Head of Cybersecurity Operations (IT Risk & Security Officer) P4
WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles.
Selection of staff is made on a competitive basis, and we are committed to promoting diversity and gender balance.
Are you passionate about changing and saving the lives of the world's most vulnerable people? Are you interested in applying your IT experience to lead the implementation of creative solutions that can prevent any cyber threats? If yes, this opportunity is for you.
Cybersecurity has become a key priority at WFP, focusing on protecting not just the data of our organization, but that of our beneficiaries. To be successful at protecting our digital assets, we also must have a robust cybersecurity operations team to handle the continuous ongoings to be proactive about identifying our weaknesses and responding to incidents. In support of related activities, we are looking for an international and talented Head of Unit for Cybersecurity Operations hired as a P4 in Rome, Italy that will be in charge of the day-to-day goings on for operational activities related to cybersecurity and will supervise and develop the specialists in her/his Unit.
- Assess and analyze cyber threats, risks, and vulnerabilities to design and implement preventative and reactive IT Security Solutions, and to adapt cybersecurity procedures, SOPs, and policies.
- Work with the leaders in the organization to identify current and/or potential security risks and develop, implement, drive and optimize security solutions, methodologies and/or practices.
- Serve as an advisor in the development, implementation, and maintenance of a robust information privacy and security program and infrastructure including network access and monitoring policies.
- Collaborate with legal, compliance, risk management, and oversight functions, to conduct reviews and audits, recommend policies and procedures, monitor status, and report violations to appropriate management.
- Develop robust vulnerability management practices for reporting and validation, while working with resource owners in support of remediation activities and working to establish operative governance practices.
- Evaluate all requests for change for cybersecurity concerns as a part of the Change Management process.
- Function as the Incident Captain on the occasion of a major cyber event, and coordinate internal and external resources for effective investigation, response, containment, eradication, recovery, and other requirements necessary.
- Coordinate, plan and supervise internal resources and service providers.
- Lead, coach and develop your team members
- Perform other duties as required.
Experience and Knowledge:
- At least eight (8) years of meaningful and progressive experience in Information Security, with strong technical skills, an in-depth knowledge and understanding of network security technology, including strategy, design, and architecture.
- A Certified Information System Security Professional (CISSP) or equivalent certification, such as ISC2, GIAC, and ISACA, from a recognized professional organization in Information Security is required.
- Broad knowledge related to the creation of IT risk management processes, including steps and methods for assessing risk following industry-standard principles, and experience designing fully integrated risk, security and fraud prevention frameworks.
- Comprehensive skills in analyzing the protection needs (i.e., security controls) for corporate information systems and networks, including security design, methods, and techniques.
- Experience in assessing the robustness of systems and solutions, including conducting vulnerability scans and performing system security health checks, recognizing vulnerabilities and recommending opportunities for improvement.
- Experience in handling information security incidents and emotional maturity to understand the impact and sensitivity of IT security incidents.
- Knowledge of data protection and confidentiality management from private or public environments, and familiarity with investigations and computer forensics.
- Advanced university degree in Computer Sciences, Information Security, Information Technology, Engineering or other relevant fields, or first university degree with additional years of related work experience or training.
- Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.
Mobility is and continues to be a core contractual requirement in WFP. This position is however classified as “non-rotational” which means you shall not be subject to the regular reassignment process unless the position is reclassified as rotational.
In case you are selected for this position, you will be employed on a Fixed-Term contract with a probationary period of one year. You will require to travel abroad to remote and challenging locations.
WFP offers an attractive compensation and benefits package including basic salary, post adjustment, relocation entitlement, travel and shipment allowances, 30 days’ annual leave, home leave, an education grant for dependent children, pension plan and medical insurance. For more details, please visit icsc.un.org.
26 November 2019
Female applicants and qualified applicants from developing countries are especially encouraged to apply
WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status.
No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.