Cybersecurity has become a key priority at WFP, focusing on protecting not just the data of our organization, but that of our beneficiaries. To be successful at protecting our digital assets, we also must have a robust cybersecurity operations team to handle the continuous ongoings to be proactive about identifying our weaknesses and responding to incidents. In support of related activities, we are looking for an international and talented Head of Unit for Cybersecurity Operations hired as a P4 in Rome, Italy that will be in charge of the day-to-day goings on for operational activities related to cybersecurity and will supervise and develop the specialists in her/his Unit.
- Assess and analyze cyber threats, risks, and vulnerabilities to design and implement preventative and reactive IT Security Solutions, and to adapt cybersecurity procedures, SOPs, and policies.
- Work with the leaders in the organization to identify current and/or potential security risks and develop, implement, drive and optimize security solutions, methodologies and/or practices.
- Serve as an advisor in the development, implementation, and maintenance of a robust information privacy and security program and infrastructure including network access and monitoring policies.
- Collaborate with legal, compliance, risk management, and oversight functions, to conduct reviews and audits, recommend policies and procedures, monitor status, and report violations to appropriate management.
- Develop robust vulnerability management practices for reporting and validation, while working with resource owners in support of remediation activities and working to establish operative governance practices.
- Evaluate all requests for change for cybersecurity concerns as a part of the Change Management process.
- Function as the Incident Captain on the occasion of a major cyber event, and coordinate internal and external resources for effective investigation, response, containment, eradication, recovery, and other requirements necessary.
- Coordinate, plan and supervise internal resources and service providers.
- Lead, coach and develop your team members
- Perform other duties as required.
STANDARD MINIMUM QUALIFICATIONS
Experience and Knowledge:
- At least eight (8) years of meaningful and progressive experience in Information Security, with strong technical skills, an in-depth knowledge and understanding of network security technology, including strategy, design, and architecture.
- A Certified Information System Security Professional (CISSP) or equivalent certification, such as ISC2, GIAC, and ISACA, from a recognized professional organization in Information Security is required.
- Broad knowledge related to the creation of IT risk management processes, including steps and methods for assessing risk following industry-standard principles, and experience designing fully integrated risk, security and fraud prevention frameworks.
- Comprehensive skills in analyzing the protection needs (i.e., security controls) for corporate information systems and networks, including security design, methods, and techniques.
- Experience in assessing the robustness of systems and solutions, including conducting vulnerability scans and performing system security health checks, recognizing vulnerabilities and recommending opportunities for improvement.
- Experience in handling information security incidents and emotional maturity to understand the impact and sensitivity of IT security incidents.
- Knowledge of data protection and confidentiality management from private or public environments, and familiarity with investigations and computer forensics.
Education: Advanced university degree in Computer Sciences, Information Security, Information Technology, Engineering or other relevant fields, or first university degree with additional years of related work experience or training.
Language: Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.