Cybersecurity Consultant - Policy and Data Protection

at  World Food Programme

DEADLINE FOR APPLICATIONS

8 February 2025-23:59-GMT+01:00 Central European Time (Rome)
WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.

BACKGROUND AND PURPOSE OF THE ASSIGNMENT:

Under the general supervision of the Chief Information Security Officer and direct supervision of the Head of Cyber Advisory Services, the consultant will lead efforts in safeguarding sensitive data, ensuring compliance with privacy requirements, developing a secure data management environment and protecting organizational data from unauthorized access or breaches.

ACCOUNTABILITIES/RESPONSIBILITIES:

The consultant will be responsible for the following tasks:

• Develop, Implement, and Oversee relevant Cybersecurity Policies and Governance Framework:
• Design, implement and maintain a comprehensive data protection framework aligned with regulations and guidance provided by Global Privacy Office (GPO)
• Draft and review cybersecurity policies, standards, and procedures related to data security to ensure the secure processing, storage, and transmission of sensitive information that align with organisational objectives and reflect new threats and latest regulatory and industry standards, and technology advancements.
• Establish a framework for continuous improvement in data security and data protection governance, risk management and policy adherence.
• Manage data classification processes to ensure proper security measures are applied to various data types.
• Conduct and participate in regular tabletop exercises to test the effectiveness of cybersecurity policies and SOP, identify gaps, enhance policy understanding, and improve response coordination.
• Be the primary liaison between the Cybersecurity branch and the Global Privacy Office (GPO), ensuring data protection requirements are appropriately implemented through cybersecurity technical and administrative controls.
• Information Security Management
• Guide the organization on data classification and data security.
• Implement and oversee security protocols to safeguard data form breaches, unauthorized access, or other vulnerabilities.
• Monitor and advise on data encryption methods, access controls and other security measures.
• Coordinate cybersecurity responses to third-party breaches impacting the organization, facilitating cross-divisional collaboration to evaluate and mitigate associated risks.
• Engage in any official activity on behalf of TEC that relates to personal and sensitive data disclosure.
• Thoroughly review legal agreements, partnerships, contracts, and related documentation, identifying potential risks related to data sharing and cybersecurity.
• Collaborated with GPO and SOC team to establish incident response protocols to address data breaches and security incidents.
• Perform risk assessments of solutions presented to the TEC division for review, applying WFP policies, recognised frameworks and best practices.
• Coordinate responses for all audits and evaluations that have a cybersecurity component, organizing specific tasks for various focal points across TEC and collating responses to satisfactorily address all findings and recommendations.
• Identify and mitigate risks associated with data processing and ensure compliance with global standards like ISO 27001 or NIST.
• Collaborate with Training and Awareness team to develop and deliver programs on data protection and security best practices for employees and stakeholders.
• Produce feedback and responses to assessments performed by other bodies relating to WFP’s cybersecurity position and programme.
• Collaborate across WFP divisions to analyse the security posture of third parties.
• Perform other related duties as assigned.