This job ad has been posted over 30 days ago...

14

applicants

IT Analyst, Security, Risk and Compliance - Threat Intelligence (150586) Full-time

at The World Bank Group in Chennai (Published at 07-04-2015)

Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries. ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions. The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.

The Information Security Operations team is responsible for managing the operations of information security technology platforms and providing services to WBG business units with the overall objectives of: (1) managing and optimizing information security risk, (2) protecting WBG information assets, and (3) minimizing the potential business risk and impact to the WBG by providing timely incident response and proactive defense to cyber security threats. Key functions and services include: 24/7 information security event management, security engineering, threat and vulnerability management, intrusion detection, threat intelligence, security architecture, certification and accreditation, and incident response.

The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the information security and risk functions and activities across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR supports and facilitates a risk aware culture, ensuring that WBG information assets are protected in an effective, efficient, and balanced manner and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank’s business and IT strategy. ITSSR comprises of the following functions: Security Operations, Risk Management and Advisory, IT Policy, IT Compliance, PMO, Business Continuity, and Sourcing and Vendor Management.

The incumbent will report to a senior information security officer leading the security engineering function.

Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.

Duties and Accountabilities:

IT security professional with experience managing, analyzing and processing cyber-intelligence and security threat related information.
Performs analysis, testing and/or reviews of information on business processes from a risk management/security/compliance perspective. Prepares standard reports, highlighting any gaps or concerns, and escalates to management as appropriate.
Proposes improvements and assists in the implementation of standards, procedures and guidelines.
Supports audits, maintaining and routing necessary documentation.
Diagnoses risk, security and compliance incidents and issues that may involve extensive analysis, and recommends resolutions to management.
Researches opportunities to improve processes and standards, and identifies best practices from the industry to promote across the organization.
Assists with the development of project proposals, ensuring that project plans are in compliance with applicable regulations and policies.
Provides technical guidance and mentorship to team members, as appropriate.
Supports the development and execution of security/compliance/risk awareness programs across the WBG.
Perform triage and analysis on intelligence feeds and reports, provide actionable intelligence to decision makers
Engineer and support custom solutions using commercial and open-source cyber-intelligence software
Develop custom programs to solve intelligence processing tasks using various interpreted and compiled computer programming languages
Research, categorize, and prioritize information security threats
Develop and test custom security controls for various threat vectors, the scope of these controls include OS, network, and host-based commercial security products
Collect, normalize, model, and report on data collected in support of anomaly detection programs
Solve practical problems by using a variety of structured analytical techniques
Serve as a local subject matter expert on cyber-intelligence and the information security threat landscape

Additional Duties

Support response efforts during incidents and assist other ITSSR teams during critical projects

Selection Criteria:

Minimum Education/Experience:

Master’s degree with 2 years relevant experience or Bachelors Degree with a minimum of 4 years relevant experience.
Mandatory Skillset / Requirements

  • Advanced knowledge of information security best practices, procedures, and vulnerability mitigation
  • Hands-on experience in information security incident response
  • Strong understanding of modern cyber-attacks, hacking techniques and related defensive tactics.
  • Understanding of network traffic and analysis techniques using popular tools such as Wireshark
  • Working understanding of Windows internals and security controls
  • Experience conducting white-hat system penetration testing
  • Professional experience with data mining, and/or statistical analysis
  • Good coding skills in Powershell, Python, C, Bash, or similar languages
  • Experience in analyzing reports generated by SIM/SEM tools
  • Business Enterprise Knowledge – Develops and implements technical solutions that meet operational improvement needs.
  • Knowledge of Emerging Technology – Tests new technology to evaluate capability compared to specifications.
  • Risk Management – Reduces risk by solving day-to-day problems as they arise.
  • Systems Thinking – Investigates the critical relationships among primary business, technology and systems platforms.
  • Client Orientation – Takes personal responsibility and accountability for timely response to client queries, requests or needs, working to remove obstacles that may impede execution or overall success.
  • Drive for Results – Takes personal ownership and accountability to meet deadlines and achieve agreed-upon results, and has the personal organization to do so.
  • Teamwork (Collaboration) and Inclusion – Collaborates with other team members and contributes productively to the team’s work and output, demonstrating respect for different points of view.
  • Knowledge, Learning and Communication – Actively seeks knowledge needed to complete assignments and shares knowledge with others, communicating and presenting information in a clear and organized manner.
  • Business Judgment and Analytical Decision Making – Analyzes facts and data to support sound, logical decisions regarding own and others’ work.

Preferred Education/Experience:

Computer science or engineering degree.
5 years of Information Security experience preferred, of which the individual has worked with a CSIRT for a minimum period of 2 years
CISSP
SANS GIAC
Required Competencies
Client Understanding and Advising – Looks at issues from the client’s perspective and takes action beyond normal expectations to ensure client satisfaction.
Learning Orientation – Stays abreast of new trends and developments in own specialty area, the broader industry, and exposes self to increasingly more challenging projects and opportunities to learn.
Broad Business Thinking – Maintains an in-depth understanding of the long term implications of decisions both for department and the client’s business. Ensures that decisions are supported by relevant stakeholders as well as sound performance data.
Compliance with Standards – Monitors and maintains records on requests for information and assistance.
Information Systems / Technologies / Product / Services Knowledge – Resolves escalated problems of technical support.
Knowledge of Emerging Technology – Tests new technology to evaluate capability compared to specifications.
Negotiation – Investigates areas of disagreement.
Risk Management – Reduces risk by solving day-to-day problems as they arise and takes action to prevent problems from recurring.
Lead and Innovate – Brings new and different insights.
Deliver Results for Clients – Contributes to delivery of results for clients on complex issues.
Collaborate Within Teams and Across Boundaries – Collaborates within team and across boundaries.
Create, Apply and Share Knowledge – Actively contributes to and readily applies WBG’s body of knowledge for internal and/or external client solutions.
Make Smart Decisions – Leverages available data and makes timely decisions.

The World Bank Group is committed to achieving diversity in terms of gender, nationality, culture and educational background. Individuals with disabilities are equally encouraged to apply. All applications will be treated in the strictest confidence.

Note: Applications have been closed.



Recent jobs at The World Bank Group


Viewed: 1752 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend