IT Officer, Security, Risk and Compliance – Security Architecture Job #: req32793 Organization: World Bank Sector: Information Technology Grade: GF Term Duration: 3 years 0 months Recruitment Type: Local Recruitment Location: Washington, DC,United States Required Language(s): English Preferred Language(s): Closing Date: 5/2/2025 (MM/DD/YYYY) at 11:59pm UTC
Description
Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org
ITS Vice Presidency Context:
The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w
Our vision is to transform how the Bank Group accomplishes its mission through information and technology. In this fast-paced, ever-changing world, the formulation and implementation of the ITS strategy is an ongoing, iterative process of learning and adaptation developed through extensive consultations with business partners throughout the World Bank Group.
ITS shapes its strategy in response to changing business priorities and leverages new technologies to achieve three high-level business outcomes: business enablement, by providing Bank Group units with innovative digital tools and technologies to transform how they deliver value for their clients; empowerment & effectiveness, by ensuring that all Bank Group staff are connected, able to find information, and productive to accelerate the delivery of development solutions globally; and resilience, by equipping the Bank Group to provide risk-based cybersecurity and robust data protection for a global network and a growing cloud platform.
Implementation of the strategy is guided by three core principles. The first is to deliver solutions for business partners that are customer-centric, innovative, and transformative. The second is to provide the Bank Group with value for money with selective and standard technologies. The third principle is to excel at the basics by providing a high performing, robust, and resilient IT environment for the organization.
The ITS Information Security and Risk Management (ITSRM) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the information security and risk functions and activities across the World Bank Group, enabling the achievement of WBG's business objectives. ITSSR supports and facilitates a risk aware culture, ensuring that WBG information assets are protected in an effective, efficient, and balanced manner and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR comprises of the following functions: Security Operations, Risk Management and Advisory, IT Policy, IT Compliance, Business Continuity.
The ITS Risk and Compliance (ITSRM) unit within ITSSR has been tasked with providing technical and architectural information security solutions for The World Bank Group and needs an Information Security professional who is results oriented, multi-disciplined and experienced in evaluating information security controls in web and mobile applications and complex business applications.
Essential Job Functions:
Selection Criteria
Master's degree with 5 years relevant experience or bachelor’s degree with a minimum of 7 years relevant experience. Sample degrees: Computer Science, Information Management, and Information Systems.Experience in providing guidance for application security, risk assessment, and data protection based on data sensitivity and associated business risks.Experience with enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements.Familiar with Microsoft, Azure, and Office 365 technology platforms, applications, and security controls for such Microsoft technologies.Familiar with Agile practice at an enterprise scale. Familiar with Scaled Agile Framework (SAFe) is a plus.Experience guiding project team remediating common application vulnerabilities.Certification Requirements: Certified Information Systems Security Professional (CISSP) is a plus.GCP, AWS or Microsoft Certified Cloud Solution Architect certification is a plus.Required Skills/Abilities: Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications.Ability to work well under pressure and meet tight deadlines.Hands-on experience with Infrastructure as Code (IaaC), demonstrating proficiency in automating and managing infrastructure through code.knowledge of Artificial Intelligence, Machine Learning, and Generative AI is essential, with the ability to apply these technologies to solve complex problems.experience in API security is required, ensuring the protection and integrity of APIs through robust security practices and protocols.Excellent written and verbal communication skills.Solid understanding of security protocols, cryptography, authentication, authorization.Solid understanding of DevSecOps, Infrastructure-as-Code, Policy-as-code.High level of motivation, confidence, integrity, and responsibility.Knowledge of best practices and standards for enterprise security architecture, specifically in the field of Identity & Access Management, Enterprise Content Management, Collaboration Tools, Service-Oriented Architecture, Cloud, Mobility, Data Analytics, and Web 2.0 related services.Practical knowledge of common Web vulnerabilities as per SANS 25 or OWASP Top 10 specifications.Excellent interpersonal skills including the ability to work independently and effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the WBG.Ability to collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.
World Bank Group Core Competencies
The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.
We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.
Learn more about working at the World Bank and IFC, including our values and inspiring stories.