience
• Policy development expertise
• Preferred experience in a financial organization as a cyber expert
• Good project management skills
• Executive presentation skills
• Experience in multinational organizations
• IT Security and IT Audit certifications 

Language: Fluency in oral and written English is essential. Intermediate knowledge of another official UN language (Arabic, Chinese, French, Russian and Spanish) or Portuguese (one of WFP’s working languages) is desirable.

Terms and Conditions

WFP offers a competitive compensation package which will be determined by the contract type and selected candidate’s qualifications and experience.

Please visit the following websites for detailed information on working with WFP.

http://www.wfp.org Click on: “Our work” and “Countries” to learn more about WFP’s operations.

Deadline for applications: 19 February 2019

Ref.: VA No. 103521

Qualified female applicants and qualified applicants from developing countries are especially encouraged to apply

WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.

<!--![endif]---->