World Bank Group
Manager, IT Risk Management
Job #: req34735
Organization: World Bank
Sector: Information Technology
Grade: GH
Term Duration: 3 years 0 months
Recruitment Type: Local Recruitment
Location: Washington, DC,United States
Required Language(s):
Preferred Language(s):
Closing Date: 11/19/2025 (11:59pm UTC)
Description
Working atthe World Bank Group (WBG) provides a unique opportunity to help clientcountries solve their greatest development challenges. The World Bank Group isone of the largest sources of funding and knowledge for developing countries; aunique global partnership of five institutions dedicated to ending poverty on alivable planet.
With 189member countries and more than 120 offices worldwide, the World Bank Groupworks with public and private partners, invests in groundbreaking projects, anduses data, research, and technology to develop solutions to global, regional,and local challenges. For more information, please visit http: http://www.worldbank.org. Theorganization has undertaken an ambitious exercise to revise its mandate,products and structure to adjust to the multiple, intertwined crises affectingthe world today (see EvolutionRoadmap), in the move to becoming a better Bank.
Business UnitOverview
The missionof the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU)is to leverage information and technology as a force multiplier to accelerate,deepen, and sustain development impact. Their vision is to harness informationand technology for a world free of poverty on a livable planet. For moreinformation on ITS, check this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w.
DepartmentContext
The WBG Information Security Office (ITSSR) provides strategic leadership andenterprise oversight for the World Bank Group's cybersecurity program. Thedepartment's mission is to safeguard the confidentiality, integrity, andavailability of the Bank Group's digital assets, platforms, and data thatenable development operations across 189 member countries. ITSSR deliversglobal cybersecurity services spanning governance, risk, and compliance; threatintelligence and monitoring; cloud and application security; identity andaccess management; and incident detection and response. Its role is to ensureresilience of the World Bank Group's critical systems, including financialplatforms, data exchange systems, and knowledge services while enabling digitaltransformation, innovation, and secure connectivity for staff and partnersworldwide.
The department also leads the Bank'sadoption of Zero Trust architecture, AI-enabled security operations, andrisk-based frameworks aligned to NIST and international standards. As part ofits mandate, it partners with senior leadership across IBRD, IDA, IFC, MIGA,and ICSID to ensure that security governance underpins the Bank Group's missionto reduce poverty and promote shared prosperity.
Unit Context
The ITS Risk Management (ITSRM) team is focused on safeguarding theWorld Bank Group's information assets. ITSRM delivers comprehensive informationsecurity services, including risk management, advisory support, and complianceoversight. The team plays a pivotal role in ensuring the resilience of theBank's operations by managing IT service continuity and business continuity,encompassing disaster recovery planning and the implementation of robustresiliency measures.
ITSRM ensures cybersecurity is embedded into the design andimplementation of technology solutions (e.g., SWIFT, Quantum, Numerix) acrossthe World Bank Group, in alignment with the Enterprise Security ArchitectureReference Model, which is based on leading global standards and frameworks suchas the Cloud Security Alliance, ISO and NIST. ITSRM oversees management of third-party risks, including IT serviceproviders, to maintain a secure and compliant technology environment. The unitprovides technical breach assessments and actively supports the IncidentResponse Team (IRT) during vendor related data incidents, ensuring swift andeffective containment and mitigation. Key responsibilities of ITSRM include leading incident response effortsin collaboration with the Office of Information Security (OIS) and the IRT,which brings together representatives from HR, Corporate Procurement, CorporateCommunications, and affected business units. The IRT coordinates mitigationstrategies, risk assessments, and communications throughout incidentmanagement. ITSRM is also responsible for ongoing risk assessments, monitoring,and reporting on security controls, and advising on best practices andregulatory compliance.
Duties andResponsibilities
The Manager, IT Risk Management, will leadcyber risk governance by driving adoption of an AI-enabled Risk ManagementFramework that integrates automated dashboards, heatmaps, and quantitative riskscoring. A central responsibility will be developing and maintaining theorganization's "CISO Top 10 Risks," ensuring these align with the institution'soverall risk appetite and inform decision-making at the highest levels.
The position requires embedding Zero Trustprinciples across enterprise security architecture, covering identity,endpoint, data, workloads, applications, and networks. The position will ensurethat DevSecOps practices, infrastructure-as-code, and security-as-codeautomation become standard across the enterprise technology landscape,strengthening resilience and operational agility.
The position will modernize thecertification, accreditation, and compliance program by shifting towardautomated assessments. It will ensure ongoing compliance with key regulatoryframeworks including GDPR, DORA, NIS2, SEC cyber rules, EU AI Act and otherglobal requirements, while advancing adoption of software bills of materials(SBOMs) and comprehensive supply chain assurance processes.
The position also carries responsibilityfor preparing the organization for emerging technology risks. This includesoverseeing resilience planning for quantum computing, blockchain, confidentialcomputing, ransomware, and AI-driven threats. The position will establish andenforce responsible AI governance practices rooted in fairness, transparency,and bias mitigation to ensure trustworthy adoption of advanced technologies.
Finally, the position will play aleadership role in shaping workforce culture and advisory functions. Thisincludes building a high-performing, agile cybersecurity workforce aligned withorganizational job architecture and transformation strategies, as well asdriving executive adoption of cyber playbooks for crisis communication,board-level briefings, and phishing resilience. The position will championcontinuous training, maturity assessments, and culture-building efforts toraise cyber resilience across the entire institution.
People Management &Leadership
- Build, mentor, and empower a diverse, high-performing team to deliver program objectives, ensuring clarity of roles, skills development, and alignment with strategic priorities.
- Foster a culture of accountability, collaboration, and continuous learning that enables staff to innovate and deliver impactful outcomes.
- Provide coaching, feedback, and growth opportunities that strengthen both technical and leadership capabilities, preparing staff for future organizational needs.
Within the firstyear, this leader will deliver the following:
- Enhance Operational Excellence by streamlining OIS review processes using Lean Six Sigma methodologies to eliminate bottlenecks, accelerate decision cycles, and improve control validation outcomes.
- Replace manual risk workflows with automated processes to accelerate incident escalation, risk approvals, and documentation.
- Transform certification and accreditation through AI-enabled digital workflows, automation and continuous automation capabilities - reducing assessment cycle times while increasing accuracy, transparency, and risk responsiveness.
- Deploy an AI-enabled enterprise risk monitoring platform with real-time dashboards, heatmaps, and automated KRIs.
- Establish consolidated Cyber and Technology Risk Register to inform strategic investment decisions.
- Implement a reporting cadence that drives executive awareness, escalates priority risks, and ensures traceability to institutional risk appetite.
- Build a high-performing global risk management team aligned to future-state skills and ITS job architecture.
- Drive a culture of shared accountability for risk through targeted executive engagement, training, and maturity uplift.
Selection Criteria
The selected candidate should be aproven cybersecurity leader with deep technical expertise, strategic vision,and the ability to influence at the executive level. The ideal candidatecombines mastery of enterprise security architecture and Zero Trust principleswith experience modernizing risk management and compliance processes. They willbring strong regulatory knowledge, a history of preparing organizations foremerging technologies, and leadership skills to build high-performing, agileteams across global operations.
Key Requirements:
* Master's degree in cybersecurity, information systems, engineering, or business, with 12+ years of progressively responsible IT and information security leadership experience (or bachelor's degree with 15+ years).
* 10+ years of hands-on cybersecurity architecture and IT risk management experience, preferably in a large financial, governmental, or multinational organization.
* Demonstrated expertise in enterprise security architecture, Zero Trust, cloud security, and IT risk governance, including secure solution design and implementation across global environments.
* Strong knowledge of cloud and cybersecurity frameworks, including NIST 800-53, ISO/IEC 27001, CSA, and ENISA guidelines.
* Experience implementing automated compliance and continuous assurance capabilities, including OSCAL workflows, SBOM-driven supply chain risk management, and digital certification/accreditation processes.
* Knowledge of emerging technologies and associated risks, including AI, blockchain, confidential computing, and quantum resilience.
* Proven leadership in managing cross-functional teams, resource allocation, strategic planning, and vendor or third-party oversight.
* Demonstrated ability to influence executive stakeholders and boards, translate technical risk into business outcomes, and drive enterprise-wide security transformation.
* Strong commitment to fostering a risk-aware culture and promoting inclusive leadership and workforce development.
Certifications
Required :
CISSP, SAFe Agilist
Preferred :
* SABSA Chartered Security Architect
* SAFe Product Manager/Product Owner (POPM)
* SAFe for Architect
WBG Culture Attributes: 1. Sense of urgency: Anticipate and quickly respond to the needs of internal and external stakeholders. 2. Thoughtful risk-taking: Challenge the status quo and push boundaries to achieve greater impact. 3. Empowerment and accountability: Empower yourself and others to act and hold each other accountable for results.
The World Bank Group values diversity and encourages all qualified candidates who are nationals of World Bank Group member countries to apply, regardless of gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Sub-Saharan African nationals, Caribbean nationals, and female candidates are strongly encouraged to apply.
Job #: req34735
Organization: World Bank
Sector: Information Technology
Grade: GH
Term Duration: 3 years 0 months
Recruitment Type: Local Recruitment
Location: Washington, DC,United States
Required Language(s):
Preferred Language(s):
Closing Date: 11/19/2025 (11:59pm UTC)
Description
Working atthe World Bank Group (WBG) provides a unique opportunity to help clientcountries solve their greatest development challenges. The World Bank Group isone of the largest sources of funding and knowledge for developing countries; aunique global partnership of five institutions dedicated to ending poverty on alivable planet.
With 189member countries and more than 120 offices worldwide, the World Bank Groupworks with public and private partners, invests in groundbreaking projects, anduses data, research, and technology to develop solutions to global, regional,and local challenges. For more information, please visit http: http://www.worldbank.org. Theorganization has undertaken an ambitious exercise to revise its mandate,products and structure to adjust to the multiple, intertwined crises affectingthe world today (see EvolutionRoadmap), in the move to becoming a better Bank.
Business UnitOverview
The missionof the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU)is to leverage information and technology as a force multiplier to accelerate,deepen, and sustain development impact. Their vision is to harness informationand technology for a world free of poverty on a livable planet. For moreinformation on ITS, check this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w.
DepartmentContext
The WBG Information Security Office (ITSSR) provides strategic leadership andenterprise oversight for the World Bank Group's cybersecurity program. Thedepartment's mission is to safeguard the confidentiality, integrity, andavailability of the Bank Group's digital assets, platforms, and data thatenable development operations across 189 member countries. ITSSR deliversglobal cybersecurity services spanning governance, risk, and compliance; threatintelligence and monitoring; cloud and application security; identity andaccess management; and incident detection and response. Its role is to ensureresilience of the World Bank Group's critical systems, including financialplatforms, data exchange systems, and knowledge services while enabling digitaltransformation, innovation, and secure connectivity for staff and partnersworldwide.
The department also leads the Bank'sadoption of Zero Trust architecture, AI-enabled security operations, andrisk-based frameworks aligned to NIST and international standards. As part ofits mandate, it partners with senior leadership across IBRD, IDA, IFC, MIGA,and ICSID to ensure that security governance underpins the Bank Group's missionto reduce poverty and promote shared prosperity.
Unit Context
The ITS Risk Management (ITSRM) team is focused on safeguarding theWorld Bank Group's information assets. ITSRM delivers comprehensive informationsecurity services, including risk management, advisory support, and complianceoversight. The team plays a pivotal role in ensuring the resilience of theBank's operations by managing IT service continuity and business continuity,encompassing disaster recovery planning and the implementation of robustresiliency measures.
ITSRM ensures cybersecurity is embedded into the design andimplementation of technology solutions (e.g., SWIFT, Quantum, Numerix) acrossthe World Bank Group, in alignment with the Enterprise Security ArchitectureReference Model, which is based on leading global standards and frameworks suchas the Cloud Security Alliance, ISO and NIST. ITSRM oversees management of third-party risks, including IT serviceproviders, to maintain a secure and compliant technology environment. The unitprovides technical breach assessments and actively supports the IncidentResponse Team (IRT) during vendor related data incidents, ensuring swift andeffective containment and mitigation. Key responsibilities of ITSRM include leading incident response effortsin collaboration with the Office of Information Security (OIS) and the IRT,which brings together representatives from HR, Corporate Procurement, CorporateCommunications, and affected business units. The IRT coordinates mitigationstrategies, risk assessments, and communications throughout incidentmanagement. ITSRM is also responsible for ongoing risk assessments, monitoring,and reporting on security controls, and advising on best practices andregulatory compliance.
Duties andResponsibilities
The Manager, IT Risk Management, will leadcyber risk governance by driving adoption of an AI-enabled Risk ManagementFramework that integrates automated dashboards, heatmaps, and quantitative riskscoring. A central responsibility will be developing and maintaining theorganization's "CISO Top 10 Risks," ensuring these align with the institution'soverall risk appetite and inform decision-making at the highest levels.
The position requires embedding Zero Trustprinciples across enterprise security architecture, covering identity,endpoint, data, workloads, applications, and networks. The position will ensurethat DevSecOps practices, infrastructure-as-code, and security-as-codeautomation become standard across the enterprise technology landscape,strengthening resilience and operational agility.
The position will modernize thecertification, accreditation, and compliance program by shifting towardautomated assessments. It will ensure ongoing compliance with key regulatoryframeworks including GDPR, DORA, NIS2, SEC cyber rules, EU AI Act and otherglobal requirements, while advancing adoption of software bills of materials(SBOMs) and comprehensive supply chain assurance processes.
The position also carries responsibilityfor preparing the organization for emerging technology risks. This includesoverseeing resilience planning for quantum computing, blockchain, confidentialcomputing, ransomware, and AI-driven threats. The position will establish andenforce responsible AI governance practices rooted in fairness, transparency,and bias mitigation to ensure trustworthy adoption of advanced technologies.
Finally, the position will play aleadership role in shaping workforce culture and advisory functions. Thisincludes building a high-performing, agile cybersecurity workforce aligned withorganizational job architecture and transformation strategies, as well asdriving executive adoption of cyber playbooks for crisis communication,board-level briefings, and phishing resilience. The position will championcontinuous training, maturity assessments, and culture-building efforts toraise cyber resilience across the entire institution.
People Management &Leadership
- Build, mentor, and empower a diverse, high-performing team to deliver program objectives, ensuring clarity of roles, skills development, and alignment with strategic priorities.
- Foster a culture of accountability, collaboration, and continuous learning that enables staff to innovate and deliver impactful outcomes.
- Provide coaching, feedback, and growth opportunities that strengthen both technical and leadership capabilities, preparing staff for future organizational needs.
Within the firstyear, this leader will deliver the following:
- Enhance Operational Excellence by streamlining OIS review processes using Lean Six Sigma methodologies to eliminate bottlenecks, accelerate decision cycles, and improve control validation outcomes.
- Replace manual risk workflows with automated processes to accelerate incident escalation, risk approvals, and documentation.
- Transform certification and accreditation through AI-enabled digital workflows, automation and continuous automation capabilities - reducing assessment cycle times while increasing accuracy, transparency, and risk responsiveness.
- Deploy an AI-enabled enterprise risk monitoring platform with real-time dashboards, heatmaps, and automated KRIs.
- Establish consolidated Cyber and Technology Risk Register to inform strategic investment decisions.
- Implement a reporting cadence that drives executive awareness, escalates priority risks, and ensures traceability to institutional risk appetite.
- Build a high-performing global risk management team aligned to future-state skills and ITS job architecture.
- Drive a culture of shared accountability for risk through targeted executive engagement, training, and maturity uplift.
Selection Criteria
The selected candidate should be aproven cybersecurity leader with deep technical expertise, strategic vision,and the ability to influence at the executive level. The ideal candidatecombines mastery of enterprise security architecture and Zero Trust principleswith experience modernizing risk management and compliance processes. They willbring strong regulatory knowledge, a history of preparing organizations foremerging technologies, and leadership skills to build high-performing, agileteams across global operations.
Key Requirements:
* Master's degree in cybersecurity, information systems, engineering, or business, with 12+ years of progressively responsible IT and information security leadership experience (or bachelor's degree with 15+ years).
* 10+ years of hands-on cybersecurity architecture and IT risk management experience, preferably in a large financial, governmental, or multinational organization.
* Demonstrated expertise in enterprise security architecture, Zero Trust, cloud security, and IT risk governance, including secure solution design and implementation across global environments.
* Strong knowledge of cloud and cybersecurity frameworks, including NIST 800-53, ISO/IEC 27001, CSA, and ENISA guidelines.
* Experience implementing automated compliance and continuous assurance capabilities, including OSCAL workflows, SBOM-driven supply chain risk management, and digital certification/accreditation processes.
* Knowledge of emerging technologies and associated risks, including AI, blockchain, confidential computing, and quantum resilience.
* Proven leadership in managing cross-functional teams, resource allocation, strategic planning, and vendor or third-party oversight.
* Demonstrated ability to influence executive stakeholders and boards, translate technical risk into business outcomes, and drive enterprise-wide security transformation.
* Strong commitment to fostering a risk-aware culture and promoting inclusive leadership and workforce development.
Certifications
Required :
CISSP, SAFe Agilist
Preferred :
* SABSA Chartered Security Architect
* SAFe Product Manager/Product Owner (POPM)
* SAFe for Architect
WBG Culture Attributes: 1. Sense of urgency: Anticipate and quickly respond to the needs of internal and external stakeholders. 2. Thoughtful risk-taking: Challenge the status quo and push boundaries to achieve greater impact. 3. Empowerment and accountability: Empower yourself and others to act and hold each other accountable for results.
The World Bank Group values diversity and encourages all qualified candidates who are nationals of World Bank Group member countries to apply, regardless of gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Sub-Saharan African nationals, Caribbean nationals, and female candidates are strongly encouraged to apply.