Security Analyst (Cloud Security Assurance)-ITDSGGR
JOB DETAIL
Work for the IMF. Work for the World.
The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF’s mission is propelled by innovation and efficiency.
Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as the guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:
- Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.
- Enacting inclusive governance that balances security needs with operational fluidity.
- Developing policies and standards that stay ahead of the threat landscape.
- Ensuring compliance, resilience, and agility in our cybersecurity posture.
- Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the Fund’s information assets, ensuring a secure operational framework.
- Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.
- Administering a compliance management program dedicated to maintainingfirmadherence to the Fund’s information security policies and standards.
- Preserving a solid enterprise security reference architecture that acts as a safeguard for the Fund’s information assets against pertinent threats.
- Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the Fund’s mission.
- Overseeing cyber threat intelligence, and incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.
As we expand our efforts to serve the Fund’s staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the Fund.
Job Summary
The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill a Security Analyst (Cloud Security Assurance) position.
Under the general supervision of the Section Chief, Information Security GRC,this role will provide security expertise and support of the IMF’s security assurance program for a) Cloud solutionsand b) Financial systems.
The expertise will take the form of security controls design, advisory guidance on controls implementation, continuous monitoring and improvement of control effectiveness, benchmarking, and reporting to maintain and exceed steady state conformance to IMF information security policies, standards, baselines, processes, and external obligations.
The candidate willbe required to work with multi-disciplinary project teams, service providers, auditors, and business units internal and external to the IMF’s IT function. The candidate is expected to bring pragmaticrisk-based technical security controls management experience allowing the IMF to meet its present and emergent business needs while staying within the boundaries of the IMF’s cyber risk tolerance.
The candidate is expected to advise technology and business personnel regarding the value and methods of achieving operating effectiveness of security controls across cloud solutions and financial systems.
Major Duties and Responsibilities
1. Supports and maintains cloud security assurance framework and processes for performing continuous information security assurance assessments across existing and new cloud technologies, service providers, and internal/external General Computer Controls (ITGCC). Guides Fund personnel on the appropriate security assurance management strategies. Supports information security related assurance issues across the IMF.
2. Validates information security key controls to identify control risks, analyzes root causes and trends in potential control weaknesses. Suggests new controls to meet risk-based expectations where applicable.
3. Guides, monitors, and drives mitigation of identified risks in cloud solutions and financial systems through follow-up and follow-through with lines of business and IT stakeholders.
4. Collaborates with cloud technology platform teams to evolve automation footprint of security controls validation.
5. Continuously monitors the effectiveness of security controls in cloud environments and financial systems through comprehensive assessments across domains including but not limited to IAM, secure CI/CD pipeline, data security/protection, incident management, vulnerability management, key management, cryptography, etc.
6. Supports the Section Chief as theaudit liaison for the IT Department as it relates internal audit, external audit entities, and committees. Supports the coordination of audit-related tasks such as ensuring the readiness of IT managers and staff for audit testing, and facilitates the tracking, timelyresolution and reporting of any audit findings.
7. Contributes to improvements in information security KPI’s and KRI’s.Supports the communication and reporting on security metrics to stakeholder governance groups.
8. Maintains independence and impartiality around IT systems and IT/business processes to produce unbiased reports on information security.
Minimum Qualifications
Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 4 years of progressive information security work experience ORBachelor’s degree in information security, computer science, engineering, mathematics, or related field of study and minimum 10 years of progressive information security work experience.
- Candidatesshouldpossessone or moreglobally recognized information security professional certificationse.g., CCSP, CISSP, CISM, etc.One of the certifications should be cloud-platformsecurity focused e.g., Microsoft Certified: Cybersecurity Architect Expert, GIAC PCS, GIAC CTD, GIAC CFR, GIAC CSA, etc.
- Experience with assessment of a comprehensive and broad set of security technologies and processes, data security, cryptography, key management, identity, and access management, cloud API integration, network security, logging and monitoring within SaaS, IaaS, PaaS, and other cloud environments.
Work Management Skills
- Navigates through obstacles and challenges effectively and demonstrates commitment to deliver successful results.
- Ability to collaborate with IT and business colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.
- Ability to balance multiple priorities and demands.
- Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
- Interpersonal skills that create openness and trust among colleagues.
- Facilitation and conflict management skills that enable effective working relationships.
- Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
- Pragmatic security expert with an inherent ability to balance security demands with business reality.
Technical Skills
Knowledge of and experience with:
- Integrating information security compliance requirements into project management, service management, security architecture, ITIL, and SDLC frameworks.
- Applying information security controls in infrastructure, network, endpoints, applications, and database system technologies.
- Designing and assessing operating effectiveness of technical security controls that enable ICFR.
- Proven experience implementing security programs in cloud environments such as Azure (preferred),AWS, or GCP.
- Design and implementation of security initiatives associated with control frameworksincluding but not limited toCSA CCM & STAR, ISO 27017, NIST CSF, COSO, SWIFT CSCF, etc.
This vacancy shall be filled by a 3-year Term appointment in accordance with the Fund’s new employment rules that took effect on May 1, 2015.
Department:
ITDSGGR Information Technology Department Information Security & Governance InfoSec Gov., Risk, Compliance & Data Security Section
Hiring For:
A11, A12
The IMF is committed to achieving a diverse staff, including age, creed, culture, disability, educational background, ethnicity, gender, gender expression, nationality, race, religion and beliefs, and sexual orientation. We welcome requests for reasonable accommodations for disabilities during the selection process.
