JOB DESCRIPTION

 

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:

Under the general supervision of the Chief Information Security Officer and supervision of the Head of Cybersecurity Advisory Services, the incumbent will conduct consulting activities to the business, including, but not limited to:

• Authorization to Operate and security compliance

• Application security

• Network security

• Security architecture

• Third Party Risk Management

• Securing beneficiary management systems

• Azure and Active Directory security

• Identity and access management

ACCOUNTABILITIES/RESPONSIBILITIES:

Conduct comprehensive risk assessments and manage the Authorization to Operate (ATO) process for IT systems, ensuring that all security controls are effectively implemented and maintained to meet organizational and regulatory requirements.
Design and oversee the security architecture for new and existing applications, ensuring robust protection measures are in place to safeguard sensitive data and maintain compliance with organizational policies and industry standards.
Lead the design, implementation and maintenance of cybersecurity procedures and services, aimed at protecting IT systems and sensitive data.
Produce proposals around technologies to improve the cybersecurity posture of the organization, with sound research to ensure these produce value.
Propose and maintain new security standards, procedures and guidelines to help raise the current security maturity level of the organization. In close collaboration with the Architecture branch, perform regular baseline and hardening reviews of WFP security solutions and technologies.
Provide expert support and advisory services to County Offices and Regional Bureaus to address cybersecurity challenges and maintain compliance with organizational security standards.
Conduct third-party risk assessments, ensuring cybersecurity compliance and effective risk management. Provide guidance to IT solution owners across the organization to:

– Properly design the needed measures to ensure the cybersecurity of the solution.

– Protect data as appropriate for their classification.

– Understand and propose secure software development lifecycle (SDLC) principles.

– Ensure the compliance with Enterprise Architecture and security guidelines.

Advise the organization on other risk and data classification concerns.
Consistently find opportunities to innovate, extend and enhance service delivery wherever possible.
Maintain a record of decisions taken and assessments performed, in cooperation with other members of the Advisory team.
Identify and execute improvements to existing processes, through solutions to address recurring problems and enhancements to existing solutions or documentation.
Become Subject Matter Expert (SME) on platforms and applications for which consultant is assigned to review.
Produce high quality reports.
Provide leadership and advice to more junior colleagues.
Manage cybersecurity related projects.
Additional duties as requested.

DELIVERABLES AT THE END OF THE CONTRACT:

Comprehensive reports detailing the risk assessments conducted for IT systems, including identified risks, mitigation measures, and residual risks.
Complete documentation for the Authorization to Operate (ATO) process, including security controls, compliance status, and any necessary remediation actions.
Detailed design documents for the security architecture of new and existing applications, ensuring robust protection measures are in place.
Well-researched proposals for technologies and strategies to improve the organization’s cybersecurity posture.
Updated security standards, procedures, and guidelines to raise the corporate security maturity level, including baseline and hardening reviews.
Repeatable, high-level methodologies to set expectations to the business of what cyber security requirements must be addressed related to software development.
High-quality reports on cybersecurity challenges, solutions, and advisory services provided to Country Offices and Regional Bureaus, including records of decisions taken and assessments performed.

QUALIFICATIONS & EXPERIENCE REQUIRED:

Education:

Degree in the field of Computer Science/Engineering or related STEM disciplines or equivalent working experience

Experience:

At least 6 years of relevant work experience

Knowledge & Skills:

Solid IT Security skills, with both academic background and professional experience
Solid IT SDLC expertise
Solid network experience
Understanding of IT architecture and design concepts.
Managed stakeholder relationships, aligning cybersecurity risk strategies with business objectives
Understand cybersecurity risk concepts to assess threats, vulnerabilities, and mitigation strategies.
Good project management skills
Experience in multinational organizations
Desirable: IT Security and IT Audit certifications
Desirable: Security architecture in the cloud.
Desirable: experience in ISO, NIST, HIPAA or PCI compliance process

Languages:

Fluency in oral and written English is mandatory with an intermediate knowledge of another official UN language (Arabic, Chinese, French, Russian and Spanish) or Portuguese (one of WFP’s working languages) is desirable.

Level of Education: Bachelor Degree

Work Hours: 8

Experience in Months: No requirements