Senior Cybersecurity Specialist – Vulnerability Management

DEADLINE FOR APPLICATIONS

WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.

ABOUT WFP

The World Food Programme is the world’s largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.

At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.

To learn more about WFP, visit our website: https://www.wfp.org and follow us on social media to keep up with our latest news: YouTube, LinkedIn, Instagram, Facebook, Twitter, TikTok.

WHY JOIN WFP? 

• WFP is a 2020 Nobel Peace Prize Laureate.

• WFP offers a highly inclusive, diverse, and multicultural working environment.

• WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.

• A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.

• We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).

JOB TITLE: Senior Cybersecurity Specialist – Vulnerability Management

TYPE OF CONTRACT: Regular Consultant (CST2)

UNIT/DIVISION: Technology Division, Information Security

DUTY STATION (City, Country): Remote Work

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:

Under the general supervision of the Chief TECI and the direct supervision of the Head of Cybersecurity Operations, the incumbent will be part of a team supporting the evolution of WFP’s vulnerability and exposure management capabilities toward a more risk-driven and exposure-focused approach. In an environment where vulnerabilities are identified and exploited at increasing speed, the role will focus on prioritizing risk based on exploitability, business impact, and actual exposure rather than relying solely on severity-based models.

The incumbent will act as a central coordination and analytical function, responsible for identifying, contextualizing, and prioritizing vulnerabilities across WFP’s digital environments. The role will drive and influence remediation outcomes through structured orchestration, risk-based articulation and prioritization, and stakeholder engagement. A key aspect of the assignment will be strengthening visibility across the organization’s attack surface to support timely decision-making and measurable reduction of cyber risk exposure.

ACCOUNTABILITIES/RESPONSIBILITIES:

Main responsibilities include, but are not limited to:

• Drive continuous asset discovery and visibility across cloud, on-premise, SaaS, supply-chain, and emerging environments, strengthening the vulnerability management program toward a continuous, intelligence-driven threat exposure management model.
• Conduct and validate vulnerability assessments using multiple tools and intelligence sources, ensuring findings reflect actual exposure and relevant attack paths.
• Prioritize vulnerabilities based on real-world risk factors, including exploitability, exposure, business criticality, and attack path relevance, integrating external intelligence such as known exploited vulnerabilities, proof-of-concepts, and indicators of active exploitation to strengthen prioritization decisions beyond traditional approaches.
• Act as the central coordination point for vulnerability remediation, ensuring clear tasking, tracking progress, enforcing SLAs, and escalating high-risk or delayed items.
• Drive the practical adoption of AI‑enabled capabilities within vulnerability and exposure management processes, identifying and developing use cases that enhance risk prioritization, analysis, and automation, while ensuring appropriate governance and human oversight.
• Recommend compensating controls where remediation is constrained, while analysing vulnerability trends to identify systemic weaknesses and drive improvements.
• Support integration of vulnerability data into dashboards, reporting, and ticketing platforms, ensuring clear visibility of exposure and remediation performance.
• Manage and track vulnerability findings through tickets and alerts, and collaborate with internal teams and partners to improve processes, tooling, and data integration.
• Contribute to awareness initiatives and knowledge sharing related to vulnerability risks and secure practices across technology teams.
• Perform other cybersecurity-related duties as assigned.

QUALIFICATIONS & EXPERIENCE REQUIRED:

Education:

University Degree in Information Technology, Information Systems, Cybersecurity, or related domains or a combination of relevant experience and education.

Experience:

• At least 6-8 years of experience in vulnerability management, cybersecurity operations, threat management, or related areas. Experience working with cloud platforms, threat exposure management, or environments characterized by rapidly evolving vulnerabilities and exploit scenarios is highly desirable.

Knowledge & Skills:

• Strong understanding of vulnerability management and exposure management concepts, tools, platforms, and processes.
• Understanding of cloud environments, networking, and system architectures.
• Awareness of exploitability concepts, threat intelligence, and modern risk prioritization approaches.
• Understanding of emerging risks, including those associated with AI-driven systems and software supply chains, is an asset.
• Strong analytical and communication skills, with the ability to interpret complex data, translate it into actionable insights, and effectively manage and communicate risk across multiple stakeholders.
• Certifications such as CISSP, CISM, CRISC, GIAC, or OSCP are advantageous.

Languages:

Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language desirable: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.

WFP LEADERSHIP FRAMEWORK

WFP Leadership Framework guides to the common standards of behavior that guide HOW we work together to accomplish our mission.

Click here to access WFP Leadership Framework

REASONABLE ACCOMMODATION

WFP is committed to supporting individuals with disabilities by providing reasonable accommodations throughout the recruitment process. If you require a reasonable accommodation, please contact:  global.inclusion@wfp.org

NO FEE DISCLAIMER

The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.

REMINDERS BEFORE YOU SUBMIT YOUR APPLICATION

• All applications must be submitted exclusively through our online recruiting system. We do not consider CVs or applications sent by email, LinkedIn, or any other channel.

• We strongly recommend that your Workday profile is accurate and complete, and that all sections are filled in, including your employment history, academic qualifications, language skills, and UN grade (if applicable). Once your profile is completed, please apply, and submit your application.

• If you experience technical issues while submitting your application, you may contact us at global.hrerecruitment@wfp.org. Please note that this email is only for technical issues with an application - unsolicited applications or documents sent to this inbox will not receive a reply.

• At the application stage, the only required documents are your CV and Cover Letter. Additional documents (passport, certificates, recommendation letters, etc.) may be requested later in the process.

• Only shortlisted candidates will be contacted and invited to proceed to the next stage of the recruitment process.

All employment decisions are made on the basis of organizational needs, job requirements, merit, and individual qualifications. WFP is committed to providing an inclusive work environment free of sexual exploitation and abuse, all forms of discrimination, any kind of harassment, sexual harassment, and abuse of authority. Therefore, all selected candidates will undergo rigorous reference and background checks.

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.