Cybersecurity Consultant

DEADLINE FOR APPLICATIONS

19 January 2025-23:59-GMT+01:00 Central European Time (Rome)

ABOUT WFP

The World Food Programme is the world’s largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.

At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.

To learn more about WFP, visit our website:
WHY JOIN WFP?- WFP is a 2020 Nobel Peace Prize Laureate.- WFP offers a highly inclusive, diverse, and multicultural working environment.- WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.- A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.- We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).

JOB TITLE: Cybersecurity Consultant - Policy and Data Protection

TYPE OF CONTRACT: Regular CST - level I

UNIT/DIVISION: TECI (Cybersecurity Branch), TEC

DUTY STATION (City, Country): Remote

DURATION: 11 months (renewable)

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:
Under the general supervision of the Chief Information Security Officer and direct supervision of the Head of Cyber Advisory Services, the consultant will ensure the Organisation relies upon state-of-the-art, risk-based controls over IT systems and data.

ACCOUNTABILITIES/RESPONSIBILITIES:
The consultant will be responsible for the following tasks:

- Develop, Implement, and Oversee Cybersecurity Policies and Governance Framework:

- Draft and review cybersecurity policies, standards, and procedures that align with organisational objectives and reflect new threats and latest regulatory and industry standards, and technology advancements.
- Establish a framework for continuous improvement in cybersecurity governance, risk management and policy adherence, aligned with Zero Trust principles.
- Develop and advise on the development of new policies and/or best practices with regard to data sharing and data security, participating in cross functional committees and panels as needed.
- Conduct and participate in regular tabletop exercises to test the effectiveness of cybersecurity policies and SOP, identify gaps, enhance policy understanding, and improve response coordination.
- Be the primary liaison between the Cybersecurity branch and the Global Privacy Office (GPO), ensuring data protection requirements are appropriately implemented through cybersecurity technical and administrative controls:

- Guide the organisation on data classification and data security.
- Coordinate cybersecurity responses to third-party breaches impacting the organisation, facilitating cross-divisional collaboration to evaluate and mitigate associated risks.
- Engage in any official activity on behalf of TEC that relates to personal and sensitive data disclosure.
- Thoroughly review legal agreements, partnerships, contracts, and related documentation, identifying potential risks related to data sharing and cybersecurity.
- Coordinate responses for all audits and evaluations that have a cybersecurity component, organizing specific tasks for various focal points across TEC and collating responses to satisfactorily address all findings and recommendations.
- Produce feedback and responses to assessments performed by other bodies relating to WFP’s cybersecurity position and programme.
- Collaborate across WFP divisions to analyse the security posture of third parties.
- Perform other related duties as assigned.

DELIVERABLES AT THE END OF THE CONTRACT:

- Contracts and agreements reviewed for data sharing and cybersecurity risks.
- Cybersecurity related policies, standards and procedures continuously updated and disseminated, reflecting emerging threats and regulatory changes.
- Elevation of cybersecurity risk management and third-party security posture, incorporating zero trust principles.
- Coordinated responses to audits, evaluations, breaches and assessments.

QUALIFICATIONS & EXPERIENCE REQUIRED:
Education:
University Degree in Computer Science, Information Technology, Data Protection, Law, or other related field.

Experience:

- 3 years of experience in either Data Protection, Governance, Compliance, Privacy or Assurance initiatives in