Cybersecurity Subject Matter Expert

Job Posting Organization:
The World Food Programme (WFP) is the world’s largest humanitarian organization, established to save lives in emergencies and to use food assistance to build pathways to peace, stability, and prosperity for people recovering from conflict, disasters, and the impacts of climate change. WFP operates globally, with a mission centered around the values of Integrity, Collaboration, Commitment, Humanity, and Inclusion. The organization is committed to diversity and equal employment opportunities, encouraging qualified candidates from all backgrounds to apply. WFP has a diverse workforce and offers a highly inclusive, multicultural working environment, investing in the personal and professional development of its employees through various training and mobility opportunities. WFP is also a 2020 Nobel Peace Prize Laureate, which highlights its commitment to humanitarian efforts worldwide.

Job Overview:
The Cybersecurity Subject Matter Expert (SME) position at WFP is crucial for leading and overseeing strategic cybersecurity initiatives to protect mission-critical operations in a rapidly evolving digital landscape. The SME will provide expert guidance and support in cybersecurity, ensuring the effective delivery of cyber advisory services. This role involves collaborating with cybersecurity professionals to address complex security" style="border-bottom: 1px dotted #007bff !important;">security challenges, contributing technical insights, and developing solutions that enhance WFP's resilience and compliance with cybersecurity standards. The incumbent will work closely with the Chief Information Security Officer (CISO) and will be responsible for integrating cybersecurity into organizational processes and strategic initiatives, thereby supporting WFP’s global operations.

Duties and Responsibilities:
The duties and responsibilities of the Cybersecurity SME include:

• Providing expertise in the daily operations of the Cybersecurity Advisory and Protection Services team, ensuring effective security measures are in place.
• Delivering detailed reports on critical activities, incidents, and progress to the CISO.
• Acting as a liaison between cybersecurity functions, technical branches, and business units to integrate cybersecurity into organizational processes.
• Offering expert support and advisory services to Country Offices and Regional Bureaus to address cybersecurity challenges.
• Leading comprehensive reviews of proposed network architectures and IT solution configurations to identify and mitigate potential security risks.
• Developing, implementing, and maintaining cybersecurity standards, frameworks, policies, and guidelines.
• Overseeing the lifecycle of cybersecurity policies, including drafting, stakeholder approvals, and enforcement mechanisms.
• Representing the Information Security branch in interactions with the Office of Inspector General to ensure compliance.
• Managing the Third-Party Cybersecurity Assessment Program to evaluate supply chain risks. 1
• Partnering with organizational leadership to identify security risks and design robust security strategies. 1
• Building relationships with key stakeholders to conduct joint reviews and ensure audit readiness. 1
• Providing expertise in cybersecurity awareness and training activities. 1
• Leading consulting engagements across organizational units and UN-affiliated entities. 1
• Defending the organization by implementing security processes to protect against cybersecurity risks. 1
• Performing other duties as required.

Required Qualifications:
The required qualifications for the Cybersecurity SME position include:

• A university degree (Bachelor or equivalent) in Information Security, Computer Science, Information Technology, or a related field.
• At least one professional certification in information security (CISSP, CISM, CISA, or OSCP) is mandatory.
• Sound IT Security skills, with both academic background and practical experience.
• Deep understanding of industry standards and frameworks such as NIST Cybersecurity Framework, ISO/IEC 27001, and CIS Controls.
• Solid IT SDLC expertise and experience in working with Cloud and Network security.
• Good project management skills and the ability to manage multicultural teams effectively.
• Proven experience in risk assessment, threat modeling, and mitigation.

Educational Background:
Candidates must possess a university degree (Bachelor or equivalent) in a relevant field such as Information Security, Computer Science, or Information Technology. Additionally, candidates are required to hold at least one professional certification in the field of information security, such as CISSP, CISM, CISA, or OSCP, which demonstrates their expertise and commitment to the field.

Experience:
The position requires at least 8 years of progressively responsible work experience in information security, including advisory or consulting roles, policy development, and experience working with internal audit or investigations units. Previous work experience in or with international organizations or UN agencies is highly desirable, as it provides valuable context and understanding of the unique challenges faced in the humanitarian sector.

Languages:
Fluency in English (level C) is mandatory for this position. Additionally, candidates should have intermediate knowledge (level B) of a second official UN language, which could include Arabic, Chinese, French, Russian, Spanish, or Portuguese, as these are considered working languages within WFP.

Additional Notes:
This is an International Professional position open to all nationalities. The position is classified as 'non-rotational,' meaning the incumbent will not be subject to the regular reassignment process unless the position is reclassified. The selected candidate will be employed on a fixed-term contract with a one-year probationary period. WFP offers an attractive compensation and benefits package in line with ICSC standards, including basic salary, post adjustment, relocation entitlement, and various allowances. The selected candidate will be required to relocate to Rome, Italy, to take up this assignment.