Job # : 112479
Job Title : Information Security Officer - Security Architect (OIS)
Job Family: Information Management and Technology
Location: Washington, DC
Appointment: Local Hire
Closing Date: 21-Dec-2011
Language Requirements: English [Essential]
The World Bank Group (WBG) Office of Information Security (OIS) provides information security services to the WBG. The mission of OIS is to protect the WBG’s information assets in a manner that supports the WBG's mission to free the world of poverty. The office develops strategy, standards and processes to protect the confidentiality, integrity and availability of WBG information assets in a manner that is commensurate with their value and risk. OIS maintains an information security program in a way that respects the rights and dignity of those it serves and addresses the needs of the WBG’s business units. It is in need of an Information Security professional who is results oriented, multi-disciplined, and comfortable in designing secured solutions for mission critical business applications hosted in multi-vendor environments, at the enterprise level.
The Information Security Officer (ISO), Security Architect, would be expected to work primarily in the following areas:
• Strategic designing and planning for implementation of secured business applications.
• Performing keys to streamline secured software development within WBG.
• Setting security standards for large scale enterprise initiatives.
Duties and Accountabilities
The primary responsibilities of the Information Security Officer , as a Security Architect, will include, but are not limited to, a combination of the following:
• Maintain and support the WBG’s enterprise information security architecture for business applications and content sharing in line with WBG information security policy and leading industry standards.
• Work with project and development teams to define information security requirements for new business applications and systems that are in line with the enterprise information security architecture.
• Provide subject matter expertise on WBG enterprise application development/data security initiatives.
• Coordinate with the WBG’s IT enterprise architects (EA) to build information security into the IT enterprise architecture and institutional initiatives.
• Interface with business units and IT stakeholders to identify requirements and assess their applicability on the information security enterprise architecture.
• Assist business units in understanding and complying with the information security enterprise architecture; both from business application and process perspective.
• Maintain an up-to-date understanding of emerging trends in information security architecture; apply new techniques and trends that are in-line with overall information security objectives and risk tolerance of the WBG.
• Assist in sharing of knowledge with Management regarding the information security readiness of large scale enterprise initiatives.
• Interface with other OIS teams including, but not limited to, Certification and Accreditation and Security Engineering team, to gather identified information security risks; develop risk profiles for enterprise wide business applications and identify areas where existing security architecture requires change or development.
• Evaluate WBG current software security posture and propose mitigate and remediation plans to meet software security assurance requirements.
• Assist in identification and implementation of services, tools and methodologies to improve overall security posture of WBG’s enterprise initiatives in the areas of identity management, enterprise search and collaboration, information and content management.
• Document security architecture design review results and follow-up on implementation of recommended controls.
Selection Criteria
1. Master’s degree in Computer Science or Information Systems with a minimum of 5 years of relevant experience, 8 years preferred. (BS/BA is minimum education requirement with 7 years of relevant experience, 10 years preferred).
2. Preferably 6+ years of experience as an Information Security Professional designing secured solutions in an environment comprising of financial and trading systems, systems handling strictly confidential, personnel and proprietary information.
3. Demonstrated knowledge and experience of applying advanced modeling techniques in developing security architecture for enterprise level business applications and data security.
4. Advanced experience in designing security architecture for provisioning interoperable and portable identities and credentials across multiple business applications and platforms, preferably in a federated environment, experience with multi-factor authentication technologies systems (includes token, smart card, adaptive and biometric solutions).
5. Demonstrated knowledge and experience of developing Business Risk Models by integrating contextual and conceptual security architecture requirements with logical, physical and component security requirements for business applications and data security needs in a large heterogeneous environment.
6. Demonstrated knowledge in WBG wide or similar initiatives such as Identity and Access Management (IAM), Collaboration, Account Provisioning, Role Engineering, Federation Services, etc. on common platforms such as MS SharePoint 2010. Hands-on experience in supporting Identity and Access Management products would be an added advantage.
7. Sound knowledge of designing secure interfaces between heterogeneous systems using advanced web services such as SOAP, XML, WSDL and defining data models and security techniques on common database servers such as Oracle, MS SQL and MySQL.
8. Expertise in security technologies, applications and methodologies, systems/network design, control and performance benchmarks to facilitate Web 2.0 technologies including but not limited to Collaboration, Enterprise Search, Content Management and Identity Management.
9. In-depth knowledge of multiple Light Weight Directory Protocol (LDAP) platforms such as Microsoft Active Directory, SunOne LDAP, and Lotus Notes Directory Server.
10. Ability to evaluate the security strength of technical solutions during the procurement phase and work with application owners and product vendors to implement security controls as per the WBG policy.
11. Hands-on experience of security tools and techniques to assess the security posture of multiple layers of the application stack including web, middleware and database, especially in Java, .Net and LAMP environments.
12. Demonstrated knowledge and experience of the Bank’s and its Unit’s systems and business processes, policies and procedures, as well as relevant software application systems, hardware configuration and network architecture to implement information security as a process.
13. Ability to develop specific proactive procedures for detection of security breaches within business applications, identifying security risks in the software development processes and code promotion procedures, defining control measures to mitigate the impact of potential threats to Bank’s Operations.
14. Demonstrated experience in leading enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements.
15. Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications.
16. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility.
17. Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP).
18. Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the WBG.
The World Bank Group is committed to achieving diversity in terms of gender, nationality, culture and educational background. Individuals with disabilities are equally encouraged to apply.
All applications will be treated in the strictest confidence.
Click Here to Apply
Job Title : Information Security Officer - Security Architect (OIS)
Job Family: Information Management and Technology
Location: Washington, DC
Appointment: Local Hire
Closing Date: 21-Dec-2011
Language Requirements: English [Essential]
The World Bank Group (WBG) Office of Information Security (OIS) provides information security services to the WBG. The mission of OIS is to protect the WBG’s information assets in a manner that supports the WBG's mission to free the world of poverty. The office develops strategy, standards and processes to protect the confidentiality, integrity and availability of WBG information assets in a manner that is commensurate with their value and risk. OIS maintains an information security program in a way that respects the rights and dignity of those it serves and addresses the needs of the WBG’s business units. It is in need of an Information Security professional who is results oriented, multi-disciplined, and comfortable in designing secured solutions for mission critical business applications hosted in multi-vendor environments, at the enterprise level.
The Information Security Officer (ISO), Security Architect, would be expected to work primarily in the following areas:
• Strategic designing and planning for implementation of secured business applications.
• Performing keys to streamline secured software development within WBG.
• Setting security standards for large scale enterprise initiatives.
Duties and Accountabilities
The primary responsibilities of the Information Security Officer , as a Security Architect, will include, but are not limited to, a combination of the following:
• Maintain and support the WBG’s enterprise information security architecture for business applications and content sharing in line with WBG information security policy and leading industry standards.
• Work with project and development teams to define information security requirements for new business applications and systems that are in line with the enterprise information security architecture.
• Provide subject matter expertise on WBG enterprise application development/data security initiatives.
• Coordinate with the WBG’s IT enterprise architects (EA) to build information security into the IT enterprise architecture and institutional initiatives.
• Interface with business units and IT stakeholders to identify requirements and assess their applicability on the information security enterprise architecture.
• Assist business units in understanding and complying with the information security enterprise architecture; both from business application and process perspective.
• Maintain an up-to-date understanding of emerging trends in information security architecture; apply new techniques and trends that are in-line with overall information security objectives and risk tolerance of the WBG.
• Assist in sharing of knowledge with Management regarding the information security readiness of large scale enterprise initiatives.
• Interface with other OIS teams including, but not limited to, Certification and Accreditation and Security Engineering team, to gather identified information security risks; develop risk profiles for enterprise wide business applications and identify areas where existing security architecture requires change or development.
• Evaluate WBG current software security posture and propose mitigate and remediation plans to meet software security assurance requirements.
• Assist in identification and implementation of services, tools and methodologies to improve overall security posture of WBG’s enterprise initiatives in the areas of identity management, enterprise search and collaboration, information and content management.
• Document security architecture design review results and follow-up on implementation of recommended controls.
Selection Criteria
1. Master’s degree in Computer Science or Information Systems with a minimum of 5 years of relevant experience, 8 years preferred. (BS/BA is minimum education requirement with 7 years of relevant experience, 10 years preferred).
2. Preferably 6+ years of experience as an Information Security Professional designing secured solutions in an environment comprising of financial and trading systems, systems handling strictly confidential, personnel and proprietary information.
3. Demonstrated knowledge and experience of applying advanced modeling techniques in developing security architecture for enterprise level business applications and data security.
4. Advanced experience in designing security architecture for provisioning interoperable and portable identities and credentials across multiple business applications and platforms, preferably in a federated environment, experience with multi-factor authentication technologies systems (includes token, smart card, adaptive and biometric solutions).
5. Demonstrated knowledge and experience of developing Business Risk Models by integrating contextual and conceptual security architecture requirements with logical, physical and component security requirements for business applications and data security needs in a large heterogeneous environment.
6. Demonstrated knowledge in WBG wide or similar initiatives such as Identity and Access Management (IAM), Collaboration, Account Provisioning, Role Engineering, Federation Services, etc. on common platforms such as MS SharePoint 2010. Hands-on experience in supporting Identity and Access Management products would be an added advantage.
7. Sound knowledge of designing secure interfaces between heterogeneous systems using advanced web services such as SOAP, XML, WSDL and defining data models and security techniques on common database servers such as Oracle, MS SQL and MySQL.
8. Expertise in security technologies, applications and methodologies, systems/network design, control and performance benchmarks to facilitate Web 2.0 technologies including but not limited to Collaboration, Enterprise Search, Content Management and Identity Management.
9. In-depth knowledge of multiple Light Weight Directory Protocol (LDAP) platforms such as Microsoft Active Directory, SunOne LDAP, and Lotus Notes Directory Server.
10. Ability to evaluate the security strength of technical solutions during the procurement phase and work with application owners and product vendors to implement security controls as per the WBG policy.
11. Hands-on experience of security tools and techniques to assess the security posture of multiple layers of the application stack including web, middleware and database, especially in Java, .Net and LAMP environments.
12. Demonstrated knowledge and experience of the Bank’s and its Unit’s systems and business processes, policies and procedures, as well as relevant software application systems, hardware configuration and network architecture to implement information security as a process.
13. Ability to develop specific proactive procedures for detection of security breaches within business applications, identifying security risks in the software development processes and code promotion procedures, defining control measures to mitigate the impact of potential threats to Bank’s Operations.
14. Demonstrated experience in leading enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements.
15. Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications.
16. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility.
17. Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP).
18. Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the WBG.
The World Bank Group is committed to achieving diversity in terms of gender, nationality, culture and educational background. Individuals with disabilities are equally encouraged to apply.
All applications will be treated in the strictest confidence.
Click Here to Apply
No comments:
Post a Comment