IT Officer – IT & Cybersecurity Policies and Standards
Job #: req22843
Organization: World Bank
Sector: Information Technology
Term Duration: 4 years 0 months
Recruitment Type: Local Recruitment
Location: Washington, DC,United States
Required Language(s): English
Preferred Language(s): Closing Date: 6/18/2023 (MM/DD/YYYY) at 11:59pm UTC
Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 120 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org
ITS Vice Presidency Context:
Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty and promote shared prosperity in a sustainable way by delivering transformative information and technologies to its staff working in over 150 locations. Our vision is to transform how the Bank Group accomplishes its mission through information and technology. In this fast-paced, ever-changing world, the formulation and implementation of the ITS strategy is an ongoing, iterative process of learning and adaptation developed through extensive consultations with business partners throughout the World Bank Group.
ITS shapes its strategy in response to changing business priorities and leverages new technologies to achieve three high-level business outcomes: business enablement, by providing Bank Group units with innovative digital tools and technologies to transform how they deliver value for their clients; empowerment & effectiveness, by ensuring that all Bank Group staff are connected, able to find information, and productive to accelerate the delivery of development solutions globally; and resilience, by equipping the Bank Group to provide risk-based cybersecurity and robust data protection for a global network and a growing cloud platform.
Implementation of the strategy is guided by three core principles. The first is to deliver solutions for business partners that are customer-centric, innovative, and transformative. The second is to provide the Bank Group with value for money with selective and standard technologies. The third principle is to excel at the basics by providing a high performing, robust, and resilient IT environment for the organization.
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), provides leadership in managing the functions and activities of information security and risk management, IT service management and business continuity, sourcing and vendor management, and enterprise architecture across the World Bank Group, enabling the achievement of WBG’s business objectives.
Duties and Accountabilities:
The candidate will be responsible for, but not limited to the following:
- Develop and maintain IT and cybersecurity policies, and procedures and ensure that they are aligned to business requirements, information technology strategy, legal/regulatory requirements and leading industry standard frameworks such as COBIT, NIST, ISO 20000, and ISO 27001.
- Review and propose changes to existing policies, and procedures to reflect existing business requirements and compliance with applicable regulations.
- Develop, publish and maintain IT and cybersecurity standards for all applicable technologies and information system within the Bank Group aligned with leading industry standards such as CIS and NIST.
- Review policy and technology standards exception/waiver requests and recommend appropriate risk mitigation/acceptance approach aligned with the Enterprise Risk Management framework.
- Identify and report on IT and cybersecurity policy, procedure, and standards related metrics to demonstrate value to WBG business units.
- Interface with information security awareness function and change management teams to foster awareness of WBG policies, procedures and standards among WBG staff.
- Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes and operations throughout the WBG. Gain commitment from stakeholders to implement recommended and agreed information technology and security controls and treatment plans.
- Help foster effective teams committed to organizational goals, foster collaboration among team members and among teams and use teams to address relevant issues.
- Demonstrate work commitment and drive for results. Set high standards of performance; pursue aggressive goals and work hard to achieve them.
- Master’s degree in Computer Science, Information Systems or Law degree (J.D. or non-U.S. equivalent) with 5 years relevant experience OR equivalent combination of education and experience.
- Minimum 5-7 years’ substantive IT & cybersecurity experience including preparing and reviewing IT policies and knowledge of relevant global data protection regulations.
- Demonstrated experience in developing technical security standards for various technologies.
- Solid writing and grammar skills with the ability to independently draft policies and standard documents.
- Thorough understanding of best practice and industry standards including, but not limited to ISO 27001, NIST and CIS.
- Possession of industry certifications highly preferred including, but not limited to Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor and
- Certified Information Systems Security Professional (CISSP).
- Ability to work independently and within groups, Must be self-motivated and able to work independently with minimal supervision.
- Possess excellent verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers.
- Highest ethical standards.