Cybersecurity Specialist

Cybersecurity Specialist - Threat, Risk and Vulnerability Management Join to apply for the Cybersecurity Specialist - Threat, Risk and Vulnerability Management role at World Food Programme DEADLINE FOR APPLICATIONS 4 January :59-GMT+01:00 Central European Time (Rome) WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability. ABOUT WFP The World Food Programme is the world’s largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change. At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves. To learn more about WFP , visit our website: and follow us on social media to keep up with our latest news: YouTube, LinkedIn, Instagram, Facebook, Twitter, TikTok. WHY JOIN WFP? WFP is a 2020 Nobel Peace Prize Laureate. WFP offers a highly inclusive, diverse, and multicultural working environment. WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities. A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe. We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement). JOB TITLE: Cybersecurity Specialist - Threat, Risk and Vulnerability Management TYPE OF CONTRACT: Regular Consultant (CST2) DUTY STATION: Rome/Italy or Remote DURATION: 11 months BACKGROUND AND PURPOSE OF THE ASSIGNMENT Under the general supervision of the Chief TECI and the direct supervision of the Head of Cybersecurity Operations, the incumbent will lead efforts to enhance the organization's threat exposure & vulnerability management practices. This includes coordinating adversarial validation initiatives – such as penetration testing, threat exposure assessments, red/purple teaming – to identify and assess exploitable vulnerabilities in IT infrastructure and systems. The role focuses on validating risks and gaps, prioritizing remediation and controls, and aligning efforts with business priorities. The incumbent will collaborate with teams to integrate validation results into threat exposure and detection processes, while continuously monitoring, reporting, and refining adversarial validation practices to minimize organizational risk by addressing critical vulnerabilities and detection gaps. ACCOUNTABILITIES / RESPONSIBILITIES Design and coordinate adversarial validation activities such as penetration tests, threat exposure assessments, and red/purple team exercises to identify detection gaps, exploitable weak points and assess their risk impact in real‑world scenarios. Validate findings to confirm exploitability, assess risk levels, and guide prioritization of remediation efforts, leveraging team input and expertise and guiding integration into WFP's threat exposure management program. Collaborate with relevant teams and provide technical direction to ensure timely mitigation of validated vulnerabilities or detection gaps. Develop clear reports and dashboards that highlight key findings, including critical vulnerabilities, attack paths, and remediation progress for stakeholder visibility. Communicate adversarial validation findings, risks, and remediation strategies effectively to senior leadership and stakeholders. Continuously refine validation techniques based on emerging threat intelligence, vulnerabilities, and attack methods to maintain program relevance and effectiveness. Prioritize vulnerabilities based on adversarial validation outcomes, focusing on those posing the highest risk to the organization's operations, and coordinate team efforts accordingly. Perform other cybersecurity related duties as assigned. DELIVERABLES AT THE END OF THE CONTRACT Comprehensive Adversarial Validation Reports: Developed in coordination with a small technical team, including findings, attack paths, categorized vulnerabilities, proof of concept, and real‑world risk impact. Prioritized Mitigation Recommendations: Actionable strategies based on business impact and organizational risk, incorporating team-driven insights to address critical gaps and improve security posture. Integrated Workflows & Threat Exposure Alignment: Team-supported automation and structured processes for embedding validation results into vulnerability management and threat intelligence programs. Stakeholder Communication Briefs: Executive-level summaries and presentations reflecting the team's findings and strategic recommendations, tailored based on different audiences. Refined Validation Methodology: Updated adversarial validation techniques and documentation, developed collaboratively and incorporating lessons learned across the team. QUALIFICATIONS & EXPERIENCE REQUIRED Education: University Degree in Information Technology, Information Systems, Cybersecurity, or related fields or a combination of relevant education and experience. Experience: At least 5 years of experience in cybersecurity, with focus on vulnerability management and threat exposure management. Knowledge & Skills: Sound IT Security skills, with both academic background and practical hands‑on experience. In‑depth understanding of vulnerability management frameworks, processes, and best practices. Experience with vulnerability scanning processes, tools and remediation workflows. Familiarity with security concepts such as threat modeling, asset classification, and risk‑based decision‑making. Experience with penetration testing, and adversarial emulation activities that aid in identifying potential attack vectors and their impact. Previous experience in international or UN environments is valued, but not essential. IT Audit and/or PM certifications are desirable, though equivalent hands‑on experience is equally appreciated. Strong organisational and communication skills. Languages: Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language desirable: Arabic, Chinese, French, Russian, Spanish, and/or WFP's working language, Portuguese. WFP LEADERSHIP FRAMEWORK WFP Leadership Framework guides to the common standards of behavior that guide HOW we work together to accomplish our mission. Click here to access WFP Leadership Framework REASONABLE ACCOMMODATION WFP is committed to supporting individuals with disabilities by providing reasonable accommodations throughout the recruitment process. If you require a reasonable accommodation, please contact: NO FEE DISCLAIMER The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the