World Bank
Information Security Officer – Critical Incident Management
World Bank, Washington, District of Columbia, us, 20022
Overview
Information Security Officer – Critical Incident Management Job #: req34202 Organization: World Bank Sector: Information Technology Grade: GF Term Duration: 4 years 0 months Recruitment Type: Local Recruitment Location: Washington, DC, United States Required Language(s): English Preferred Language(s): Description Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit the World Bank Group website. ITS Context The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission by delivering transformative information and technologies to its staff in over 150 locations. ITS shapes its strategy to deliver three high-level business outcomes: business enablement, empowerment and effectiveness, and resilience, including risk-based cybersecurity and data protection for a global network and cloud platform. ITS aims to be customer-centric, provide value for money with selective technologies, and excel at the basics by delivering a high performing, robust IT environment. Unit Context The ITS Information Security and Risk Management (ITSSR) unit, led by the Chief Information Security Officer (CISO), provides leadership in information security and risk management across the World Bank Group. ITSSR develops and maintains IT and InfoSec policies and standards, responds to security incidents, and ensures information risks are identified, assessed, and managed. ITSSR consists of three main units: ITS Risk Management, Compliance, and Policy; ITS Information Security Engineering and Operations (ITSIS); and Program Management Office (PMO). Roles & Responsibilities Job Description The IT officer will be responsible for executing critical security incident management and response processes. The candidate should have the technical and interpersonal skills to handle high-impact incidents, thrive under pressure, and lead responses to critical security incidents. The role requires immediate response to potential breaches and the ability to work effectively during off-business-hours. Primary Responsibilities Lead the response to high-impact cyber incidents such as data incidents, system compromises, internal threats, and third-party incidents. Build and maintain tools, processes, and capabilities for log analysis to provide data to incident stakeholders in a scalable manner. Perform log retrieval and forensic analysis of large datasets. Create and deliver data-driven reports and presentations for management and other stakeholders. Liaise with ITS stakeholders to maintain a coordinated narrative, response, and mitigation strategy. Coordinate with ITS and World Bank Group business units to facilitate impact analysis, implement remedial measures, and ensure effective communication during and after incidents. Collaborate with World Bank Group third parties to assess impact and implement containment and remedial measures. Monitor internal and external events and maintain situational awareness on emerging threats and response tooling. Create and deliver cyber incident response tabletop exercises to identify gaps and improve skills and communication. Refine, recommend, and maintain playbooks, policies, procedures, and guidelines aligned with industry best practices. Continuously improve incident response procedures and playbooks based on lessons learned. Manage stakeholder communication and ensure effective collaboration. Perform other duties as assigned. Selection Criteria Bachelor’s degree in computer science, information technology, systems engineering, or a related field. Minimum 5 years of Information Security operations experience with exposure to managing security incidents. Experience in investigations across endpoints, servers, network infrastructure, mobile devices, peripherals, and application systems. Solid understanding of cloud implementations and security controls in a multi-cloud environment. Deep understanding of IT architecture with focus on Authentication, Authorization, and Accounting (AAA). Experience working on high-impact incidents such as major security breaches, data leakage, and third parties. Experience in digital forensics and analyzing large datasets to create reports. Experience in log analysis tool development and maintenance. Understanding of network traffic analysis from an incident response perspective. Knowledge of common hacking tools and techniques; experience analyzing log formats from various sources. Demonstrated experience presenting complex topics at internal and external cybersecurity events. Strong communication skills and ability to tailor messages to different audiences; proficiency in writing threat and mitigation reports. Excellent verbal communication and facilitation skills; collaborative mindset across teams and boundaries. Active pursuit of knowledge and knowledge sharing; strong diplomatic and teamwork skills. Familiarity with standard processes for systems design, database design, development, testing, and integration; experience in Agile environments for security operations and investigations. Ability to take ownership, meet deadlines, and work in a fast-paced environment; organized, agile, persistent, and proactive. Preferred Industry Certifications CISSP GIAC Certified Ethical Hacker (CEH) Azure or AWS architect or security certifications SAFe certification Competencies Client Understanding and Advising Learning Orientation Broad Business Thinking Compliance with Standards Knowledge of Emerging Technology WBG Culture Attributes 1. Sense of Urgency – Anticipating and quickly reacting to stakeholders’ needs. 2. Thoughtful Risk Taking – Making informed, courageous decisions to push boundaries for greater impact. 3. Empowerment and Accountability – Engaging with others in an empowered and accountable manner. World Bank Group Core Competencies The World Bank Group offers comprehensive benefits, including a retirement plan, medical, life and disability insurance, and paid leave. We are proud to be an equal opportunity and inclusive employer and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Learn more about working at the World Bank and IFC, including our values and inspiring stories.
#J-18808-Ljbffr
Information Security Officer – Critical Incident Management Job #: req34202 Organization: World Bank Sector: Information Technology Grade: GF Term Duration: 4 years 0 months Recruitment Type: Local Recruitment Location: Washington, DC, United States Required Language(s): English Preferred Language(s): Description Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit the World Bank Group website. ITS Context The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission by delivering transformative information and technologies to its staff in over 150 locations. ITS shapes its strategy to deliver three high-level business outcomes: business enablement, empowerment and effectiveness, and resilience, including risk-based cybersecurity and data protection for a global network and cloud platform. ITS aims to be customer-centric, provide value for money with selective technologies, and excel at the basics by delivering a high performing, robust IT environment. Unit Context The ITS Information Security and Risk Management (ITSSR) unit, led by the Chief Information Security Officer (CISO), provides leadership in information security and risk management across the World Bank Group. ITSSR develops and maintains IT and InfoSec policies and standards, responds to security incidents, and ensures information risks are identified, assessed, and managed. ITSSR consists of three main units: ITS Risk Management, Compliance, and Policy; ITS Information Security Engineering and Operations (ITSIS); and Program Management Office (PMO). Roles & Responsibilities Job Description The IT officer will be responsible for executing critical security incident management and response processes. The candidate should have the technical and interpersonal skills to handle high-impact incidents, thrive under pressure, and lead responses to critical security incidents. The role requires immediate response to potential breaches and the ability to work effectively during off-business-hours. Primary Responsibilities Lead the response to high-impact cyber incidents such as data incidents, system compromises, internal threats, and third-party incidents. Build and maintain tools, processes, and capabilities for log analysis to provide data to incident stakeholders in a scalable manner. Perform log retrieval and forensic analysis of large datasets. Create and deliver data-driven reports and presentations for management and other stakeholders. Liaise with ITS stakeholders to maintain a coordinated narrative, response, and mitigation strategy. Coordinate with ITS and World Bank Group business units to facilitate impact analysis, implement remedial measures, and ensure effective communication during and after incidents. Collaborate with World Bank Group third parties to assess impact and implement containment and remedial measures. Monitor internal and external events and maintain situational awareness on emerging threats and response tooling. Create and deliver cyber incident response tabletop exercises to identify gaps and improve skills and communication. Refine, recommend, and maintain playbooks, policies, procedures, and guidelines aligned with industry best practices. Continuously improve incident response procedures and playbooks based on lessons learned. Manage stakeholder communication and ensure effective collaboration. Perform other duties as assigned. Selection Criteria Bachelor’s degree in computer science, information technology, systems engineering, or a related field. Minimum 5 years of Information Security operations experience with exposure to managing security incidents. Experience in investigations across endpoints, servers, network infrastructure, mobile devices, peripherals, and application systems. Solid understanding of cloud implementations and security controls in a multi-cloud environment. Deep understanding of IT architecture with focus on Authentication, Authorization, and Accounting (AAA). Experience working on high-impact incidents such as major security breaches, data leakage, and third parties. Experience in digital forensics and analyzing large datasets to create reports. Experience in log analysis tool development and maintenance. Understanding of network traffic analysis from an incident response perspective. Knowledge of common hacking tools and techniques; experience analyzing log formats from various sources. Demonstrated experience presenting complex topics at internal and external cybersecurity events. Strong communication skills and ability to tailor messages to different audiences; proficiency in writing threat and mitigation reports. Excellent verbal communication and facilitation skills; collaborative mindset across teams and boundaries. Active pursuit of knowledge and knowledge sharing; strong diplomatic and teamwork skills. Familiarity with standard processes for systems design, database design, development, testing, and integration; experience in Agile environments for security operations and investigations. Ability to take ownership, meet deadlines, and work in a fast-paced environment; organized, agile, persistent, and proactive. Preferred Industry Certifications CISSP GIAC Certified Ethical Hacker (CEH) Azure or AWS architect or security certifications SAFe certification Competencies Client Understanding and Advising Learning Orientation Broad Business Thinking Compliance with Standards Knowledge of Emerging Technology WBG Culture Attributes 1. Sense of Urgency – Anticipating and quickly reacting to stakeholders’ needs. 2. Thoughtful Risk Taking – Making informed, courageous decisions to push boundaries for greater impact. 3. Empowerment and Accountability – Engaging with others in an empowered and accountable manner. World Bank Group Core Competencies The World Bank Group offers comprehensive benefits, including a retirement plan, medical, life and disability insurance, and paid leave. We are proud to be an equal opportunity and inclusive employer and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Learn more about working at the World Bank and IFC, including our values and inspiring stories.
#J-18808-Ljbffr