Information Security Advisory Specialist

Job Posting Organization:
The World Food Programme (WFP) is the world’s largest humanitarian organization, dedicated to saving lives in emergencies and using food assistance to build pathways to peace, stability, and prosperity for people recovering from conflict, disasters, and the impacts of climate change. Established in 1961, WFP operates in over 80 countries, employing thousands of individuals committed to humanitarian efforts. The organization emphasizes diversity and inclusion, ensuring equal employment opportunities for all employees, regardless of race, gender, or background. WFP has been recognized for its efforts, being awarded the Nobel Peace Prize in 2020, and continues to invest in the professional development of its workforce through various training and mentorship programs. WFP's mission is to ensure effective humanitarian assistance reaches millions globally, and it operates with core values of Integrity, Collaboration, Commitment, Humanity, and Inclusion.

Job Overview:
The security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security Advisory Specialist will play a crucial role in enhancing the cybersecurity posture of the World Food Programme. This position involves conducting comprehensive risk assessments and managing the Authorization to Operate (ATO) process for IT systems, ensuring that all security controls are effectively implemented and maintained. The specialist will design and oversee security architecture for applications, lead the implementation of cybersecurity procedures, and provide expert advisory services to Country Offices and Regional Bureaus. The role requires a proactive approach to identifying cybersecurity challenges and proposing innovative solutions to enhance service delivery. The incumbent will also be responsible for producing high-quality reports and documentation related to cybersecurity assessments and strategies, ensuring compliance with organizational policies and industry standards.

Duties and Responsibilities:
The duties and responsibilities of the Information Security Advisory Specialist include conducting comprehensive risk assessments for IT systems, managing the Authorization to Operate (ATO) process, designing security architecture for applications, leading the implementation of cybersecurity procedures, and producing proposals for technologies to improve cybersecurity. The specialist will conduct third-party risk assessments, provide guidance on secure software development lifecycle principles, and advise on risk and data classification concerns. Additionally, the role involves maintaining records of decisions and assessments, identifying improvements to existing processes, and managing cybersecurity-related projects. The specialist will also be expected to produce detailed reports on risk assessments, compliance status, and cybersecurity challenges faced by the organization, ensuring that all documentation is thorough and well-researched.

Required Qualifications:
Candidates must possess a degree in Computer Science, Engineering, or related STEM disciplines, or equivalent working experience. A minimum of 6 years of relevant work experience in IT security is required. Candidates should have solid IT security skills, expertise in IT software development lifecycle (SDLC), and a strong understanding of IT architecture and design concepts. Experience in managing stakeholder relationships and aligning cybersecurity strategies with business objectives is essential. Knowledge of cybersecurity risk concepts, project management skills, and experience in multinational organizations are also required. Desirable qualifications include IT security and IT audit certifications, experience with security architecture in the cloud, and familiarity with compliance processes such as ISO, NIST, HIPAA, or PCI.

Educational Background:
The educational background required for this position includes a degree in Computer Science, Engineering, or related STEM disciplines. Equivalent working experience may also be considered in lieu of formal education. Candidates should have a strong academic foundation in IT security principles and practices, as well as relevant certifications that demonstrate expertise in the field.

Experience:
The position requires at least 6 years of relevant work experience in the field of information security. Candidates should have a proven track record of conducting risk assessments, managing cybersecurity projects, and providing advisory services in a multinational context. Experience in developing and implementing security policies and procedures, as well as familiarity with compliance standards, is highly desirable.

Languages:
Fluency in oral and written English is mandatory for this position. Additionally, an intermediate knowledge of another official UN language (Arabic, Chinese, French, Russian, or Spanish) or Portuguese, which is one of WFP’s working languages, is desirable. Proficiency in multiple languages will enhance communication and collaboration within the diverse WFP workforce.

Additional Notes:
This position is offered as a remote work opportunity with a contract duration of 11 months. The role is classified as CST2, indicating a mid-level position within the organization. WFP is committed to providing an inclusive work environment and encourages applications from individuals with disabilities. The organization does not charge any fees during the application process and emphasizes the importance of submitting accurate and complete profiles. Candidates are advised to upload their professional CVs in English and may be required to provide additional documentation at a later stage. Only shortlisted candidates will be notified, and all employment decisions are based on organizational needs and individual qualifications.