Digital Program Specialist - IT Risk and Program Management (6058)

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is Financing Infrastructure for Tomorrow in Asia and beyond—infrastructure with sustainability at its core. We began operations in Beijing in 2016 and have since grown to 110 approved members worldwide. We are capitalized at USD100 billion and AAA-rated by the major international credit rating agencies. Collaborating with partners, AIIB meets clients’ needs by unlocking new capital and investing in infrastructure that is green, technology-enabled and promotes regional connectivity.

The Information Technology Department (ITD) provides technical services in the areas of digital services, IT-related procurement, cybersecurity, IT risk and resilience, data management, digital learning, and digital transformation, ensuring their overall alignment with the Bank’s needs and priorities. The team oversees the development and refinement of the IT strategy as well as the effective management of technology resources and the provision of technical support across Bank operations. These efforts are critical to fostering a digital and data-driven culture within the Bank aligned with its Corporate Strategy, promoting the innovation of digital infrastructures, and ensuring the smooth operation and security of daily banking functions.

The ITD is seeking a highly skilled and motivated Digital Program Specialist in IT Risk and Program Management. This position plays a critical role in managing the Bank’s IT supply chain risks, including IT outsourcing, third-party security, cloud services, and embargo and sanction risks related to IT vendors and products. Additionally, the role supports IT security and risk program management, working closely with various IT function teams to strengthen security governance, ensure compliance, and mitigate risks. This position requires a unique blend of expertise in assessing IT supply chain and third-party security risks, project and program management, and driving continuous improvement in risk posture. 
 

Responsibilities:

• Conduct IT security and risk due diligence on vendors and third parties during the related corporate procurement stages. 
• Collaborate with corporate procurement, legal, compliance, and IT teams to ensure vendors’ security risks and embargo and sanction risks are assessed.
• Lead the Third-Party Security Assessments (TPSA) program to evaluate, mitigate, and monitor security risks associated with IT vendors and suppliers, also including outsourcing supplier, cloud service providers, open-source technologies, and product security.
• Coordinate IT Outsourcing management activities including outsourcing planning, risk assessment, performance monitoring, and compliance oversight, to ensure alignment with the Bank’s outsourcing management requirements. 
• Support the Team Lead of IT Risk, Resilience and Cyber Security to oversee IT security governance, compliance, and risk mitigation programs.
• Coordinate with various IT and business teams to support security initiatives, ensuring alignment with bank requirements and industry best practices.
• Track, analyze, and report on the effectiveness of IT security programs using key metrics and data insights, ensuring compliance with security requirements and supporting continuous improvement.
• Support internal and external IT audits, ICFR control testing, risk control assessment, etc.
• Manage vendors, which includes procurement, contracting, performance management, etc.
   

Requirements:

• Bachelor’s degree in computer science, information security, data science, risk management, or in a related discipline. Master's degree would be a plus.
• 5-8 years of relevant working experience in IT risk and program management and relevant fields, preferably with financial institutions.
• Hands-on experience conducting due diligence and third-party security risk assessments.
• Strong knowledge of IT outsourcing risk, cloud risk, open-source risk, embargo and sanction risk.
• Familiarity with cloud security principles and cloud-native security solutions on Azure and AWS. 
• Strong understanding of information security and privacy standards, frameworks and compliance requirements, including ISO 27001, NIST CSF, NIST SP800, SOC 2, GDPR, etc.
• Certifications such as CISSP, CISM, CRISC, PMP, ISO 27001 Auditor would be an advantage.
• Strong business acumen and the ability to balance technical security needs with business priorities.
• Ability to work effectively in a multicultural organization.
• Excellent written and oral English language skills.
• Strong data analysis, reporting, writing, and communication skills, with the ability to interpret complex data and prepare clear, actionable reports and insights for executive-level stakeholders. 
• Ability to lead the team to manage multiple workstreams; with excellent project management skills and attention to detail.

AIIB is committed to diversity, transparency and inclusion. We believe our strength comes from having a team with the right diverse skills, experiences and abilities selected through a merit-based competitive process. We actively encourage applications from people from both within and outside AIIB members, regardless of nationality, religion, gender, race, disability or sexual orientation.

Previous experience and qualifications will determine the grade and job title at which successful applicants will enter AIIB.

Join us and help create a prosperous and sustainable Asia while growing your career in a diverse and innovative environment.