IT Analyst, Security, Risk and Compliance

Description

Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org

ITS Vice Presidency Context:

The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w

Vice Presidency Context

Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries.
ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions.
The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.

Unit Context

The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance.ITSSR consists of three main units:1)) ITS Infosec Engineering & Operations (ITSIS), 2) IT Risk Management (ITSRM). and 3) Program Management Office (PMO).
Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.

Roles & Responsibility :

The Information Security Analyst in Vulnerability Management will have overall responsibilities for executing the work program under the Threat and Vulnerability Management team; as well as for working as an integral part of the OIS team in executing OIS’s work programs. The primary responsibilities will include, but are not limited to, the following:

• 
  Conduct regular vulnerability assessment scans on all enterprise web assets and databases and troubleshoot any problems encountered.
• 
  Perform manual penetration testing using open source and commercial security tools against all enterprise web assets and databases.
• 
  Document security findings with reasonable methods to secure.
• 
  Work in tandem with developers to provide repetitive validation testing and track the remediation of any vulnerabilities discovered.
• 
  Work with commercial security tool vendors to resolve any bugs and false positives in their products.
• 
  Produce and maintain appropriate documentation and dashboards detailing the enterprise vulnerability posture.
• 
  Produce weekly/monthly reports of activities and operational status of systems and processes under his/her control.
• 
  Participate in audits, as needed, producing necessary documentation, reports and explanations.
• 
  Implement corrective and preventive action plans approved by unit managers.

Selection Criteria

1. Bachelor or Master’s degree (or equivalent) in Computer Science, Information Systems or related fields;

2. 3-5 years of relevant information security experience.

3. Excellent understanding of operating system and application security, administration, and debugging.

4. Experience using and customizing open-source security tools.

5. Advanced level knowledge of interpreted languages such as Python, PowerShell, or Bash.

6. Advanced level knowledge of TCP/IP networking concepts and protocols, advanced technical knowledge of common network protocols (DNS, HTTP/HTTPS) and network security concepts.

7. Experience and advanced level knowledge of using web application scanning tools.

8. Experience and advanced level knowledge of using web penetration testing tools.

9. Experience in security testing on intra-company and third-party APIs.

10. Experience in security testing on AI oriented applications desirable.

11. Basic knowledge in Azure and AWS IaaS and PaaS services.

12. Advanced level knowledge of common attacks against web applications and OWASP Top 10.

13. Knowledge of database security and experience of using database scanning tools preferred.

14. Experience working in Agile environments, participating in Agile ceremonies, and utilizing Agile methodologies for security operations/testing.

15. Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills, an ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations.

16. Ability to assess risks in line with information security objectives and risk tolerance of the institution. Proven conceptual, analytical and evaluation skills.

17. Risk Management - Reduces risk by solving day-to-day problems as they arise.

18. Systems Thinking - Investigates the critical relationships among primary business, technology and systems platforms.

19. Client Orientation - Takes personal responsibility and accountability for timely response to client queries, requests or needs, working to remove obstacles that may impede execution or overall success.

20. Drive for Results - Takes personal ownership and accountability to meet deadlines and achieve agreed-upon results and has the personal organization to do so.

21. Team player with strong technical and user support skills.

22. Excellent oral and written communication skills.

23. Able to present and explain technical information to diverse types of audience (management, users, vendors, and technical staff).

WBG Culture Attributes:

1. Sense of Urgency – Anticipating and quickly reacting to the needs of internal and external stakeholders.
2. Thoughtful Risk Taking – Taking informed and thoughtful risks and making courageous decisions to push boundaries for greater impact.
3. Empowerment and Accountability – Engaging with others in an empowered and accountable manner for impactful results.

World Bank Group Core Competencies

The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC, including our values and inspiring stories.