Director And Chief Information Security Officer

Director and Chief Information Security Officer

Job #: req27855 Organization: World Bank Sector: Information Technology Grade: GI Term Duration: 4 years 0 months Recruitment Type: Local Recruitment Location: Washington, DC,United States Required Language(s): English Preferred Language(s): Closing Date: 6/30/2024 (MM/DD/YYYY) at 11:59pm UTC

Description

Working at the World Bank Group provides a unique opportunity to help client countries solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending poverty on a livable planet.

With 189 member countries and more than 120 offices worldwide, the World Bank Group works with public and private partners, invests in groundbreaking projects and uses data, research, and technology to develop solutions to pressing global, regional and local challenges. For more information, please visit http://www.worldbank.org.

The organization has undertaken an ambitious exercise to revise its mandate, products and structure to adjust to the multiple, intertwined crises affecting the world today (see Evolution Roadmap), in the move to becoming a better Bank.

Business Unit Overview

The mission of the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) is to leverage information and technology as a force multiplier to accelerate, deepen, and sustain development impact. Their vision is to harness information and technology for a world free of poverty on a livable planet. For more information on ITS, check this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w.

We are seeking a Director and Chief Information Security Officer (CISO) to join the ITS VPU. This role is responsible for providing strategy, leadership, and oversight for cyber and information security initiatives across the organization to advance the mission of the WBG to create a world free of poverty on a livable planet.

In this role you will lead, manage, and coach a global and diverse team of cross-functional resources to deliver industry-leading cyber and information security solutions that are aligned to WBG needs and priorities while fostering a culture of innovation, sustainability, and agility. You will collaborate with other members of the ITS Management and Leadership teams to continually evolve the ITS organization and maximize the value of technology investments at the WBG. Contribute to maintaining the WBG AAA rating.

This role stands at the center of business and technology and requires an experienced leader to fully leverage the force multiplier effect of technology on driving digital transformation and business value. You will be a strategic visionary, collaborative leader, and change agent.

Duties & Responsibilities

Below is a summary of the expected duties and accountabilities, among others:

Strategy & Business Engagement

• Collaborate with business and corporate partners to develop and execute a multi-year strategy and roadmap for cyber and information security, technology risk management, that drives measurable value for the business in alignment with the broader ITS strategy and WBG priorities.

• Be a trusted advisor for business partners, driving strategic discussions and influencing decisions on cyber and information security, resiliency, and risk management.

• Maintain exceptional understanding and knowledge of relevant business and technology trends, leading practices, and the WBG business to identify opportunities to deliver technology-driven business value.

• Leverage business acumen to create a bespoke and risk informed information security strategy, roadmap and workplan, measured by advanced metrics and risk quantification methods.

• Create and execute a geopolitical risk-aware security program for senior leaders and other potentially targeted WBG staff.

Technology Leadership

• Maintain end-to-end accountability and ownership for cyber and information security strategy and solutions, threat detection and incident response, and IT risk management across the WBG while effectively managing and mitigating risks and security requirements.

• Represent ITS on global institutional bodies and governing forums.

• Act as an ambassador for cyber and information security on behalf of the WBG in relevant external and industry forums.

• Partner effectively with Digital VPU to provide technical expertise and advice, as requested.

Cyber and Information Security Leadership

• Materially improve the WBG security culture. Increase understanding of WBG cyber terrain.

• Architect, build, deliver, and operate enterprise-wide cyber and information security components and services including architecture, platforms, and tools.

• Establish, implement, and facilitate an effective enterprise-wide information security governance program and execution plan that ensures the strategic alignment of information security with WBG objectives and drives accountability across the organization.

• Define, publish, and maintain the information security architecture along with the associated security standards and requirements for IT infrastructure and systems.

• Identify, evaluate, report, and facilitate mitigation of cyber and information security risks in a manner that builds stakeholder trust and meets compliance and regulatory requirements and aligns with and supports the risk posture of the WBG.

• Engage in regular dialog with business stakeholders to understand their needs and issues and provide guidance to comply with enterprise security strategy.

• Continually assess and evaluate emerging threats, assess potential degree of impacts, and prioritize strategic focus areas.

• Collaborate with corporate and business partners to develop procedures for handling security breaches identified as enterprise-wide.

• Manage security engineering and security operations, including security tools and processes, threat and vulnerability management, intrusion detection, cyber intelligence, security incident response and forensics, and security event and log management.

• Oversee and manage a 24/7 Information Security Operations Center.

• Define, measure, and report on enterprise cyber and information security management Objectives and Key Results (OKRs) and Key Performance Indicators (KPIs), proactively identifying corrective action as required.

• Manage relationships with owners of surrounding / interfacing solutions to ensure continued integration and minimize change impacts.

• Materially improve WBG understanding and management of supply chain and other 3rd party risks.

• Identify required cyber and information security skills for the organization and provide strategic direction for security awareness / training programs to ensure adoption of secure behaviors and remediation of knowledge and skill gaps.

• Promote awareness of information security risks and trends. Oversee enterprise-wide information security training and awareness programs.

• Lead automation of security operations.

Risk Leadership

• Establish, implement, and facilitate an effective enterprise-wide IT Risk Management governance program and execution plan that ensures the strategic alignment of IT risk management with WBG objectives and drives accountability across the organization.

• Establish and maintain the IT Risk Management framework and methodology including roles and responsibilities, risk taxonomy, legal and regulatory implications, impact and likelihood scale definitions, assessment methods, key risk indicators, and reporting standards.

• Monitor and report on key risk indicators, action plans, and risk response activities and escalate risks and issues to ITS and business management and governance bodies.

• Ensure appropriate service continuity plans, operations, and infrastructure are in place including business continuity, disaster recovery, and third-party continuity readiness.

• Conduct testing and validation of service continuity capabilities.

Within the first year, this leader will be specifically responsible for:

• Evaluate current capabilities, strategies, roadmaps and staff, providing an informed current state assessment and future state proposal within 120 days.

• Complete lean process redesign for at least two critical operational processes, in partnership with business colleagues. Quantify improvements.

• Improve psychological safety in the unit.

• Materially Improve the One World Bank Group security culture.

• Intensively apply AI and automation to reduce 15% of security tasks.

Selection Criteria

In addition to having a strong work ethic and unquestionable integrity, s/he will have the presence to establish immediate credibility with Senior Management and a complex group of stakeholders. S/he will possess outstanding intellect, leadership and analytical abilities as well as excellent interpersonal, communication and presentation skills. A successful candidate will possess qualifications such as:

• Master's degree in computer science, engineering, business, or relevant discipline with 15+ years of experience in an IT executive leadership position in cyber and information security in a global organization, or equivalent combination of education and experience.

• 10+ years of proven leadership in information security, IT operations, and IT risk management, with specific experience delivering in a large, complex, global IT environment.

• Proven experience with Information Security and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST, COBIT and COSO Frameworks.

• Deep experience and knowledge working with industry-leading cyber and information security architectures, platforms, tools, and solution providers.

• Strong understanding of industry and technology leading practices, emerging technologies, behavioral analytics and AI/ML and how to apply them to drive cyber, digital and business transformation.

• Extensive experience implementing lean process design. Scaled Agile Framework (SAFe) certification is a plus.

• Exceptional communications, storytelling and business engagement skills.

• Advanced knowledge and experience in security architecture, cybersecurity, protecting sensitive information, security engineering and operations, security incident response and forensics, and operating a 24x7 information security operations center.

• Demonstrated success leading and executing information security and IT risk management strategies and implementing enterprise-wide IT security technologies.

• Proven ability to effectively partner with business stakeholders to build strong partnerships, foster good governance, ensure strategic business/IT alignment, and transform relationships at the senior level.

• Proficiency in managing risk in IT application delivery environments.

• Understanding of WBG technology environment desirable.

• Strong collaborator with outstanding interpersonal and diplomatic skills, including the ability to facilitate, negotiate, and influence for successful outcomes. Ability to influence decision makers through collaboration, education, and working partnerships.

• Experience managing risk using advanced metrics and risk quantification.

• Demonstrated ability to lead and manage diverse multi-functional teams in multiple locations globally.

• A deep passion for the mission of the WBG.

WBG Managerial Competencies

World Bank Group Core Competencies

The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC, including our values and inspiring stories.