Associate Security Ops Analyst (Third Party Risk) - Itdsggr (Contractual)

Work for the IMF. Work for the World.

Organizational Background

The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.

Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as the guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:

• Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.

• Enacting inclusive governance that balances security needs with operational fluidity.

• Developing policies and standards that stay ahead of the threat landscape.

• Ensuring compliance, resilience, and agility in our cybersecurity posture.

• Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the IMF's information assets, ensuring a secure operational framework.

• Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.

• Administering a compliance management program dedicated to maintaining firm adherence to the IMF's information security policies and standards.

• Preserving a solid enterprise security reference architecture that acts as a safeguard for the IMF's information assets against pertinent threats.

• Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the IMF's mission.

• Overseeing cyber threat intelligence, and incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.

As we expand our efforts to serve the IMF's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the IMF.

Job Summary

The Information Technology Department (ITD)'s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill a contractual Associate Security Analyst (Third party risk) position.

Under the general supervision of the Section Chief, Info Security GRC and Data Security, this role will provide security expertise and support of cyber risk management of the IMF's service-providers.

The candidate with be required to work with project teams, service providers, auditors, and business units internal and external to the IMF's IT function.

The candidate is expected to bring pragmatic cyber security work experience allowing for the IMF to meet its present and emergent business needs in managing cyber risks from third parties.

Major Duties and Responsibilities

1.Performs the following as it pertains to the management of cybersecurity risks from third parties who provide services to the IMF:

• Enhances existing processes and standard operating procedures and develop new ones, if applicable;

• Analyzes and evaluates third parties against information security policies, controls standards, and procedures to ensure conformance to expectations, whilst working closely with internal stakeholders to ensure that third parties comply with our policies, standards, and procedures;

• Coordinates with project teams, relationship managers, procurement, and other stakeholders as needed, to ensure that sufficient security contract clauses are in place with third parties;

• Guides and supports risk owners in the development and execution of risk mitigation strategies to address identified risks and reduce the organization's exposure to cyber threats;

• Communicate assessment findings and recommendations to internal stakeholders and monitor and track progress through periodic assessment activities; and

• Evaluate the security posture of third parties that have access to sensitive information or systems and conduct risk assessments to identify and evaluate related potential security threats. Provide guidance on related risk mitigation strategies.
  2.Supports other cybersecurity risk subject matter experts with the continuous risk assessment and related risk treatment and reporting for certain categories of information assets that are essential to business functions.

3.Provides support for information security governance initiatives to automate enhanced information security processes, including but not limited to the preparation and presentation of user technical support and training materials to ensure the efficient, effective, and secure use of information security GRC technology.

Minimum Qualifications

Advanced degree from an accredited university in a related field OR Bachelor's degree from an accredited university in a related field plus a minimum of 6 years of progressive work with third party risk management or related security experience.

• Candidate must possess at least 1 globally recognized information security professional certification. This includes certifications such as CISSP, CISM, CCSP, etc.

• Pragmatic security expert with an inherent ability to balance security demands with business reality.

• Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.

• Demonstrate strong risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking, reporting, and metrics.

• Fundamental understanding of cybersecurity risk management with 3rd parties and direct experience partnering with other stakeholders such as Procurement, Legal, Enterprise third -party risk, etc.

• Critical thinking and analytical decision-making skills to forecast cybersecurity related issues, events and/or risks pertaining to third parties.

• Contract clause verification pertaining to cybersecurity and IT resilience controls.

• Experience with policy, process and procedures development, enhancement, and awareness for cyber risk management of third parties.

This is a one-year contractual appointment. Contractual appointments at the IMF are renewable for up to four years of cumulative contractual service, pending incumbent's performance, budget availability, and continuous business need.

Department:

ITDSGGR Information Technology Department Information Security & Governance InfoSec Gov., Risk, Compliance & Data Security Section

Hiring For:

A09, A10

The IMF is committed to achieving a diverse staff, including age, creed, culture, disability, educational background, ethnicity, gender, gender expression, nationality, race, religion and beliefs, and sexual orientation. We welcome requests for reasonable accommodations for disabilities during the selection process.