By continuing to browse this site, you agree to our use of cookies. Read our privacy policy

Information Security Consultants (Multi Profiles) Roster level 1 2

Home

  • Organization: WFP - World Food Programme
  • Location: Home
  • Grade: Consultancy - International Consultant - Internationally recruited Contractors Agreement
  • Occupational Groups:
    • Information Technology and Computer Science
    • Security and Safety
  • Closing Date: Closed

 

 

WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles

Selection of staff is made on a competitive basis, and we are committed to promoting diversity and gender balance

 

 

Who we are looking for: we are seeking to identify cyber security professionals with a variety of expertise. This recruitment is aimed at recruiting and/or building/maintaining a roster of potential staff.

 

What we offer: a consultancy contract of up to 11 months from start date will be offered to the selected candidate(s).

 

Workplace: This is a remote role with a team working in the Central European Standard Time (CEST) time zone; for this role at least six working hours must overlap with the 08:30am to 5pm CEST working day.

 

ORGANIZATIONAL CONTEXT

 Technology and connectivity are rapidly reaching some of the most vulnerable people and places affected by crisis, but they are also increasingly expanding to the services responding to those same crises. As one of the main humanitarian actors, WFP has the opportunity and the obligation to leverage data and technology to better know and serve those in need by digitally transforming the way it works. In line with the ways WFP is evolving, the cyber security team is equally evolving and expanding with needs to support a broader range of cyber capabilities. 

The objective is to secure institutional data, beneficiary information, and the technological enhancements in the way WFP supplies benefits to its constituents. Information Security aims to be a business enabler in supporting the services needed by employees, partners, beneficiaries, and governments.  In addition, the team embodies an environment of proactive IT operations processes to reduce risk exposure, detect and respond to advanced threats, ensure continuous compliance, and to drive down security operations costs. 

 

BACKGROUND AND PURPOSE OF THE ASSIGNMENT

 Under the general supervision of the Chief TECI (Technology Division – Information Security) and the direct supervision of a team manager, the incumbent will work as a contributor in team initiatives in supporting institutional needs relative to cyber security.  This will include working independently across multiple business areas establishing and managing effective working relationships with business counterparts to align business, IT, and cyber security needs. They will use their substantial technical knowledge and experience to gather and analyse business needs, provide advice and deliver solutions.

 

ACCOUNTABILITIES/RESPONSIBILITIES

Team members will support WFP’s cyber security efforts and increasing maturity by being a primary contributor in one of the areas of expertise mentioned below (see Technical Experience, Skills and Knowledge section).  Temporary missions in hardship duty stations may be required as part of this assignment.

 Generally, the incumbent will be responsible for the following functions:

  • Provide cyber security support and advice in defined area of expertise.
  • Develop policies/procedures and socialize across the institution in defined area of expertise.
  • Identify risk concerns as relating to cyber security in defined area of expertise, and present options for mitigation.
  • Support incident response activities, which may include providing subject matter expertise and/or occasional support to those outside of regular business hours.
  • Perform any other duties as required.

 

QUALIFICATIONS & EXPERIENCE REQUIRED

 Education

University degree in information technology, or relevant field(s). 

 Experience

At least 6 years of meaningful and progressive experience in Information Security with a deep understanding of network security technology, including strategy, design, and architecture, dependant on the position for which applicant is applying.

A Certified Information System Security Professional (CISSP) or equivalent certification, such as ISC2, GIAC, and ISACA, or from a recognized professional organization in Information Security is strongly preferred.

Broad knowledge related to IT risk management processes, including steps and methods for assessing risk following industry-standard principles and providing mitigating recommendations to clients.

Comprehensive skills in analysing the protection needs (i.e., security controls) for corporate information systems and networks, including security design, methods, and techniques.

Experience in assessing the robustness of systems and solutions, including conducting vulnerability scans and performing system security health checks, recognizing vulnerabilities and recommending opportunities for improvement.

Experience in handling information security incidents.

Knowledge of data protection and confidentiality management from private or public environments

Familiarity with investigations and computer forensics.

Technical Experience, Skills & Knowledge

Knowledge in at least one of the areas of expertise identified below and an ability to manage projects with minimal supervision.

1. Incident Response Specialist

  • At least 6 years of meaningful and progressive experience in Information Security
  • Monitoring various security telemetry tools (SIEM, plus Microsoft consoles such as MDE, AIP, CAS, Threat Intel, etc.) for possible security incidents.
  • Tier 2-3 cyber incidents investigation activities.
  • Endpoint security and forensics.
  • Providing recommendations to support staff for clean-up of minor security incidents.
  • Detailed knowledge of AD/AAD, IAM, GPOs, SCCM.
  • Searching environment for IOCs and collaboratively enriching information.

2. Vulnerability Management Specialist

  • At least 6 years of meaningful and progressive experience in Information Security
  • Leading and managing Vulnerability Assessment initiatives and carrying out all related activities such as requirements gathering, solution design and selection, procurement process, project management, asset discovery, scan, and remediation guidance.
  • Developing and recommending implementation of Vulnerability Assessment best practices, policies, procedures and performance metrics.
  • Supporting development of procedures for threat, vulnerability and incident management.
  • Penetration testing.
  • Validation of vulnerabilities and/or remediation efforts by manual testing for noted vulnerabilities identified through Vulnerability Management automated scanning tools.

3. Endpoint Security Specialist

  • At least 6 years of meaningful and progressive experience in Information Security
  • Architecture of security policies for endpoint devices:
    • Corporate Owned & Managed
    • Privately Owned but Corporate Managed
    • Privately Owned other and guests
  • Development of security policies and enforcement strategies for non-standard devices, including computers, Macs, tablets, and mobile phones.
  • Development of procedures for threat, vulnerability, and incident management for mobile and other non-standard endpoint devices.
  • Incident response activities related to endpoint devices, including forensics.
  • Leveraging mobile technologies for MFA.

4Application Development Security Specialist

  • At least 6 years of meaningful and progressive experience in Information Security
  • Leveraging SDLC best practice principles for applications to address security concerns as early as possible in the development lifecycle.
  • Development and implementation of monitoring and response systems for both technical and business controls.
  • Database security.
  • Development of procedures for threat, vulnerability, and incident management for proprietary technology platforms.
  • Support of investigations for identification and logging of fraud gateways along with related risks & mitigation measures. 
  • Development and maintenance of security standards, procedures and guidelines to help raise current corporate security maturity level, and in collaboration with the Architecture branch, performance regular baseline and hardening reviews of security solutions and technology.
  • Incident response activities related to custom applications / database(s), including forensics.
  • Architecture of solutions for implementation of multi-factor authentication and encryption.

5. Cloud & Network Security Specialist

  • At least 6 years of meaningful and progressive experience in Information Security
  • Development and application of cloud security best practices principles.
  • Development of technical policies for Network Access Control (802.1x, etc) and Network Security (IDS, IPS, IP/DNS-SEC, etc.).
  • Establishment of SDLC activities for cloud applications to address security concerns as early as possible in the development lifecycle.
  • Designing reporting and response procedures for network-based and cloud-based events along with other “alarms” related to security operations.
  • Development of procedures for threat, vulnerability, and incident management for network-based and cloud-based services.
  • Development and maintenance of security standards, procedures and guidelines to help raise current corporate security maturity level, and in collaboration with the Architecture branch, performance regular baseline and hardening reviews of security solutions and technology.

 Competencies and Behaviours:

  • Ability to operate in distributed / decentralised teams, engage with and support partners;
  • Ability to perform under pressure, to multi-task, to navigate through multiple priorities and conflicting requests
  • Ability to work independently through appropriate personal initiative and regular follow-ups;
  • Capacity to work in difficult and insecure environments
  • Highly-developed written and oral communication skills with the ability to influence and adapt communication styles to different situations and individuals
  • Collaborative hands-on team member and relationship-builder with a facilitative nature and strong business partnering skills towards colleagues and stakeholders
  • Detail-oriented
  • Ethics & Values
  • Client Orientation
  • Interpersonal
  • Behavioural Flexibility

Language:

Fluency in oral and written English is essential. Fluency in a second official UN language (Arabic, Chinese, French, Russian and Spanish) or Portuguese (one of WFP’s working languages) is desirable.

 

 

 

 

TERMS AND CONDITIONS:

WFP offers a competitive compensation package, which will be determined by the contract type and selected candidate’s qualifications and experience.

Please visit the following websites for detailed information on working with WFP.

http://www.wfp.org Click on: “Our work” and “Countries” to learn more about WFP’s operations.

 

 

 

Deadline for applications:  02 June 2022 at 11:59 Rome time (CET/CEST)

REF: 164804

 

 

 

 

 


Qualified female applicants and qualified applicants from developing countries are especially encouraged to apply.

WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status.

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.

Saving lives, changing lives

 

 

 

 

This vacancy is now closed.
However, we have found similar vacancies for you: