By continuing to browse this site, you agree to our use of cookies. Read our privacy policy
  • Organization: UN WFP - World Food Programme
  • Location: Rome
  • Grade: International Consultant - Internationally recruited Contractors Agreement - Consultancy
  • Occupational Groups:
    • Security and Safety
    • Information Technology and Computer Science
  • Closing Date: 2019-02-25

What does it mean?

Click "SAVE JOB" to save this job description for later.

Sign up for free to be able to save this job for later.

Information Security - Consultant

Rome (Italy)

WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles

Selection of staff is made on a competitive basis, and we are committed to promoting diversity and gender balance

Who we are looking for: we are seeking to identify cyber security professionals with a variety of expertise. This recruitment is aimed at recruiting and/or building/maintaining a roster of potential staff.

What we offer: a consultancy contract of up to 11 months from start date will be offered to the selected candidate(s).

Workplace: Rome (Italy) with possibility of field deployments to emergencies.

ORGANIZATIONAL CONTEXT

Technology and connectivity are rapidly reaching some of the most vulnerable people and places affected by crisis, but they are also increasingly expanding to the services responding to those same crises. As one of the main humanitarian actors, WFP has the opportunity and the obligation to leverage data and technology to better know and serve those in need by digitally transforming the way it works. In line with the ways WFP is evolving, the cyber security team is equally evolving and expanding with needs to support a broader range of cyber capabilities. 

The objective is to secure institutional data, beneficiary information, and the technological enhancements in the way WFP supplies benefits to its constituents. Information Security aims to be a business enabler in supporting the services needed by employees, partners, beneficiaries, and governments.  In addition, the team embodies an environment of proactive IT operations processes to reduce risk exposure, detect and respond to advanced threats, ensure continuous compliance, and to drive down security operations costs. 

BACKGROUND AND PURPOSE OF THE ASSIGNMENT

Under the general supervision of the Chief TECI (Technology Division – Information Security) and the direct supervision of a team manager, the incumbent will work as a contributor in team initiatives in supporting institutional needs relative to cyber security.  This will include working independently across multiple business areas establishing and managing effective working relationships with business counterparts to align business, IT, and cyber security needs. They will use their substantial technical knowledge and experience to gather and analyse business needs, provide advice and deliver solutions.

ACCOUNTABILITIES/RESPONSIBILITIES

Team members will support WFP’s cyber security efforts and increasing maturity by being a primary contributor in one of the areas of expertise mentioned below (see Technical Experience, Skills and Knowledge section).  Temporary missions in hardship duty stations may be required as part of this assignment.

Generally, the incumbent will be responsible for the following functions:

  • Provide cyber security support and advice in defined area of expertise.
  • Develop policies/procedures and socialize across the institution in defined area of expertise.
  • Identify risk concerns as relating to cyber security in defined area of expertise, and present options for mitigation.
  • Support incident response activities, which may include responding to tickets and/or occasional support outside of regular business hours.
  • Perform any other duties as required.

QUALIFICATIONS & EXPERIENCE REQUIRED

Education: University degree in information technology, or relevant field(s).  Training and knowledge of business analysis methodologies would be an asset.

Experience:

  • 4 or 6 years, depending on the role, of meaningful and progressive experience in Information Security with a deep understanding of network security technology, including strategy, design, and architecture, dependant on the position for which applicant is applying.
  • A Certified Information System Security Professional (CISSP) or equivalent certification, such as ISC2, GIAC, and ISACA, or from a recognized professional organization in Information Security is strongly preferred.
  • Broad knowledge related to IT risk management processes, including steps and methods for assessing risk following industry-standard principles and providing mitigating recommendations to clients.
  • Comprehensive skills in analysing the protection needs (i.e., security controls) for corporate information systems and networks, including security design, methods, and techniques.
  • Experience in assessing the robustness of systems and solutions, including conducting vulnerability scans and performing system security health checks, recognizing vulnerabilities and recommending opportunities for improvement.
  • Experience in handling information security incidents.
  • Knowledge of data protection and confidentiality management from private or public environments, and familiarity with investigations and computer forensics.

Technical Experience, Skills & Knowledge

Knowledge in at least one of the areas of expertise identified below and an ability to manage projects with minimal supervision.

  1. Vulnerability Management Specialist
  • At least 6 years of meaningful and progressive experience in Information Security
  • Leading and managing Vulnerability Assessment initiatives and carrying out all related activities such as requirements gathering, solution design and selection, procurement process, project management, setup and configuration.
  • Developing and recommending implementation of Vulnerability Assessment best practices, policies, procedures and performance metrics.
  • Supporting development of procedures for threat, vulnerability and incident management.
  • Penetration testing.
  • Validation of vulnerabilities and/or remediation efforts by manual testing for noted vulnerabilities identified through Vulnerability Management automated scanning tools.

      2. Mobile & Network Security Specialist

  • At least 6 years of meaningful and progressive experience in Information Security
  • Architecture of security policies for mobile devices:
    • Corporate Owned & Managed
    • Privately Owned but Corporate Managed
    • Privately Owned other and guests
  • Development of security policies and enforcement strategies for non-standard devices, including computers, Macs, tablets, and mobile phones.
  • Development of technical policies for Network Access Control (802.1x, etc).
  • Development of procedures for threat, vulnerability, and incident management for mobile and other non-standard devices.
  • Incident response activities related to mobile devices, including mobile forensics.
  • Leveraging mobile technologies for MFA.

      3. Database & Software Development Specialist

          (Beneficiary Services “SCOPE” platform support)

  • At least 6 years of meaningful and progressive experience in Information Security
  • Leveraging SDLC best practice principles for applications to address security concerns as early as possible in the development lifecycle.
  • Development and implementation of monitoring and response systems for both technical and business controls.
  • Database security.
  • Development of procedures for threat, vulnerability, and incident management for proprietary technology platforms.
  • Support of investigations for identification and logging of fraud gateways along with related risks & mitigation measures. 
  • Development and maintenance of security standards, procedures and guidelines to help raise current corporate security maturity level, and in collaboration with the Architecture branch, performance regular baseline and hardening reviews of security solutions and technology.
  • Incident response activities related to custom applications / database(s), including forensics.
  • Architecture of solutions for implementation of multi-factor authentication.

      4. Cloud & Network Security Specialist

  • At least 6 years of meaningful and progressive experience in Information Security
  • Development and application of cloud security best practices principles.
  • Establishment of SDLC activities for cloud applications to address security concerns as early as possible in the development lifecycle.
  • Designing reporting and response procedures for network-based and cloud-based events along with other “alarms” related to security operations.
  • Development of procedures for threat, vulnerability, and incident management for network-based and cloud-based services.
  • Development and maintenance of security standards, procedures and guidelines to help raise current corporate security maturity level, and in collaboration with the Architecture branch, performance regular baseline and hardening reviews of security solutions and technology.

      5. Incident Response Analyst

  • At least 4 years of meaningful and progressive experience in Information Security
  • Monitoring various security telemetry tools (SIEM, BitSight, plus Microsoft consoles such as ATP, AIP, CAS, etc.) for possible security incidents.
  • Tier 2-3 cyber investigation activities.
  • Endpoint security and forensics.
  • Providing recommendations to support staff for clean-up of minor security incidents.
  • Detailed knowledge of AD, IAM, GPOs, SCCM.
  • Searching environment for IOCs and collaboratively enriching of information.

Competencies and Behaviours: 

  • Ability to operate in distributed / decentralised teams, engage with and support partners;
  • Ability to perform under pressure, to multi-task, to navigate through multiple priorities and conflicting requests
  • Ability to work independently through appropriate personal initiative and regular follow-ups;
  • Capacity to work in difficult and insecure environments
  • Highly-developed written and oral communication skills with the ability to influence and adapt communication styles to different situations and individuals
  • Collaborative hands-on team member and relationship-builder with a facilitative nature and strong business partnering skills towards colleagues and stakeholders
  • Detail-oriented
  • Ethics & Values
  • Client Orientation
  • Interpersonal
  • Behavioural Flexibility

Language: Fluency in oral and written English is essential. Fluency in a second official UN language (Arabic, Chinese, French, Russian and Spanish) or Portuguese (one of WFP’s working languages) is desirable.

Terms and Conditions

WFP offers a competitive compensation package which will be determined by the contract type and selected candidate’s qualifications and experience.

Please visit the following websites for detailed information on working with WFP.

http://www.wfp.org Click on: “Our work” and “Countries” to learn more about WFP’s operations.

Deadline for applications: 19 February 2019

Ref.: VA No. 103522

Qualified female applicants and qualified applicants from developing countries are especially encouraged to apply

WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.

We do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify.
Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.
Apply

What does it mean?

Click "SAVE JOB" to save this job description for later.

Sign up for free to be able to save this job for later.