Innovation and partnership bond the five institutions of the World Bank Group (WBG): the International Bank for Reconstruction and Development (IBRD) and the International Development Association (IDA), which together form the World Bank; the International Finance Corporation (IFC); the Multilateral Investment Guarantee Agency (MIGA); and the International Centre for Settlement of Investment Disputes (ICSID). The World Bank Group is one of the world's largest sources of funding and knowledge for developing countries. It uses financial resources and extensive experience to help our client countries to reduce poverty, increase economic growth, and improve quality of life. To ensure that countries can access the best global expertise and help generate cutting-edge knowledge, the World Bank Group is constantly seeking to improve the way it works. Key priorities include delivering measurable results, promoting openness and transparency in development, and improving access to development information and data.
Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries. ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions. The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), provides leadership in managing the functions and activities of information security and risk management, IT service continuity, sourcing and vendor management, and cloud transformation across the World Bank Group, enabling the achievement of WBG’s business objectives.
ITSSR is responsible for the following:
• Enable and facilitate a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner;
• Establish and maintain the World Bank Group's IT and information security policies and standards; develop and engineer the WBG’s information security plans and solutions; respond to security incidents;
• Ensure IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy, and managed in a consistent manner with the overall risk management approach and established risk appetite and tolerance;
• Drive transformational business performance, productivity, and cost efficiency through world class IT sourcing and vendor management practices to deliver world-class IT;
• Lead the WBG Cloud transformation to enable the business, promote agile IT delivery, and improve business resiliency.
Duties and Responsibilities
•Conduct IT technical and process audits as well as compliance assessments based on COBIT, ISO 27001 & ISO 20000 frameworks.
•Develop test plans and detailed test procedures to assess operating effectiveness of IT technical and process controls.
•Assist in controls implementation including documentation of processes and procedures to address Internal Controls over Financial Reporting (ICFR) requirements for the IT General Computer Controls (ITGC) for Information Security, Change Management and IT Operations areas.
•Assess compliance against technical standards for various platforms and technologies.
•Discuss compliance and audit issues with stakeholders and develop action plans to address them.
•Collect, evaluate, and maintain data to ensure that required management reporting is completed as needed. This also includes inputting appropriate data into GRC tools.
•Assist in monitoring open audit items from audits such as WBG internal audit department (IAD) IT audits, external financial audits on Internal Controls over Financial Reporting (ICFR); and ISO 27001 & ISO 20000 certification audits to ensure execution of remedial activities defined in the agreed action plans and risk treatment plans.
•Perform other duties in the compliance work program as assigned.
•BA/BS (In Computer Science, Information Systems or a related technical field or equivalent combination of education and experience).
•Minimum 3-5 years’ experience working in an information security, information technology or compliance related field.
•Experience in conducting assessments, designing processes, and implementing SOX controls for the General IT Controls related to Information Security, Change Management and IT Operations.
•Experience in conducting design and operating effectiveness testing for the General IT Controls.
•Familiarity and understanding of broad range of IT hardware and software products.
•Thorough understanding of industry standards and regulations including COBIT, COSO, and SOX.
•Good knowledge of auditing standards including IIA Guidelines, AS5 including technology based audit approaches.
•Knowledge of ERP and financial system including but not limited to SAP, PeopleSoft and Summit, enterprise GRC systems such as BWise and RSAM.
•Knowledge of issue tracking tools such as Jira and Remedy.
•Demonstrated experience in problem solving/troubleshooting of information security issues.
•Possession of industry certifications highly preferred including, but not limited to Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and Information Systems Security Management Professional (ISSMP).
For Corporate Information and to apply to the position, please visit www.worldbank.org/careers, vacancy number 171524 .Deadline is August 30, 2017.
The World Bank Group is committed to achieving diversity in race, gender, nationality, culture, and educational background. Individuals with disabilities are equally encouraged to apply.
The World Bank, a member of the World Bank Group, is a vital source of financial and technical assistance to developing countries around the world. Our mission is to fight poverty with passion and professionalism for lasting results and to help people help themselves and their environment by providing resources, sharing knowledge, building capacity and forging partnerships in the public and privat...e sectors.
We are not a bank in the common sense; we are made up of two unique development institutions owned by 189 member countries: the International Bank for Reconstruction and Development (IBRD) and the International Development Association (IDA).
Each institution plays a different but collaborative role in advancing the vision of inclusive and sustainable globalization. The IBRD aims to reduce poverty in middle-income and creditworthy poorer countries, while IDA focuses on the world's poorest countries.
Their work is complemented by that of the International Finance Corporation (IFC), Multilateral Investment Guarantee Agency (MIGA) and the International Centre for the Settlement of Investment Disputes (ICSID).
Together, we provide low-interest loans, interest-free credits and grants to developing countries for a wide array of purposes that include investments in education, health, public administration, infrastructure, financial and private sector development, agriculture and environmental and natural resource management.