Work for the IMF. Work for the World.
The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.
Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as the guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:
Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.
Enacting inclusive governance that balances security needs with operational fluidity.
Developing policies and standards that stay ahead of the threat landscape.
Ensuring compliance, resilience, and agility in our cybersecurity posture.
Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the Fund's information assets, ensuring a secure operational framework.
Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.
Administering a compliance management program dedicated to maintaining firm adherence to the Fund's information security policies and standards.
Preserving a solid enterprise security reference architecture that acts as a safeguard for the Fund's information assets against pertinent threats.
Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the Fund's mission.
Overseeing cyber threat intelligence, and incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.
As we expand our efforts to serve the Fund's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the Fund.
Job Summary
The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill a Product/Platform Security Lead (App Security) position.
Under the general supervision of the Chief Information Security Officer, this role will develop, mature, and drive application security initiatives at IMF including the design, implementation, and management of a comprehensive program to embed security into the software development lifecycle.
The role will serve as a lead subject matter expert on application security, providing pragmatic guidance to stakeholders across the organization.
Major Duties and Responsibilities
1. Enhances, executes, and manages a formal application security program. Establish and execute forward looking application security strategies that enable proactive secure application development.
2. Works closely with the broader information security team to align application security efforts with overall security objectives and initiatives.
3. Partners with application development and operation teams (and business stakeholders) to set the path for secure development practices for existing and future applications.
4. Provides advice, in collaboration with the Security Assurance and Security Policy functions, on the development and maintenance of security standards, policies, and guidelines for application development. This includes enhancing software security design standards - building in security best practices at the beginning of the software development life cycle.
5. Collaborates with the Security Architecture function to analyze and make recommendations to improve application security architectures.
6. Provides guidance and training to developers on secure coding practices and common vulnerabilities.
7. Collaborates with development teams in conducting application security tests, threat modeling, and code analysis to identify and mitigate security vulnerabilities
8. Stays updated on emerging threats, vulnerabilities, and industry trends in application security, and ensure that security measures are continuously improved and updated.
9. Regularly monitors the Application Security program’s operational health and maturity through key metrics and risk reporting.
Minimum Qualifications
Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 8 years of progressive information security work experience; or a bachelor’s degree in information security, computer science, engineering, mathematics, or related field of study and minimum of 14 years of progressive information security work experience.
Candidates should possess one or more of the following certifications— CISSP, CISM, CCSP, CEH, GIAC
Experience leading IAM related programs in regulated industries.
Relationship Management Skills
Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity.
Demonstrates ability to