Cybersecurity Governance, Risk and Compliance

Overview
Cybersecurity Governance, Risk and Compliance GRC Officer P-3 — Rome, Italy
Deadline for applications: 3 September :59-GMT+01:00 Central European Time (Rome)
WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.
ABOUT WFP
The World Food Programme is the world's largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.
At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.
To learn more about WFP, visit our website: and follow us on social media to keep up with our latest news: YouTube, LinkedIn, Instagram, Facebook, Twitter, TikTok.
WHY JOIN WFP?
WFP is a 2020 Nobel Peace Prize Laureate.
WFP offers an inclusive, diverse, and multicultural working environment.
WFP invests in the personal and professional development of its employees through training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.
A career path in WFP provides an exciting opportunity to work across country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.
We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).
ORGANIZATIONAL CONTEXT
The position is based in HQ, Rome and reports to the Chief Information Security Officer CISO as part of the broader Technology Division.
The information security landscape is rapidly evolving, making cybersecurity a top priority for WFP. With a global presence and a decentralized decision making structure, WFP is committed to fostering proactive IT operations to minimize risk exposure, detect and respond to advanced threats, ensure ongoing compliance, and optimize security operations costs.
The incumbent will provide Subject Matter Expert SME expertise in cybersecurity, offering specialized knowledge and support to ensure the effective delivery of cybersecurity strategy and governance. The role will contribute to the implementation of enterprise wide cybersecurity frameworks, ensuring alignment with WFP s business objectives, compliance obligations, and industry best practices.
THE ROLE
The incumbent's role is to contribute to the development and lead the implementation, and oversight of the organization cybersecurity strategy and governance framework. This role oversees alignment with business objectives, regulatory requirements, and industry best practices while fostering a culture of security awareness and accountability across the organization.
KEY ACCOUNTABILITIES
(not all inclusive, within delegated authority):
Contribute to the development and lead the implementation of the WFP's cybersecurity strategy to address current and emerging threats.
Coordinate the alignment of the cybersecurity strategy with organizational priorities, operational requirements and WFP's risk appetite, to support risk informed decision making and enable operational continuity.
Develop and maintain cybersecurity roadmaps, including objectives, milestones and performance indicators for cybersecurity initiatives to guide the execution of strategic initiatives and track progress.
Establish and maintain a robust cybersecurity governance framework to ensure effective oversight, accountability, and decision making across the organization.
Develop, review, and support the implementation of cybersecurity policies, standards, and guidelines.
Ensure cybersecurity activities and controls align with relevant standards and regulations (eg NIST CSF, ISO 27001, GDPR) to meet compliance obligations and industry standards.
Provide timely and relevant reporting on cybersecurity posture, risks, and compliance status to senior management and other stakeholders to enable informed decisions and maintain organizational transparency.
Identify, assess, and coordinate the remediation of cybersecurity risks to reduce vulnerabilities and strengthen WFP's overall security maturity. Liaise with internal and external auditors on cybersecurity related matters to address compliance issues.
Collaborate with cross functional teams to integrate cybersecurity into business processes and initiatives.
Monitor, track, and report on cybersecurity performance and risk metrics to measure effectiveness, support accountability, and inform strategic adjustments.
Conduct regular cybersecurity capability and maturity assessments to identify gaps and opportunities for improvement.
Other as required.
QUALIFICATIONS AND EXPERIENCE
EDUCATION
First University Degree in cybersecurity, information technology, or a related field.
Certifications such as CISSP, CISM, CRISC, or similar.
EXPERIENCE
5 years or more of progressively responsible postgraduate professional experience in cybersecurity, governance, or risk management.
LANGUAGE
Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or Portuguese (a WFP working language).
MORE ABOUT YOU
In-depth knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, COBIT).
Strong understanding of risk management principles and regulatory compliance requirements.
Proven experience in developing and implementing enterprise wide cybersecurity strategies.
Strategic thinking and the ability to align cybersecurity with business objectives.
Strong leadership and communication skills to engage with both technical teams and executive stakeholders.
Analytical mindset with the ability to assess and prioritize complex risks.
Expertise in cybersecurity governance, risk management, and compliance methodologies.
Very good understanding of cybersecurity threat landscape
Very good understanding of cybersecurity preventive and detective controls needed to address threats.
Advanced University degree in cybersecurity, information technology, or a related field is desirable.
TERMS AND CONDITIONS
This is an International Professional position and is open to all nationalities.
Mobility is and continues to be a core contractual requirement in WFP. This position is however classified as non-rotational which means the incumbent shall not be subject to the regular reassignment process unless the position is reclassified as rotational. The selected candidate will be employed on a fixed-term contract with a probationary period of one year. This position is open to both internal and external candidates.
WFP offers an attractive compensation and benefits package in line with ICSC standards including basic salary, post adjustment, relocation entitlement, visa, travel and shipment allowances, 30 days' annual leave, home leave, an education grant for dependent children, a pension plan, and medical insurance.
The selected candidate will be required to relocate to Rome, Italy to take up this assignment.
Please note that internally, this position will be referred to as Cybersecurity Governance and Strategy Lead, P3
Seniority level
Mid-Senior level
Employment type
Contract
Job function
Engineering and Information Technology
Industries
Non-profit Organizations and International Affairs
#J-18808-Ljbffr