Work for the IMF. Work for the World.
The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.
Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as the guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:
Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.
Enacting inclusive governance that balances security needs with operational fluidity.
Developing policies and standards that stay ahead of the threat landscape.
Ensuring compliance, resilience, and agility in our cybersecurity posture.
Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the Fund's information assets, ensuring a secure operational framework.
Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.
Administering a compliance management program dedicated to maintaining firm adherence to the Fund's information security policies and standards.
Preserving a solid enterprise security reference architecture that acts as a safeguard for the Fund's information assets against pertinent threats.
Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the Fund's mission.
Overseeing cyber threat intelligence, and incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.
As we expand our efforts to serve the Fund's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the Fund.
Job Summary
The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill an Information Security Architect position.
This role will design, engineer, influence and embed security controls in the early phases of the IMF's System Development Lifecycle process (Shift Left Mindset). S/he is expected to influence, drive, and collaborate with business and technical stakeholders to achieve practical architecture solutions that meet the secure by design and privacy by design principles. The candidate will also identify recurring information security use cases and develop security architecture pattern documents applicable to those use cases.
Major Duties and Responsibilities
1. Drives and supports the solution architecture development process from context to physical architecture and ensures that all relevant security controls are embedded early in the SDLC phase.
2. Works with technical and business stakeholders to identify architectural attributes that may influence threat and attack vectors.
3. Collaborates with business and technical stakeholders to develop data flows, user profiles, data dictionaries, release notes, technical specification and process flows as input for threat modeling activities.
4. Reviews high level conceptual and logical architectural artifacts and presents findings to the IMF’s Enterprise Architecture Review Board.
5. Performs threat modeling activities and communicates outcomes to platform engineers, Information Security Risk Management and the Application Security teams.
6. Develops technical road maps towards achieving mid to long-term enterprise security architecture goals like zero trust architecture, automated threat modeling, secure by default, policy as code and pattern as code.
7. Attends project and enhancement meetings to advise and provide input on security architecture related issues.
8. Develops and ensures security reference architectures and patterns are up-to-date, standards-based, relevant, and agile to meet evolving business and technology needs and knowledge gaps.
9. Research new information security capabilities and technology for continuous improvement of self and the organization.
10. Collaborates with the information security assurance team on developing practical and applicable information security baselines and referencing those baselines in Enterprise Security Architecture documentation.
11. Drives and documents security architecture artifacts for protecting the IMF’s crown jewels and strictly confidential assets.
12. Collaborates with IMF’s DevOps team to define guardrails and process flows for configuration, development, delivery, and deployment pipelines.
13. Collaborates with the IMF Enterprise Architecture Division to create visibility of activities between ISG and EA division to ensure continuous synchronization.
14. Manages the implementation of an awareness program for promoting information security architecture principles and their application with business and IT stakeholders.
Minimum Qualifications
Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 4 years of progressive information security work experience; or a bachelor’s degree in information security, computer science, engineering, mathematics, or related field of study and minimum of 10 years of progressive information security work experience.
Candidates should possess