JOB DESCRIPTION

 

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:

Under the general supervision of the Chief Information Security Officer and supervision of the Head of Cybersecurity Advisory Services the Cloud and AI Security Analyst will support the organisation’s cybersecurity posture by focusing on the secure design, deployment, and monitoring of cloud-native and AI-driven systems. This role is critical in ensuring that emerging technologies such as generative AI, machine learning pipelines, and multi-cloud environments are integrated securely and in compliance with corporate standards and international best practices. The services that the incumbent will provide include, but are not limited to, the following:

• Cloud architecture security assessments

• DevSecOps pipeline integration support

• Cloud compliance and risk reviews

• Cloud security posture optimization

• AI/ML pipeline threat analysis

• Vendor cloud and AI risk evaluation

ACCOUNTABILITIES/RESPONSIBILITIES:

Continuously monitor and strengthen the security posture of multi-cloud environments (e.g., AWS, Azure, GCP).
Design, implement, and manage cloud-native security controls including IAM policies, encryption, key management, and centralized logging.
Collaborate with Development and Infrastructure teams to embed security into CI/CD pipelines and cloud-native workflows.
Support cloud incident response process.
Create and maintain comprehensive documentation of cloud security architectures, operational procedures, and configuration
Provide cybersecurity advisory support to development and infrastructure teams, promoting secure-by-design principles across cloud platform.
Conduct threat modeling and risk assessments for AI/ML systems, covering models, datasets, APIs, and associated infrastructure.
Design and implement protections against AI-specific threats such as adversarial attacks, model extraction, and data poisoning.
Ensure secure collection, handling, storage and governance of training and inference data in alignment with data security policies.
Partner with AI/ML development teams to integrate security into the model lifecycle, from design through deployment.
Monitor AI model behavior and explainability tools for signs of drift, bias, or tampering.
Become Subject Matter Expert (SME) on platforms and applications for which consultant is assigned to review.
Produce high quality reports and provide leadership and advice to more junior colleagues.
Manage cybersecurity related projects.
Additional duties as requested.

DELIVERABLES AT THE END OF THE CONTRACT:

Documented Secure Cloud Architecture designs and threat models for secure cloud deployments.
Detailed security assessment reports of cloud and AI systems, including risk mitigation recommendations
Detailed design documents for the security architecture of new and existing cloud and ai functionalities, ensuring robust protection measures are in place.
Well-researched proposals for technologies and strategies to improve the organization’s cloud and AI cybersecurity posture.
Updated security standards, procedures, and guidelines to raise the corporate security maturity level, including baseline and hardening reviews.
Repeatable, high-level methodologies to set expectations to the business of what cyber security requirements must be addressed related to application and solution development.
High-quality reports on cybersecurity challenges, solutions, and advisory services provided to Country Offices and Regional Bureaus, including records of decisions taken and assessments performed.

QUALIFICATIONS & EXPERIENCE REQUIRED:

Education:

Degree in the field of Computer Science/Engineering or related STEM disciplines or equivalent working experience

Experience:

At least 6 years of relevant work experience

Knowledge & Skills:

Solid IT Security skills, with both academic background and professional experience
Experience with cloud-native security tools (e.g., AWS Security Hub, Azure Defender, GCP Security Command Center)
Familiarity with AI/ML frameworks and their security implications
Managed stakeholder relationships, aligning cybersecurity risk strategies with business objectives
Understand cybersecurity risk concepts to assess threats, vulnerabilities, and mitigation strategies.
Good project management skills
Experience in multinational organizations
Desirable: IT Security and IT Audit certifications
Desirable: CCSP, AWS Certified Security – Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer.
Desirable: ISO 27001 Lead Implementer/Auditor, or equivalent.
Desirable: AI-specific credentials (e.g., NIST AI RMF, MIT AI Ethics and Safety).

Languages:

Fluency in oral and written English is mandatory with an intermediate knowledge of another official UN language (Arabic, Chinese, French, Russian and Spanish) or Portuguese (one of WFP’s working languages) is desirable.

Level of Education: Bachelor Degree

Work Hours: 8

Experience in Months: No requirements