The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance. ITSSR consists of three main units: 1) ITS Risk Management, Compliance, and Policy, 2) ITS Information Security Operations (ITSIS), and 3) Program Management Office (PMO).
Roles & Responsibilities:
The Information Security Analyst will have overall responsibilities for executing the work program under the Security Engineering team; as well as for working as an integral part of the ITSIS team in executing ITSSR work programs. The primary responsibilities will include, but are not limited to, the following:
Engineer technical security controls in the public, private and hybrid cloud environments to mitigate information security threats;
Actively monitor and assess new and emerging threats posing risk to cloud computing environments. Recommend tactical and strategic initiatives to eliminate or mitigate these risks;
Develop, maintain and secure resilient cloud processes in collaboration with architects and system engineers;
Interface effectively with business units and the ITS community to provide security oversight and guidance for cloud related initiatives. Ensure best practices in the areas of security operations are followed;
Provide guidance and assist in the development of security standards for cloud infrastructure to align with enterprise architecture, threat landscape and information security policy;
Maintain impartiality around IT systems to produce unbiased reports on information security risk;
Document and propose areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation;
Selection Criteria:
Bachelor’s in (Computer Science, Information Systems or related fields) or Master's degree with 2 years relevant experience OR equivalent combination of education and experience.
Advanced knowledge of cloud systems and related security concepts for AWS, Azure and Office 365;
A minimum 2 years of experience working in IT/InfoSec engineering and operations;
Experience with engineering and troubleshooting security controls in a large-scale hybrid cloud environment;
Knowledge of scripting languages such as Python, PowerShell, Bash, Ruby and JavaScript;
Ability to assess risks in line with information security objectives and risk tolerance of the institution. Demonstrated conceptual, analytical and evaluation skills;
Proven ability to conduct research independently and present results effectively;
Excellent communication skills – both written and verbal, include the capacity to communicate complex and technical issues in simple terms;
Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP) and SANS GIAC;
