Background / General description
Background / General Description International Finance Corporation (IFC), the private sector investment arm of the World Bank Group (WBG) is the largest multilateral provider of financing for private enterprise in developing countries. IFC finances private sector investments, mobilizes capital in international financial markets, facilitates trade, helps clients
improve social and environmental sustainability, and provides technical assistance and advisory services to businesses and governments. The mission of IFC's Corporate Business Technologies Department (CBT) is to enable IFC to promote sustainable private sector investment in developing countries by proactively partnering with IFC's business groups to provide flexible, robust, and secure IT capabilities anytime, anywhere worldwide. IFC is seeking a team lead to manage Information Security operations within the CBT Risk Management function of CBT. This position reports to the Lead Information Security Officer, CBTRM. The Information Security Officer will work closely with CBT management to facilitate, shape, and sustain an information security approach that is integrated with IFC's business strategy and helps to sustain the various business lines through a world-class technical service framework.
Duties and Accountabilities
The selected candidate will be responsible for: Security Operations
• Overall management and oversight of IFC's Information Security Operations team.
• Protecting IFC's information assets against potential threats and vulnerabilities that could impact the confidentiality, integrity, and availability of IFC information.
• Measuring, monitoring, and reporting on a periodic basis effectiveness and efficiency of Information Security operations and controls.
• Managing Information Security operations team (currently six contractors) including day-to-day oversight, hiring, training, development, and performance management Vulnerability Management
• Maintaining preventive, detective, and corrective measures to protect IFC information systems and technology from malware.
• Designing and implementing appropriate security measures to protect IFC information over all methods of connectivity and at endpoints.
• Ensuring that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network, and operating systems.
• Working with IT Operations teams to ensure appropriate and timely remediation and patching processes are followed. Incident Response
• Maintaining and managing incident response capabilities and procedures to ensure rapid and effective response to security incidents.
• Evaluating security exposures, misuse or non compliance situations and ensuring implementation of security controls to address such incidents. Compliance
• Participating actively with external and internal security audits, risk assessments, and controls testing and following up on remediation actions of findings.
• Measuring, monitoring and reporting on the effectiveness and efficiency of information security controls and compliance with financial audit requirements, international standards, and industry best practices.
Selection Criteria
• Bachelor’s degree(s), preferably in Information Management, technology, or finance and at least eight years relevant experience with a demonstrated track record of success.
• Advanced degree(s) and professional certification(s) such as a CISM, CISSP, or CISA are preferred.
• Knowledge of technological trends and developments in the area of information security and IT risk management.
• Strong knowledge and experience of risk management methodologies and tools
• Good understanding and working experience in IT Services management and use of maturity and process improvement models (e.g. ISO 20000, SEI-CMM) and its integration with information security standards.
• Knowledge and work experience of configuration, change and release management in relation to development and maintenance of systems and infrastructure.
• Knowledge of best practices and standards for monitoring and reporting information security performance
• Knowledge of privacy and operational risk frameworks, laws, and regulations.
• Knowledge of security controls for network, database, application and operating systems.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 2 year renewable term appointment. Only online applications are accepted: applications by email will be neither accepted nor acknowledged. Only short-listed candidates will be contacted for interviews
Click Here to Apply
Closing Date: Tuesday, 28 August 2012
Background / General Description International Finance Corporation (IFC), the private sector investment arm of the World Bank Group (WBG) is the largest multilateral provider of financing for private enterprise in developing countries. IFC finances private sector investments, mobilizes capital in international financial markets, facilitates trade, helps clients
improve social and environmental sustainability, and provides technical assistance and advisory services to businesses and governments. The mission of IFC's Corporate Business Technologies Department (CBT) is to enable IFC to promote sustainable private sector investment in developing countries by proactively partnering with IFC's business groups to provide flexible, robust, and secure IT capabilities anytime, anywhere worldwide. IFC is seeking a team lead to manage Information Security operations within the CBT Risk Management function of CBT. This position reports to the Lead Information Security Officer, CBTRM. The Information Security Officer will work closely with CBT management to facilitate, shape, and sustain an information security approach that is integrated with IFC's business strategy and helps to sustain the various business lines through a world-class technical service framework.
Duties and Accountabilities
The selected candidate will be responsible for: Security Operations
• Overall management and oversight of IFC's Information Security Operations team.
• Protecting IFC's information assets against potential threats and vulnerabilities that could impact the confidentiality, integrity, and availability of IFC information.
• Measuring, monitoring, and reporting on a periodic basis effectiveness and efficiency of Information Security operations and controls.
• Managing Information Security operations team (currently six contractors) including day-to-day oversight, hiring, training, development, and performance management Vulnerability Management
• Maintaining preventive, detective, and corrective measures to protect IFC information systems and technology from malware.
• Designing and implementing appropriate security measures to protect IFC information over all methods of connectivity and at endpoints.
• Ensuring that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network, and operating systems.
• Working with IT Operations teams to ensure appropriate and timely remediation and patching processes are followed. Incident Response
• Maintaining and managing incident response capabilities and procedures to ensure rapid and effective response to security incidents.
• Evaluating security exposures, misuse or non compliance situations and ensuring implementation of security controls to address such incidents. Compliance
• Participating actively with external and internal security audits, risk assessments, and controls testing and following up on remediation actions of findings.
• Measuring, monitoring and reporting on the effectiveness and efficiency of information security controls and compliance with financial audit requirements, international standards, and industry best practices.
Selection Criteria
• Bachelor’s degree(s), preferably in Information Management, technology, or finance and at least eight years relevant experience with a demonstrated track record of success.
• Advanced degree(s) and professional certification(s) such as a CISM, CISSP, or CISA are preferred.
• Knowledge of technological trends and developments in the area of information security and IT risk management.
• Strong knowledge and experience of risk management methodologies and tools
• Good understanding and working experience in IT Services management and use of maturity and process improvement models (e.g. ISO 20000, SEI-CMM) and its integration with information security standards.
• Knowledge and work experience of configuration, change and release management in relation to development and maintenance of systems and infrastructure.
• Knowledge of best practices and standards for monitoring and reporting information security performance
• Knowledge of privacy and operational risk frameworks, laws, and regulations.
• Knowledge of security controls for network, database, application and operating systems.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 2 year renewable term appointment. Only online applications are accepted: applications by email will be neither accepted nor acknowledged. Only short-listed candidates will be contacted for interviews
Click Here to Apply
Closing Date: Tuesday, 28 August 2012
No comments:
Post a Comment