Cybersecurity Governance, Risk and Compliance

DEADLINE FOR APPLICATIONS

3 September 2025-23:59-GMT+01:00 Central European Time (Rome)

ABOUT WFP

The World Food Programme is the world’s largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.

At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.

To learn more about WFP, visit our website:
WHY JOIN WFP?- WFP is a 2020 Nobel Peace Prize Laureate.- WFP offers a highly inclusive, diverse, and multicultural working environment.- WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.- A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.- We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).

ORGANIZATIONAL CONTEXT

The position is based in HQ, Rome and reports to the Chief Information Security Officer (CISO) as part of the broader Technology Division.

The information security landscape is rapidly evolving, making cybersecurity a top priority for WFP. With a global presence and a decentralized decision-making structure, WFP is committed to fostering proactive IT operations to minimize risk exposure, detect and respond to advanced threats, ensure ongoing compliance, and optimize security operations costs.

The incumbent will provide Subject Matter Expert (SME) expertise in cybersecurity, offering specialized knowledge and support to ensure the effective delivery of cybersecurity strategy and governance. The role will contribute to the implementation of enterprise-wide cybersecurity frameworks, ensuring alignment with WFP’s business objectives, compliance obligations, and industry best practices.

THE ROLE

The incumbent's role is to contribute to the development and lead the implementation, and oversight of the organization cybersecurity strategy and governance framework. This role oversees alignment with business objectives, regulatory requirements, and industry best practices while fostering a culture of security awareness and accountability across the organization.

KEY ACCOUNTABILITIES (not all-inclusive, within delegated authority):

- Contribute to the development and lead the implementation of the WFP’s cybersecurity strategy to address current and emerging threats.
- coordinate the alignment of the cybersecurity strategy with organizational priorities, operational requirements and WFP’s risk appetite, to support risk-informed decision-making and enable operational continuity.
- Develop and maintain cybersecurity roadmaps, including objectives, milestones and performance indicators for cybersecurity initiatives to guide the execution of strategic initiatives and track progress.
- Establish and maintain a robust cybersecurity governance framework to ensure effective oversight, accountability, and decision-making across the organization.
- Develop, review, and support the implementation of cybersecurity policies, standards, and guidelines.
- Ensure cybersecurity activities and controls align with relevant standards and regulations (e.g., NIST CSF, ISO 27001, GDPR to meet compliance obligations and industry standards.
- Provide timely and relevant reporting on cybersecurity posture, risks, and compliance status to senior management and other stakeholders to enable informed decisions and maintain organizational transparency.
- Identify, assess, and coordinate the remediation of cybersecurity risks to reduce vulnerabilities and strengthen WFP’s overall security maturity. Liaise with internal and external auditors on cybersecurity-related matters to address compliance issues.
- Collaborate with cross-functional teams to integrate cybersecurity into business processes and initiatives.
- Monitor, track, and report on cybersecurity performance and risk metrics to measure effectiveness, support accountability, and inform strategic adjustments.
- Conduct regular cybersecurity capability and maturity assessments to identify gaps and opportunities for improvement.
- Other as required.

QUALIFICATIONS AND EXPERIENCE

EDUCATION:

- First University Degree in cybersecurity, information technology, or a related field.
- Certifications such as CISSP, CISM, CRISC, or similar