About the World Bank Group:
Established in 1944, the WBG is one of the world’s largest sources of funding and knowledge for development solutions. In fiscal year 2018, the WBG committed $67 billion in loans, grants, equity investments and guarantees to its members and private businesses, of which $24 billion was concessional finance to its poorest members. It is governed by 189-member countries and delivers services out of 120 offices with nearly 15,000 staff located globally.
The WBG consists of five specialized institutions: The International Bank for Reconstruction and Development (IBRD), the International Development Association (IDA), the International Finance Corporation (IFC), the Multilateral Investment Guarantee Agency (MIGA), and the International Centre for the Settlement of Investment Disputes (ICSID). The World Bank is organized into six client-facing Regional Vice-Presidencies, several corporate functions and thirteen Global Practices to bring best-in-class knowledge and solutions to regional and country clients.
Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries.
ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions.
The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group.
ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives.
Duties and Accountabilities:
The candidate will be responsible for, but not limited to the following:
- Conduct IT audits of operating systems, databases, platforms, cloud implementations and emerging technologies based on industry standards.
- Conduct audits of IT processes and functions based on COBIT, ISO 27001 & ISO 20000 frameworks.
- Assess compliance against technical standards for various platforms and technologies.
- Review third party attestation reports, including Service Organization Control (SOC) 1 and SOC 2, including documenting, validating, testing, and assessing various control systems.
- Design and execute third party compliance assessments and prioritize control remediation as appropriate
- Validates and monitors controls across relevant risk domains as well as contractual adherence through carrying out regular remote and on-site visits with key third parties
- Identify process enhancement opportunities with control owners to develop risk-based action plans while understanding their operational constraints/challenges
- Perform other duties in the compliance work program, as assigned.
- Bachelor’s degree with 4 years relevant experience or master’s degree with a minimum of 2 years of most relevant experience.
- Minimum 3 years’ experience working in an information security, Information technology or IT audit related field.
- Third party (vendor) risk management experience
- Experience conducting Service Organization Control (SOC) 1 and SOC 2 report reviews
- Demonstrated knowledge and experience in auditing IT and security controls for network, operating systems, databases, platforms and applications.
- Thorough understanding of best practice and industry standard technical security standards including, but not limited to NIST and CIS;
- Good knowledge and demonstrated work experience of the use of ISO 27001 control framework and ISMS implementation.
- Familiarity with industry standards, laws and regulations, including but not limited to ISO 27001, SOX, ISO 20000, Safe Harbor, HIPAA, GLBA, and Basel II;
- Systems Thinking - Researches the critical and underlying relationships between primary business, technology and systems platforms.
- Client Orientation - Takes personal responsibility and accountability for timely response to client queries, requests or needs, working to remove obstacles that may impede execution or overall success.
- Drive for Results - Takes personal ownership and accountability to meet deadlines and achieve agreed-upon results and has the personal organization to do so.
- Teamwork (Collaboration) and Inclusion - Collaborates with other team members and contributes productively to the team's work and output, demonstrating respect for different points of view.
- Ability to work independently and within groups, Must be self-motivated and able to work independently with minimal supervision.
- Excellent written and verbal communication skills and presentation skills.
- Highest ethical standards.