Cybersecurity Consultant - Policy and Data Protection

DEADLINE FOR APPLICATIONS

WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.

ABOUT WFP

The World Food Programme is the world’s largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.

At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.

To learn more about WFP, visit our website: https://www.wfp.org and follow us on social media to keep up with our latest news: YouTube, LinkedIn, Instagram, Facebook, Twitter, TikTok.

WHY JOIN WFP? 

• WFP is a 2020 Nobel Peace Prize Laureate.

• WFP offers a highly inclusive, diverse, and multicultural working environment.

• WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.

• A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.

• We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).

JOB TITLE: Cybersecurity Specialist - Policy and Data Protection
TYPE OF CONTRACT: Regular CST – Level 2
UNIT/DIVISION: TECI (Cybersecurity Branch)
DUTY STATION (City, Country): Remote
DURATION: NTE 31.12.2026

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:
Under the general supervision of the Chief Information Security Officer and direct supervision of the Head of Cyber Advisory Services, the consultant will lead efforts in safeguarding sensitive data, ensuring compliance with privacy requirements, developing a secure data management environment and protecting organizational data from unauthorized access or breaches.

ACCOUNTABILITIES/RESPONSIBILITIES:
The consultant will be responsible for the following tasks:
•Develop, Implement, and Oversee relevant Cybersecurity Policies and Governance Framework:
oDesign, implement and maintain a comprehensive data protection framework aligned with regulations and guidance provided by Global Privacy Office (GPO)
oDraft and review cybersecurity policies, standards, and procedures related to data security and data loss protection (DLP) to ensure secure processing, storage, and transmission of sensitive information that align with organizational objectives and reflect new threats and latest regulatory and industry standards, and technology advancements.
oEstablish a framework for continuous improvement in data security and data protection governance, DLP model, data risk management and policy adherence.
oManage data discovery and classification processes to ensure proper handling and security measures are applied to various data types, based on their sensitivity labels.
oConduct and participate in regular tabletop exercises to test the effectiveness of cybersecurity policies and SOP, identify gaps, enhance policy understanding and related process implementation, and improve response coordination.
oBe the primary liaison between the Cybersecurity branch and the Global Privacy Office (GPO), ensuring data protection requirements are appropriately implemented through cybersecurity technical and administrative controls.
•Information Security Management
oGuide the organization on data classification, data security and data loss protection.
oConduct review, analysis and implementation of different technology solutions, wherever and whenever applicable, for addressing and remediating various cybersecurity risks.
oImplement and oversee security protocols to safeguard data from breaches, unauthorized access, or other vulnerabilities.

oMonitor and advise on data encryption methods, user access review for different data sharing methods and other cybersecurity measures.
oCoordinate cybersecurity responses to third-party breaches impacting the organization, facilitating cross-divisional collaboration to evaluate and mitigate associated risks.
oEngage in any official activity on behalf of TEC that relates to personal and sensitive data disclosure.
oThoroughly review legal agreements, partnerships, contracts, and related documentation, identifying potential risks related to data sharing and cybersecurity.
•Collaborate with GPO and SOC team to establish incident response protocols to address data breaches and security incidents.
•Perform risk assessments of solutions presented to the TEC division for review, applying WFP policies, recognised frameworks and best practices.
•Coordinate responses for all audits and evaluations that have a cybersecurity component, organizing specific tasks for various focal points across TEC and collating responses to satisfactorily address all findings and recommendations.
•Identify and mitigate risks associated with data processing and ensure compliance with global standards like ISO 27001 or NIST.
•Collaborate with Training and Awareness team to develop and deliver programs on data protection and security best practices for employees and stakeholders.
•Produce feedback and responses to assessments performed by other bodies relating
to WFP’s cybersecurity position and programme.
•Collaborate across WFP divisions to analyse the security posture of third parties.
•Perform other related duties as assigned.

DELIVERABLES AT THE END OF THE CONTRACT:
•Contracts and agreements reviewed for data sharing and cybersecurity risks.
•Cybersecurity related policies, standards and procedures continuously updated and disseminated, reflecting emerging threats and regulatory changes.
•Elevation of cybersecurity risk management and third-party security posture.
•Coordinated responses to audits, evaluations, breaches, and assessments.
•Data classification and data security management procedures and processes established.
•Incident response protocols for data breaches established and overseen.
•Review of risks associated with data processing and remediation plan in place.

QUALIFICATIONS & EXPERIENCE REQUIRED:
Education:
University Degree in Computer Science, Information Technology, Data Protection, Law, or other related field.
Experience:
•7-10 years of experience in either Data Protection, Data Security and Governance or Data Leakage Prevention.
•Ability to work autonomously with minimal supervision, manage multiple tasks, as well as to cooperate with different teams.
•Good understanding of data security and applying relevant security controls and protocols
•Experience with cybersecurity audits and assessments is an asset.
•Experience in data leakage or data breaches response is an asset.

Knowledge & Skills:
•General knowledge of WFP Business Process Areas or baseline IT Security knowledge is desirable.
•Ability to evaluate agreements, contracts, policies and frameworks related to data sharing, data protection and cybersecurity.
•Knowledge of cybersecurity frameworks and regulations (e.g., GDPR, NIST, ISO, COBIT) and their practical application in day-to-day work.
Languages:
Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language desirable: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.

WFP LEADERSHIP FRAMEWORK

WFP Leadership Framework guides to the common standards of behavior that guide HOW we work together to accomplish our mission.

Click here to access WFP Leadership Framework

REASONABLE ACCOMMODATION

WFP is committed to supporting individuals with disabilities by providing reasonable accommodations throughout the recruitment process. If you require a reasonable accommodation, please contact:  global.inclusion@wfp.org

NO FEE DISCLAIMER

The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.

REMINDERS BEFORE YOU SUBMIT YOUR APPLICATION

• All applications must be submitted exclusively through our online recruiting system. We do not consider CVs or applications sent by email, LinkedIn, or any other channel.

• We strongly recommend that your Workday profile is accurate and complete, and that all sections are filled in, including your employment history, academic qualifications, language skills, and UN grade (if applicable). Once your profile is completed, please apply, and submit your application.

• If you experience technical issues while submitting your application, you may contact us at global.hrerecruitment@wfp.org. Please note that this email is only for technical issues with an application - unsolicited applications or documents sent to this inbox will not receive a reply.

• At the application stage, the only required documents are your CV and Cover Letter. Additional documents (passport, certificates, recommendation letters, etc.) may be requested later in the process.

• Only shortlisted candidates will be contacted and invited to proceed to the next stage of the recruitment process.

All employment decisions are made on the basis of organizational needs, job requirements, merit, and individual qualifications. WFP is committed to providing an inclusive work environment free of sexual exploitation and abuse, all forms of discrimination, any kind of harassment, sexual harassment, and abuse of authority. Therefore, all selected candidates will undergo rigorous reference and background checks.

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.