Cybersecurity and Vulnerability Management Specialist

World Food Programme

  • Roma
  • Tempo indeterminato
  • Full time
  • 7 ore fa
BACKGROUND AND PURPOSE OF THE ASSIGNMENT:Under the general supervision of the Chief TECI and the direct supervision of the Head of Cybersecurity Operations, the incumbent will lead efforts to enhance the organization’s threat exposure & vulnerability management practices. This includes coordinating adversarial validation initiatives - such as penetration testing, threat exposure assessments, red/purple teaming - to identify and assess exploitable vulnerabilities in IT infrastructure and systems. The role focuses on validating risks and gaps, prioritizing remediation and controls, and aligning efforts with business priorities.The incumbent will collaborate with teams to integrate validation results into threat exposure and detection processes, while continuously monitoring, reporting, and refining adversarial validation practices to minimize organizational risk by addressing critical vulnerabilities and detection gaps.ACCOUNTABILITIES/RESPONSIBILITIES:Main responsibilities include, but not limited to:
  • Design and coordinate adversarial validation activities such as penetration tests, threat exposure assessments, and red/purple team exercises to identify detection gaps, exploitable weak points and assess their risk impact in real-world scenarios.
  • Validate findings to confirm exploitability, assess risk levels, and guide prioritization of remediation efforts, leveraging team input and expertise and guiding integration into WFP’s threat exposure management program.
  • Collaborate with relevant teams and provide technical direction to ensure timely mitigation of validated vulnerabilities or detection gaps.
  • Develop clear reports and dashboards that highlight key findings, including critical vulnerabilities, attack paths, and remediation progress for stakeholder visibility.
  • Communicate adversarial validation findings, risks, and remediation strategies effectively to senior leadership and stakeholders.
  • Continuously refine validation techniques based on emerging threat intelligence, vulnerabilities, and attack methods to maintain program relevance and effectiveness.
  • Prioritize vulnerabilities based on adversarial validation outcomes, focusing on those posing the highest risk to the organization’s operations, and coordinate team efforts accordingly.
  • Perform other cybersecurity related duties as assigned.
DELIVERABLES AT THE END OF THE CONTRACT:
  • Comprehensive Adversarial Validation Reports: Developed in coordination with a small technical team, including findings, attack paths, categorized vulnerabilities, proof of concept, and real-world risk impact.
  • Prioritized Mitigation Recommendations: Actionable strategies based on business impact and organizational risk, incorporating team-driven insights to address critical gaps and improve security posture.
  • Integrated Workflows & Threat Exposure Alignment: Team-supported automation and structured processes for embedding validation results into vulnerability management and threat intelligence programs.
  • Stakeholder Communication Briefs: Executive-level summaries and presentations reflecting the team’s findings and strategic recommendations, tailored based on different audiences.
  • Refined Validation Methodology: Updated adversarial validation techniques and documentation, developed collaboratively and incorporating lessons learned across the team.
QUALIFICATIONS & EXPERIENCE REQUIRED:Education:
  • University Degree in Information Technology, Information Systems, Cybersecurity, or related fields or a combination of relevant education and experience.
Experience:
  • At least 5 years of experience in cybersecurity, with focus on vulnerability management and threat exposure management.
Knowledge & Skills:
  • Sound IT Security skills, with both academic background and practical hands-on experience
  • In-depth understanding of vulnerability management frameworks, processes, and best practices.
  • Experience with vulnerability scanning processes, tools and remediation workflows.
  • Familiarity with security concepts such as threat modeling, asset classification, and risk-based decision-making.
  • Experience with penetration testing, and adversarial emulation activities that aid in identifying potential attack vectors and their impact.
  • Previous experience in international or UN environments is valued, but not essential.
  • IT Audit and/or PM certifications are desirable, though equivalent hands-on experience is equally appreciated.
  • Strong organisational and communication skills.
Languages:Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language desirable: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.

World Food Programme