Information Security Advisory Specialist

DEADLINE FOR APPLICATIONS

5 July 2025-23:59-GMT+01:00 Central European Time (Rome)

ABOUT WFP

The World Food Programme is the world’s largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.

At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.

To learn more about WFP, visit our website:
WHY JOIN WFP?- WFP is a 2020 Nobel Peace Prize Laureate.- WFP offers a highly inclusive, diverse, and multicultural working environment.- WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.- A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.- We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).

JOB TITLE: INFORMATION SECURITY ADVISORY SPECIALIST

TYPE OF CONTRACT: CST2

UNIT/DIVISION: TECI

DUTY STATION (City, Country): REMOTE WORK

DURATION: 11 months

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:
Under the general supervision of the Chief Information Security Officer and supervision of the Head of Cybersecurity Advisory Services, the incumbent will conduct consulting activities to the business, including, but not limited to:

- Authorization to Operate and security compliance
- Application security
- Network security
- Security architecture
- Third Party Risk Management
- Securing beneficiary management systems
- Azure and Active Directory security
- Identity and access management

ACCOUNTABILITIES/RESPONSIBILITIES:

- Conduct comprehensive risk assessments and manage the Authorization to Operate (ATO) process for IT systems, ensuring that all security controls are effectively implemented and maintained to meet organizational and regulatory requirements.
- Lead the design, implementation and maintenance of cybersecurity procedures and services, aimed at protecting IT systems and sensitive data.
- Produce proposals around technologies to improve the cybersecurity posture of the organization, with sound research to ensure these produce value.
- Propose and maintain new security standards, procedures and guidelines to help raise the current security maturity level of the organization. In close collaboration with the Architecture branch, perform regular baseline and hardening reviews of WFP security solutions and technologies.
- Provide expert support and advisory services to County Offices and Regional Bureaus to address cybersecurity challenges and maintain compliance with organizational security standards.
- Conduct third-party risk assessments, ensuring cybersecurity compliance and effective risk management. Provide guidance to IT solution owners across the organization to:

- Properly design the needed measures to ensure the cybersecurity of the solution.
- Protect data as appropriate for their classification.
- Understand and propose secure software development lifecycle (SDLC) principles.
- Ensure the compliance with Enterprise Architecture and security guidelines.
- Advise the organization on other risk and data classification concerns.
- Consistently find opportunities to innovate, extend and enhance service delivery wherever possible.
- Maintain a record of decisions taken and assessments performed, in cooperation with other members of the Advisory team.
- Identify and execute improvements to existing processes, through solutions to address recurring problems and enhancements to existing solutions or documentation.
- Produce high quality reports.
- Provide leadership and advice to more junior colleagues.
- Manage cybersecurity related projects.
- Additional duties as requested.

DELIVERABLES AT THE END OF THE CONTRACT:

- Comprehensive reports detailing the risk assessments conducted for IT systems, including identified risks, mitigation measures, and residual risks.
- Complete documentation for the Authorization to Operate (ATO) process, including security controls, compliance status, and any necessary remediation actions.
- Well-researched proposals for technologies and strategies to improve the organization's cybersecurity posture.
- Updated security standards, procedures, and guidelines to raise the corporate security maturity level, including baseline and hard