Cybersecurity Governance, Risk and Compliance (GRC) Officer P-3 - Rome, Italy

DEADLINE FOR APPLICATIONS3 September 2025-23:59-GMT+01:00 Central European Time (Rome)

WFP celebrates and embraces diversity. It is committed to the principle of equal employment opportunity for all its employees and encourages qualified candidates to apply irrespective of race, colour, national origin, ethnic or social background, genetic information, gender, gender identity and/or expression, sexual orientation, religion or belief, HIV status or disability.

ABOUT WFP

The World Food Programme is the world’s largest humanitarian organization saving lives in emergencies and using food assistance to build a pathway to peace, stability and prosperity, for people recovering from conflict, disasters and the impact of climate change.

At WFP, people are at the heart of everything we do and the vision of the future WFP workforce is one of diverse, committed, skilled, and high performing teams, selected on merit, operating in a healthy and inclusive work environment, living WFP's values (Integrity, Collaboration, Commitment, Humanity, and Inclusion) and working with partners to save and change the lives of those WFP serves.

To learn more about WFP, visit our website: https://www.wfp.org and follow us on social media to keep up with our latest news: YouTube, LinkedIn, Instagram, Facebook, Twitter, TikTok.

WHY JOIN WFP?

• WFP is a 2020 Nobel Peace Prize Laureate.

• WFP offers a highly inclusive, diverse, and multicultural working environment.

• WFP invests in the personal & professional development of its employees through a range of training, accreditation, coaching, mentorship, and other programs as well as through internal mobility opportunities.

• A career path in WFP provides an exciting opportunity to work across the various country, regional and global offices around the world, and with passionate colleagues who work tirelessly to ensure that effective humanitarian assistance reaches millions of people across the globe.

• We offer an attractive compensation package (please refer to the Terms and Conditions section of this vacancy announcement).

  ORGANIZATIONAL CONTEXT

  The position is based in HQ, Rome and reports to the Chief Information Security Officer (CISO) as part of the broader Technology Division.

  The information security landscape is rapidly evolving, making cybersecurity a top priority for WFP. With a global presence and a decentralized decision-making structure, WFP is committed to fostering proactive IT operations to minimize risk exposure, detect and respond to advanced threats, ensure ongoing compliance, and optimize security operations costs.

  The incumbent will provide Subject Matter Expert (SME) expertise in cybersecurity, offering specialized knowledge and support to ensure the effective delivery of cybersecurity strategy and governance. The role will contribute to the implementation of enterprise-wide cybersecurity frameworks, ensuring alignment with WFP’s business objectives, compliance obligations, and industry best practices.

  THE ROLE

  The incumbent's role is to contribute to the development and lead the implementation, and oversight of the organization cybersecurity strategy and governance framework. This role oversees alignment with business objectives, regulatory requirements, and industry best practices while fostering a culture of security awareness and accountability across the organization.

  KEY ACCOUNTABILITIES (not all-inclusive, within delegated authority):

  • Contribute to the development and lead the implementation of the WFP’s cybersecurity strategy to address current and emerging threats.
  • coordinate the alignment of the cybersecurity strategy with organizational priorities, operational requirements and WFP’s risk appetite, to support risk-informed decision-making and enable operational continuity.
  • Develop and maintain cybersecurity roadmaps, including objectives, milestones and performance indicators for cybersecurity initiatives to guide the execution of strategic initiatives and track progress.
  • Establish and maintain a robust cybersecurity governance framework to ensure effective oversight, accountability, and decision-making across the organization.
  • Develop, review, and support the implementation of cybersecurity policies, standards, and guidelines.
  • Ensure cybersecurity activities and controls align with relevant standards and regulations (e.g., NIST CSF, ISO 27001, GDPR to meet compliance obligations and industry standards.
  • Provide timely and relevant reporting on cybersecurity posture, risks, and compliance status to senior management and other stakeholders to enable informed decisions and maintain organizational transparency.
  • Identify, assess, and coordinate the remediation of cybersecurity risks to reduce vulnerabilities and strengthen WFP’s overall security maturity. Liaise with internal and external auditors on cybersecurity-related matters to address compliance issues.
  • Collaborate with cross-functional teams to integrate cybersecurity into business processes and initiatives.
  • Monitor, track, and report on cybersecurity performance and risk metrics to measure effectiveness, support accountability, and inform strategic adjustments.
  • Conduct regular cybersecurity capability and maturity assessments to identify gaps and opportunities for improvement.
  • Other as required.

    QUALIFICATIONS AND EXPERIENCE

    EDUCATION:

    📚 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿 𝗛𝗼𝘄 𝘁𝗼 𝗚𝗲𝘁 𝗮 𝗝𝗼𝗯 𝗶𝗻 𝘁𝗵𝗲 𝗨𝗡 𝗶𝗻 𝟮𝟬𝟮𝟯! 🌍🤝 𝗥𝗲𝗮𝗱 𝗼𝘂𝗿 𝗡𝗘𝗪 𝗥𝗲𝗰𝗿𝘂𝗶𝘁𝗺𝗲𝗻𝘁 𝗚𝘂𝗶𝗱𝗲 𝘁𝗼 𝘁𝗵𝗲 𝗨𝗡 𝟮𝟬𝟮𝟯 𝘄𝗶𝘁𝗵 𝘁𝗲𝘀𝘁 𝘀𝗮𝗺𝗽𝗹𝗲𝘀 𝗳𝗼𝗿 𝗨𝗡𝗛𝗖𝗥, 𝗪𝗙𝗣, 𝗨𝗡𝗜𝗖𝗘𝗙, 𝗨𝗡𝗗𝗦𝗦, 𝗨𝗡𝗙𝗣𝗔, 𝗜𝗢𝗠 𝗮𝗻𝗱 𝗼𝘁𝗵𝗲𝗿𝘀! 🌐

    ⚠️ 𝐂𝐡𝐚𝐧𝐠𝐞 𝐘𝐨𝐮𝐫 𝐋𝐢𝐟𝐞 𝐍𝐨𝐰: 𝐏𝐨𝐰𝐞𝐫𝐟𝐮𝐥 𝐓𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬 𝐡𝐨𝐰 𝐭𝐨 𝐠𝐞𝐭 𝐚 𝐣𝐨𝐛 𝐢𝐧 𝐭𝐡𝐞 𝐔𝐧𝐢𝐭𝐞𝐝 𝐍𝐚𝐭𝐢𝐨𝐧𝐬 𝐍𝐎𝐖!

    • First University Degree in cybersecurity, information technology, or a related field.
    • Certifications such as CISSP, CISM, CRISC, or similar.

      EXPERIENCE:

      • 5 years or more of progressively responsible postgraduate professional experience in cybersecurity, governance, or risk management.

        LANGUAGE:

        • Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or Portuguese (a WFP working language).

          
          MORE ABOUT YOU:

          • In-depth knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, COBIT).
          • Strong understanding of risk management principles and regulatory compliance requirements.
          • Proven experience in developing and implementing enterprise-wide cybersecurity strategies.
          • Strategic thinking and the ability to align cybersecurity with business objectives.
          • Strong leadership and communication skills to engage with both technical teams and executive stakeholders.
          • Analytical mindset with the ability to assess and prioritize complex risks.
          • Expertise in cybersecurity governance, risk management, and compliance methodologies.
          • Very good understanding of cybersecurity threat landscape
          • Very good understanding of cybersecurity preventive and detective controls needed to address threats.
          • Advanced University degree in cybersecurity, information technology, or a related field is desirable.

            TERMS AND CONDITIONS

            • This is an International Professional position and is open to all nationalities.
            • Mobility is and continues to be a core contractual requirement in WFP. This position is however classified as “non-rotational” which means the incumbent shall not be subject to the regular reassignment process unless the position is reclassified as rotational. The selected candidate will be employed on a fixed-term contract with a probationary period of one year. This position is open to both internal and external candidates.
            • WFP offers an attractive compensation and benefits package in line with ICSC standards (http://icsc.un.org) including basic salary, post adjustment, relocation entitlement, visa, travel and shipment allowances, 30 days’ annual leave, home leave, an education grant for dependent children, a pension plan, and medical insurance.
            • The selected candidate will be required to relocate to Rome, Italy to take up this assignment.
            • Please note that internally, this position will be referred to as \"Cybersecurity Governance and Strategy Lead, P3\"

              WFP LEADERSHIP FRAMEWORK

              WFP Leadership Framework guides to the common standards of behavior that guide HOW we work together to accomplish our mission.

              Click here to access WFP Leadership Framework

              REASONABLE ACCOMMODATION

              WFP is committed to supporting individuals with disabilities by providing reasonable accommodations throughout the recruitment process. If you require a reasonable accommodation, please contact: global.inclusion@wfp.org

              NO FEE DISCLAIMER

              The United Nations does not charge any application, processing, training, interviewing, testing or other fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it. Furthermore, please note that emblems, logos, names and addresses are easily copied and reproduced. Therefore, you are advised to apply particular care when submitting personal information on the web.

              REMINDERS BEFORE YOU SUBMIT YOUR APPLICATION

              • We strongly recommend that your profile is accurate, complete, and includes your employment records, academic qualifications, language skills and UN Grade (if applicable).