Work for the IMF. Work for the World.
The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.
Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as the guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:
Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.
Enacting inclusive governance that balances security needs with operational fluidity.
Developing policies and standards that stay ahead of the threat landscape.
Ensuring compliance, resilience, and agility in our cybersecurity posture.
Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the Fund's information assets, ensuring a secure operational framework.
Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.
Administering a compliance management program dedicated to maintaining firm adherence to the Fund's information security policies and standards.
Preserving a solid enterprise security reference architecture that acts as a safeguard for the Fund's information assets against pertinent threats.
Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the Fund's mission.
Overseeing cyber threat intelligence, and incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.
As we expand our efforts to serve the Fund's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the Fund.
Job Summary
The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill a Security Analyst (Cloud Security Assurance) position.
Under the general supervision of the Section Chief, Information Security GRC, this role will provide security expertise and support of the IMF’s security assurance program for a) Cloud solutions and b) Financial systems.
The expertise will take the form of security controls design, advisory guidance on controls implementation, continuous monitoring and improvement of control effectiveness, benchmarking, and reporting to maintain and exceed steady state conformance to IMF information security policies, standards, baselines, processes, and external obligations.
The candidate will be required to work with multi-disciplinary project teams, service providers, auditors, and business units internal and external to the IMF’s IT function. The candidate is expected to bring pragmatic risk-based technical security controls management experience allowing the IMF to meet its present and emergent business needs while staying within the boundaries of the IMF’s cyber risk tolerance.
The candidate is expected to advise technology and business personnel regarding the value and methods of achieving operating effectiveness of security controls across cloud solutions and financial systems.
Major Duties and Responsibilities
1. Supports and maintains cloud security assurance framework and processes for performing continuous information security assurance assessments across existing and new cloud technologies, service providers, and internal/external General Computer Controls (ITGCC). Guides Fund personnel on the appropriate security assurance management strategies. Supports information security related assurance issues across the IMF.
2. Validates information security key controls to identify control risks, analyzes root causes and trends in potential control weaknesses. Suggests new controls to meet risk-based expectations where applicable.
3. Guides, monitors, and drives mitigation of identified risks in cloud solutions and financial systems through follow-up and follow-through with lines of business and IT stakeholders.
4. Collaborates with cloud technology platform teams to evolve automation footprint of security controls validation.
5. Continuously monitors the effectiveness of security controls in cloud environments and financial systems through comprehensive assessments across domains including but not limited to IAM, secure CI/CD pipeline, data security/protection, incident management, vulnerability management, key management, cryptography, etc.