- Organization: World Bank
- Country: United States
- City: Washington
- Office: World Bank HQ Washington
- Follow @UNjobs
The World Bank | 1818 H St NW | Washington, DC 20006 | Tel: (202) 473-1000
Closing date: Monday, 22 August 2016
Grade
- Location Washington, DC
- Recruitment Type Local Hire
- Language Requirement English [Essential]
- Closing Date 22-Aug-2016
ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions.
The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.
Unit Context
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG's business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG's information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance. ITSSR consists of three main units: 1) ITS Risk Management, Compliance, and Policy, 2) ITS Security Operations, and 3) Program Management Office (PMO).
|
Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.
Duties and Accountabilities:
- Engineer technical security controls in the Windows environment to mitigate information security threats;
- Continuously assess the security posture Windows systems against the evolving threat landscape. Proactively research and engineer controls to better detect and prevent threats;
- Continuously tweak existing security controls to maintain the highest level of effectiveness against advanced threats;
- Interface effectively with business units and the ITS community to provide security oversight and guidance for Windows systems and endpoints related initiatives. Ensure best practices in the areas of security operations are followed;
- Work closely and proactively with OIS senior management to maintain the WBG's high standards in managing security around its operational risk associated with technology;
- Provide guidance and assist in the development of security standards and guidelines for Windows infrastructure and endpoints to conform to the information enterprise architecture, risk profile and policy requirements;
- Maintain impartiality around IT systems to produce unbiased reports on information security risk;
2. Expert level knowledge of Windows system architecture and key security concepts;
3. A minimum 7 years experience working in IT/InfoSec engineering and operations;
4. Advanced knowledge and understanding of modern techniques and tools for exploiting Windows based systems and applications;
5. Demonstrated experience and familiarity with engineering and troubleshooting security controls in a large scale infrastructure of Windows servers and endpoints;
6. Advanced level knowledge of TCP/IP networking concepts and protocols, advanced technical knowledge of common network protocols (DNS, HTTP/HTTPS) and network security concepts;
7. Expert knowledge and understanding of endpoint security threats and mitigation techniques; Proven ability to analyze threats and engineer mitigating controls, preventive or detective, leveraging all available tools and resources;
8. Advanced knowledge of Microsoft Active Directory infrastructure, and key authentication and management protocols;
9. Advanced knowledge of Microsoft server products (including but not limited to Directory Services, IIS, Sharepoint and Exchange).
10. Demonstrated experience with deploying and operating system security tools, including but not limited to host based firewalls and intrusion prevention systems;
11. Advanced knowledge of interpreted languages such as Javascript, PowerShell in addition to compiled languages such as C, C++;
12. Ability to assess risks in line with information security objectives and risk tolerance of the institution. Proven conceptual, analytical and evaluation skills;
13. Proven ability to conduct research independently and present results effectively;
14. Proven ability to clearly and concisely prepare, present and discuss recommendations at senior levels and to produce deliverables such as memoranda, recommendations, requirements documents, status reports, etc;
15. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility;
16. Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP) and SANS GIAC;
17. Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers;
18. Demonstrated ability to listen and integrate ideas from diverse views, create partnerships and collaborate with others, advocate and influence, resolve conflicts constructively, and work effectively across boundaries even without active guidance from the management;
19. Ability to make forward-looking and practical decisions and operate effectively in a results-oriented and implementation culture;
20. Excellent communication skills - both written and verbal, include the capacity to communicate complex and technical issues in simple terms;
0 comments:
Post a Comment