Cybersecurity Advisory And Protection Officer

World Food Programme

JOB PURPOSE

To lead and oversee strategic cybersecurity initiatives at WFP, providing expert guidance to protect mission-critical operations in a rapidly evolving digital landscape. As both a subject matter expert and driver of key activities within the Cybersecurity Advisory and Protection Services team, the incumbent will deliver consulting services across cybersecurity standards, architecture, data protection, cloud and AI security, and more supporting WFP s global operations through enhanced resilience, awareness, and assurance.

KEY ACCOUNTABILITIES

• Provide expertise in the daily operations of Cybersecurity Advisory and Protection Services team, ensuring effective security measures and alignment with organizational needs. Deliver detailed reporting on critical activities, incidents, and progress to the Chief Information Security Officer (CISO).
• Act as a liaison between cybersecurity functions, technical branches, and business units, offering expert-level guidance to integrate cybersecurity into organizational processes and strategic initiatives.
• Provide expert support and advisory services to County Offices and Regional Bureaus to address cybersecurity challenges and maintain compliance with corporate security standards.
• Lead comprehensive reviews of proposed network architectures, IT solution configurations, and system integrations to identify and mitigate potential security risks, ensuring adherence to risk management best practices and policies.
• Develop, implement, and maintain cybersecurity standards, frameworks, policies, and guidelines to elevate the organizations overall security maturity, with particular focus on emerging technologies such as cloud services and IoT environments.
• Oversee the end-to-end lifecycle of cybersecurity policies, including their drafting, stakeholder approvals, corporate dissemination, implementation, adoption monitoring, and enforcement mechanisms.
• Represent Information Security branch (TECI) in all interactions with the Office of Inspector General (OIG), ensuring compliance and proactive engagement in audit and investigation activities.
• Manage the Third-Party Cybersecurity Assessment Program to evaluate and mitigate supply chain risks, ensuring vendor compliance with organizational security requirements and standards.
• Partner with organizational leadership and other teams to identify current and emerging security risks, design robust security strategies, and implement solutions to reduce exposure and enhance resilience.
• Build and sustain effective relationships with key stakeholders, including Legal, Compliance, Risk Management, the Global Privacy Office, and other oversight functions, to conduct joint reviews, ensure audit readiness, and address policy violations.
• Provide expertise in cybersecurity awareness and training activities to promote a culture of security.
• Lead consulting engagements across organizational units and UN-affiliated entities, providing expertise in cybersecurity and data protection to drive successful execution of projects.
• Defend the organization by building and implementing security processes and procedures to protect and respond to organizational risks that relate to cybersecurity.
• Perform other duties as required.

QUALIFICATIONS AND EXPERIENCE

Education:

• University degree (Bachelor or equivalent) in Information Security, Computer Science, Information Technology, or related field.
• At least one professional certification (CISSP, CISM, CISA, or OSCP) in the field of information security is required.

Experience:

• At least 8 years of progressively responsible work experience in information security, including advisory or consulting roles, policy development and working with internal audit or investigations unit. Previous work experience in or with international organizations or UN agencies is highly desirable.

Language:

• Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or Portuguese (a WFP working language).

MORE ABOUT YOU

You have:

• Sound IT Security skills, with both academic background and practical hands-on experience
• Deep understanding of industry standards and frameworks such as NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CIS Controls, and other relevant compliance standards and regulations.
• Solid IT SDLC expertise.
• Experience in working with Cloud and Network security
• Good project management skills.
• Ability to effectively manage multicultural teams, coaching and mentoring and managing the performance of employees.
• Ability to effectively engage and present technical concepts to leadership and business, and act as a bridge between IT, business and oversight bodies
• Proven experience in risk assessment, threat modelling, and mitigation.