The World Bank
Manager, IT Risk Management - req34735
The World Bank, Washington, District of Columbia, us, 20022
Description
Working at the World Bank Group (WBG) provides a unique opportunity to help client countries solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending poverty on a livable planet. Position Details
Job ID:
req34735 Organization:
World Bank Sector:
Information Technology Grade:
GH Term:
3 years 0 months Recruitment Type:
Local Recruitment Location:
Washington, DC, United States Closing Date:
11/19/2025 (11:59pm UTC) Business Unit Overview
The mission of the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) is to leverage information and technology as a force multiplier to accelerate, deepen, and sustain development impact. Their vision is to harness information and technology for a world free of poverty on a livable planet. For more information on ITS, check this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w. Department Context
The WBG Information Security Office (ITSSR) provides strategic leadership and enterprise oversight for the World Bank Group’s cybersecurity program. The department’s mission is to safeguard the confidentiality, integrity, and availability of the Bank Group’s digital assets, platforms, and data that enable development operations across 189 member countries. ITSSR delivers global cybersecurity services spanning governance, risk, and compliance; threat intelligence and monitoring; cloud and application security; identity and access management; and incident detection and response. Its role is to ensure resilience of the World Bank Group’s critical systems, including financial platforms, data exchange systems, and knowledge services while enabling digital transformation, innovation, and secure connectivity for staff and partners worldwide. The department also leads the Bank’s adoption of Zero Trust architecture, AI-enabled security operations, and risk-based frameworks aligned to NIST and international standards. Unit Context
The ITS Risk Management (ITSRM) team is focused on safeguarding the World Bank Group’s information assets. ITSRM delivers comprehensive information security services, including risk management, advisory support, and compliance oversight. The team plays a pivotal role in ensuring the resilience of the Bank’s operations by managing IT service continuity and business continuity, encompassing disaster recovery planning and the implementation of robust resiliency measures. ITSRM ensures cybersecurity is embedded into the design and implementation of technology solutions across the World Bank Group, in alignment with the Enterprise Security Architecture Reference Model. Duties & Responsibilities
The Manager, IT Risk Management, will lead cyber risk governance by driving adoption of an AI‑enabled Risk Management Framework that integrates automated dashboards, heatmaps, and quantitative risk scoring. Central responsibilities include developing and maintaining the organization’s “CISO Top 10 Risks,” embedding Zero Trust principles across enterprise security architecture, ensuring DevSecOps practices, modernizing certification and accreditation programs, preparing the organization for emerging technology risks, and cultivating a high‑performing cybersecurity workforce. Build, mentor, and empower a diverse, high‑performing team to deliver program objectives, ensuring clarity of roles, skills development, and alignment with strategic priorities. Foster a culture of accountability, collaboration, and continuous learning enabling staff to innovate and deliver impactful outcomes. Provide coaching, feedback, and growth opportunities that strengthen both technical and leadership capabilities, preparing staff for future organizational needs. Within the first year, this leader will deliver: Enhance Operational Excellence by streamlining OIS review processes using Lean Six Sigma methodologies to eliminate bottlenecks, accelerate decision cycles, and improve control validation outcomes. Replace manual risk workflows with automated processes to accelerate incident escalation, risk approvals, and documentation. Transform certification and accreditation through AI‑enabled digital workflows, automation and continuous automation capabilities – reducing assessment cycle times while increasing accuracy, transparency, and risk responsiveness. Deploy an AI‑enabled enterprise risk monitoring platform with real‑time dashboards, heatmaps, and automated KRIs. Establish consolidated Cyber and Technology Risk Register to inform strategic investment decisions. Implement a reporting cadence that drives executive awareness, escalates priority risks, and ensures traceability to institutional risk appetite. Build a high‑performing global risk management team aligned to future‑state skills and ITS job architecture. Drive a culture of shared accountability for risk through targeted executive engagement, training, and maturity uplift. Selection Criteria
The selected candidate should be a proven cybersecurity leader with deep technical expertise, strategic vision, and the ability to influence at the executive level. Key Requirements
Master’s degree in cybersecurity, information systems, engineering, or business, with 12+ years of progressively responsible IT and information security leadership experience (or bachelor’s degree with 15+ years). 10+ years of hands‑on cybersecurity architecture and IT risk management experience, preferably in a large financial, governmental, or multinational organization. Demonstrated expertise in enterprise security architecture, Zero Trust, cloud security, and IT risk governance. Strong knowledge of cloud and cybersecurity frameworks, including NIST 800‑53, ISO/IEC 27001, CSA, and ENISA guidelines. Experience implementing automated compliance and continuous assurance capabilities, including OSCAL workflows, SBOM‑driven supply chain risk management, and digital certification/accreditation processes. Knowledge of emerging technologies and associated risks, including AI, blockchain, confidential computing, and quantum resilience. Proven leadership in managing cross‑functional teams, resource allocation, strategic planning, and vendor or third‑party oversight. Demonstrated ability to influence executive stakeholders and boards, translating technical risk into business outcomes, and driving enterprise‑wide security transformation. Strong commitment to fostering a risk‑aware culture and promoting inclusive leadership and workforce development. Certifications
Required
CISSP, SAFe Agilist Preferred
SABSA Chartered Security Architect SAFe Product Manager/Product Owner (POPM) SAFe for Architect WBG Culture Attributes
Sense of urgency: Anticipate and quickly respond to the needs of internal and external stakeholders. Thoughtful risk‑taking: Challenge the status quo and push boundaries to achieve greater impact. Empowerment and accountability: Empower yourself and others to act and hold each other accountable for results. The World Bank Group values diversity and encourages all qualified candidates who are nationals of World Bank Group member countries to apply, regardless of gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Sub‑Saharan African nationals, Caribbean nationals, and female candidates are strongly encouraged to apply.
#J-18808-Ljbffr
Working at the World Bank Group (WBG) provides a unique opportunity to help client countries solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending poverty on a livable planet. Position Details
Job ID:
req34735 Organization:
World Bank Sector:
Information Technology Grade:
GH Term:
3 years 0 months Recruitment Type:
Local Recruitment Location:
Washington, DC, United States Closing Date:
11/19/2025 (11:59pm UTC) Business Unit Overview
The mission of the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) is to leverage information and technology as a force multiplier to accelerate, deepen, and sustain development impact. Their vision is to harness information and technology for a world free of poverty on a livable planet. For more information on ITS, check this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w. Department Context
The WBG Information Security Office (ITSSR) provides strategic leadership and enterprise oversight for the World Bank Group’s cybersecurity program. The department’s mission is to safeguard the confidentiality, integrity, and availability of the Bank Group’s digital assets, platforms, and data that enable development operations across 189 member countries. ITSSR delivers global cybersecurity services spanning governance, risk, and compliance; threat intelligence and monitoring; cloud and application security; identity and access management; and incident detection and response. Its role is to ensure resilience of the World Bank Group’s critical systems, including financial platforms, data exchange systems, and knowledge services while enabling digital transformation, innovation, and secure connectivity for staff and partners worldwide. The department also leads the Bank’s adoption of Zero Trust architecture, AI-enabled security operations, and risk-based frameworks aligned to NIST and international standards. Unit Context
The ITS Risk Management (ITSRM) team is focused on safeguarding the World Bank Group’s information assets. ITSRM delivers comprehensive information security services, including risk management, advisory support, and compliance oversight. The team plays a pivotal role in ensuring the resilience of the Bank’s operations by managing IT service continuity and business continuity, encompassing disaster recovery planning and the implementation of robust resiliency measures. ITSRM ensures cybersecurity is embedded into the design and implementation of technology solutions across the World Bank Group, in alignment with the Enterprise Security Architecture Reference Model. Duties & Responsibilities
The Manager, IT Risk Management, will lead cyber risk governance by driving adoption of an AI‑enabled Risk Management Framework that integrates automated dashboards, heatmaps, and quantitative risk scoring. Central responsibilities include developing and maintaining the organization’s “CISO Top 10 Risks,” embedding Zero Trust principles across enterprise security architecture, ensuring DevSecOps practices, modernizing certification and accreditation programs, preparing the organization for emerging technology risks, and cultivating a high‑performing cybersecurity workforce. Build, mentor, and empower a diverse, high‑performing team to deliver program objectives, ensuring clarity of roles, skills development, and alignment with strategic priorities. Foster a culture of accountability, collaboration, and continuous learning enabling staff to innovate and deliver impactful outcomes. Provide coaching, feedback, and growth opportunities that strengthen both technical and leadership capabilities, preparing staff for future organizational needs. Within the first year, this leader will deliver: Enhance Operational Excellence by streamlining OIS review processes using Lean Six Sigma methodologies to eliminate bottlenecks, accelerate decision cycles, and improve control validation outcomes. Replace manual risk workflows with automated processes to accelerate incident escalation, risk approvals, and documentation. Transform certification and accreditation through AI‑enabled digital workflows, automation and continuous automation capabilities – reducing assessment cycle times while increasing accuracy, transparency, and risk responsiveness. Deploy an AI‑enabled enterprise risk monitoring platform with real‑time dashboards, heatmaps, and automated KRIs. Establish consolidated Cyber and Technology Risk Register to inform strategic investment decisions. Implement a reporting cadence that drives executive awareness, escalates priority risks, and ensures traceability to institutional risk appetite. Build a high‑performing global risk management team aligned to future‑state skills and ITS job architecture. Drive a culture of shared accountability for risk through targeted executive engagement, training, and maturity uplift. Selection Criteria
The selected candidate should be a proven cybersecurity leader with deep technical expertise, strategic vision, and the ability to influence at the executive level. Key Requirements
Master’s degree in cybersecurity, information systems, engineering, or business, with 12+ years of progressively responsible IT and information security leadership experience (or bachelor’s degree with 15+ years). 10+ years of hands‑on cybersecurity architecture and IT risk management experience, preferably in a large financial, governmental, or multinational organization. Demonstrated expertise in enterprise security architecture, Zero Trust, cloud security, and IT risk governance. Strong knowledge of cloud and cybersecurity frameworks, including NIST 800‑53, ISO/IEC 27001, CSA, and ENISA guidelines. Experience implementing automated compliance and continuous assurance capabilities, including OSCAL workflows, SBOM‑driven supply chain risk management, and digital certification/accreditation processes. Knowledge of emerging technologies and associated risks, including AI, blockchain, confidential computing, and quantum resilience. Proven leadership in managing cross‑functional teams, resource allocation, strategic planning, and vendor or third‑party oversight. Demonstrated ability to influence executive stakeholders and boards, translating technical risk into business outcomes, and driving enterprise‑wide security transformation. Strong commitment to fostering a risk‑aware culture and promoting inclusive leadership and workforce development. Certifications
Required
CISSP, SAFe Agilist Preferred
SABSA Chartered Security Architect SAFe Product Manager/Product Owner (POPM) SAFe for Architect WBG Culture Attributes
Sense of urgency: Anticipate and quickly respond to the needs of internal and external stakeholders. Thoughtful risk‑taking: Challenge the status quo and push boundaries to achieve greater impact. Empowerment and accountability: Empower yourself and others to act and hold each other accountable for results. The World Bank Group values diversity and encourages all qualified candidates who are nationals of World Bank Group member countries to apply, regardless of gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Sub‑Saharan African nationals, Caribbean nationals, and female candidates are strongly encouraged to apply.
#J-18808-Ljbffr