+

Вход

Въведи своя e-mail и парола за вход, ако вече имаш създаден профил в DEV.BG/Jobs

Забравена парола?
+

Създай своя профил в DEV.BG/Jobs

За да потвърдите, че не сте робот, моля отговорете на въпроса, като попълните празното поле:

85 + 9 =
+

Забравена парола

Въведи своя e-mail и ще ти изпратим твоята парола

Една от всички 668 обяви за Infrastructure в София

Виж всички

IT Officer, Security, Risk and Compliance –Security Architecture

The World Bank Group – Sofia Shared Services Center | София

Only in

dev.bg

Тази обява е публикувана само в DEV.BG Jobs: Преглеждаме значимите български сайтове за обяви за работа (с поне 400 IT обяви за работа). Тази обява не е публикувана в нито един от тях.
29 апр.
Обявата е публикувана в следните минибордове
  • Sofia, Bulgaria
  • Съобщи за проблем с обявата

Съобщи за проблем с обявата

×

    Какво не е наред с обявата?*
    Моля опиши ни, къде е проблемът:
    За да потвърдите, че не сте робот, моля отговорете на въпроса, като попълните празното поле:

    About the World Bank Group:

    Established in 1944, the World Bank Group (WBG) is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions: the International Bank for Reconstruction and Development (IBRD), the International Development Association (IDA), the International Finance Corporation (IFC), the Multilateral Investment Guarantee Agency (MIGA), and the International Centre for the Settlement of Investment Disputes (ICSID). With 189 member countries and more than 120 offices worldwide, the WBG works with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges.

    ITS Vice Presidency Context:

    Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty and promote shared prosperity in a sustainable way by delivering transformative information and technologies to its staff working in over 150 locations.

    Our vision is to transform how the Bank Group accomplishes its mission through information and technology. In this fast-paced, ever-changing world, the formulation and implementation of the ITS strategy is an ongoing, iterative process of learning and adaptation developed through extensive consultations with business partners throughout the World Bank Group.

    ITS shapes its strategy in response to changing business priorities and leverages new technologies to achieve three high-level business outcomes: business enablement, by providing Bank Group units with innovative digital tools and technologies to transform how they deliver value for their clients; empowerment & effectiveness, by ensuring that all Bank Group staff are connected, able to find information, and productive to accelerate the delivery of development solutions globally; and resilience, by equipping the Bank Group to provide risk-based cybersecurity and robust data protection for a global network and a growing cloud platform.

    Implementation of the strategy is guided by three core principles. The first is to deliver solutions for business partners that are customer-centric, innovative, and transformative. The second is to provide the Bank Group with value for money with selective and standard technologies. The third principle is to excel at the basics by providing a high performing, robust, and resilient IT environment for the organization.

    The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the information security and risk functions and activities across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR supports and facilitates a risk aware culture, ensuring that WBG information assets are protected in an effective, efficient, and balanced manner and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank’s business and IT strategy. ITSSR comprises of the following functions: Security Operations, Risk Management and Advisory, IT Policy, IT Compliance, PMO, Business Continuity, and Sourcing and Vendor Management.

    The ITS Risk and Compliance (ITSRC) unit within ITSSR has been tasked with providing technical and architectural information security solutions for The World Bank Group and needs an Information Security professional who is results oriented, multi-disciplined and experienced in evaluating information security controls in web and mobile applications and complex business applications.

    Essential Job Functions:

    • Work with project teams to define security requirements for new systems (cloud as well as on-prem) in line with the enterprise information security architecture.
    • Provide security design recommendations based on enterprise information security architecture and solution patterns.
    • Review or develop security-as-code in JSON or YAML format, e.g. AWS cloud formation template, Azure Resource Manager.
    • Provide guidance on the design and use of DevSecOps pipelines and use of security tools in such agile development methods.
    • Perform controls reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environment.
    • Maintain impartiality around IT systems to produce unbiased reports on information security risk.
    • Provide business units with recommendations to reduce information security risk within their areas.
    • Identify efficiencies to improve the performance and responsiveness of the ITSSR information security architecture function.
    • Prepare and present security design and architectural review reports to system owners, business units, and other.
    • Evaluate WBG current software security posture and propose mitigation and remediation plans to meet software security assurance requirements.
    • Translate technical security deficiencies into business risks that are understandable by business stakeholders in order to get buy-in for security investments.

    Educational Qualifications and Experience:

    • Master’s degree with 5 years relevant experience or Bachelor’s Degree with a minimum of 7 years relevant experience.
    • Sample degrees include: Computer Science, Library Science, Information Management or Information Systems.
    • Preferred 7+ years of role-specific experience.
    • Experience in providing guidance for application security, risk assessment, and data protection based on data sensitivity and associated business risks.
    • Experience with enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements.
    • Experience in developing and reviewing security-as-code in AWS, Azure, or other similar platforms.
    • Experience in working with DevSecOps pipeline from the security perspective.
    • Familiar with Microsoft, Azure, and Office 365 technology platforms, applications, and security controls for such Microsoft technologies.
    • Experience guiding project team remediating such vulnerabilities.

    Certification Requirements: Certified Information Systems Security Professional (CISSP) is a plus.

    Required Skills/Abilities:

    • Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications.
    • Ability to work well under pressure and meet tight deadlines.High level of motivation, confidence, integrity, and responsibility.
    • Knowledge of best practices and standards for enterprise security architecture, specifically in the field of Identity & Access Management, Enterprise Content Management, Collaboration Tools, Service-Oriented Architecture, Cloud, Mobility, Data Analytics, and Web 2.0 related services.
    • Practical knowledge of common Web vulnerabilities as per SANS 25 or OWASP Top 10 specifications.
    • Excellent interpersonal skills including the ability to work independently and effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the WBG.
    • Ability to collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.

    Note: The selected person will be hired on a 3 year renewable Term contract which can be extended based on business needs and performance.

    Poverty has no borders, neither does excellence. We succeed because of our differences and we continuously search for qualified individuals with diverse backgrounds from around the globe.

    Кандидатствай