IT Risk Management Officer bei World Bank Group

IT Risk Management Officer

Description

Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org, visit www.worldbank.org.

ITS Vice Presidency Context

The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w

Department Context

ITSSR provides leadership in managing the information security and risk functions and activities across the World Bank Group; facilitates a risk aware culture, ensuring that WBG information and technology assets are protected in an effective and efficient manner; and spearheads IT security and risk management initiatives that drive value and are in alignment with the WBG's business and IT strategy.

Duties and Responsibilities:

The primary responsibilities will include, but are not limited to, a combination of the following:

Risk Identification and Assessment

- Learn to perform technical and non-technical risk assessments in coordination with Security Architecture, Certification & Accreditation and Third-Party Risk Management teams, including AI solutions. Risk assessments include but not limited to:

       . Cloud and other third-party solution adoptions
       . Emerging technologies (e.g. Artificial Intelligence)
       . IT risk and control assessments

- Operationalizing AI Risk Management Framework

- Facilitating Risk and Control Self Assessments (RCSAs) of IT departments.

- Understand the importance of embedding risk tolerances and appetites into IT processes, putting them into practice.

Risk Monitoring

- Support regular assessment and reporting to IT management as well as IBRD and IFC Operational Risk groups.

- Provide LOB-specific view toward refreshing Key Risk Indicators to ensure alignment with leading practices.

- Provide LOB-specific views on monitoring mitigation strategies to verify their appropriateness and efficacy.

Other Duties

- Identify areas to engage staff in the management of risk and ensure they are aware of their accountabilities with regards to risk management.

- Help maintain an up-to-date understanding of emerging trends in information risk management (e.g. quantitative risk assessments) and apply new techniques that are in line with the overall information security objectives and risk tolerance of the WBG.

Selection Criteria

* Strong knowledge and understanding of current unit’s business process flows and its relationship with IT risk management practices.

* Master's degree in information technology/systems or a related technical field with a minimum of 8 years of relevant experience. (BS/BA is minimum education requirement with 10 years of relevant experience.)

* CISA, CRISC, CISM, CISSP, or similar certification

* Knowledge of cybersecurity frameworks and regulatory requirements including CSA, NIST, COBIT and ISO27000 as well as a solid understanding of AI risks and mitigation strategies.

* Strong interpersonal, communication, writing, and project management skills

* Ability to build partnerships across businesses, technology groups, levels and disciplines

* Excellent writing skills and interpersonal skills, including the ability to work independently and effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the organization

Note: ITSSR is looking for Security and Risk professionals for a 6-month period on Developmental Assignment and only current Open /Term staff could apply for this.

This 6-months Developmental Assignment is open to current WBG staff with Regular or Open-Ended appointments only.  The selected candidate will need agreement from their current manager to enter into a 6-months DAIS and return to their current position after the period. S/he will retain his/her current Regular or Open-Ended appointment.

WBG Culture Attributes:

1. Sense of Urgency – Anticipating and quickly reacting to the needs of internal and external stakeholders.

2. Thoughtful Risk Taking – Taking informed and thoughtful risks and making courageous decisions to push boundaries for greater impact.

3. Empowerment and Accountability – Engaging with others in an empowered and accountable manner for impactful results.

WBG Culture Attributes:

1. Sense of Urgency – Anticipating and quickly reacting to the needs of internal and external stakeholders.
2. Thoughtful Risk Taking – Taking informed and thoughtful risks and making courageous decisions to push boundaries for greater impact.
3. Empowerment and Accountability – Engaging with others in an empowered and accountable manner for impactful results.

World Bank Group Core Competencies

The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC, including our values and inspiring stories.