IT Analyst, Security, Risk and Compliance

Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 120 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org

Vice Presidency Context:

Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries.
ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions.
The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.

Unit Context

The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives.  ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy.   ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards;  develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance.

Duties and Accountabilities:

ITSIS is seeking to fill the position of IT Analyst, Security, Risk and Compliance within ISOC. The IT Analyst serves across all areas of threat intelligence to help inform and defend the business and protect brand reputation. As a trusted member of the cybersecurity team and industry community, the analyst works closely with internal technical teams, business units and external entities aligned with the business, including private intelligence-sharing groups, law enforcement, government agencies and public affiliation peers. The IT Analyst is responsible for conducting in-depth research, documenting threats, understanding the risk to the business, and sharing information with those who need to know. The analyst will also distill threat intelligence so technical and non-technical contacts can understand it and make educated decisions about next-step actions. In addition to applied experience, the individual will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus.

Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.

Scope of Work

- Research current and emerging threats facing the business and industry sector.

- Lead production and delivery of recurring threat intelligence products including reports, one pager, threat briefs etc.

- Deliver threat briefings and awareness sessions to internal staff.

- Conduct and publish in-depth risk assessments to evaluate and categorize the risk posture of detected cyber threats while supporting development and refinement of risk assessment methodologies and tools used for threat categorization

- Collaborate with internal and external stakeholders, to gather and share relevant threat intelligence.

- Develop and maintain threat profiles and reports to enhance detection and response capabilities.

- Continuously update and refine existing threat intelligence processes and methodologies to ensure the organization remains at the forefront of cyber defense.

- Centralize multiple threat sources (premium, industry-shared, open-source, dark web), correlate indicators and threats, and distill actionable intelligence.

- Deliver on the digital risk management portfolio covering social media, brand protection etc.Develop and maintain high quality PowerBI dashboards to show coverage and effectiveness.

- Automate routine tasks for efficient operations and support of the team.

- Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams.

- Participate, implement and maintain deception technology

- Be readily available to participate in collaborative threat analysis meetings with internal and external trusted entities.

- Liaison with threat hunting, infrastructure, IT, vulnerability management, threat intelligence and software engineer team members.

- Understanding of various generative models (e.g., GPT, GANs) and their applications.

- Plan and execute the implementation of threat management solutions through a data driven and agile approach.

- Perform other duties as assigned.