Information Security Architect-Itdsg

Work for the IMF. Work for the World.

The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.

Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as the guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:

• Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.

• Enacting inclusive governance that balances security needs with operational fluidity.

• Developing policies and standards that stay ahead of the threat landscape.

• Ensuring compliance, resilience, and agility in our cybersecurity posture.

• Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the Fund's information assets, ensuring a secure operational framework.

• Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.

• Administering a compliance management program dedicated to maintaining firm adherence to the Fund's information security policies and standards.

• Preserving a solid enterprise security reference architecture that acts as a safeguard for the Fund's information assets against pertinent threats.

• Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the Fund's mission.

• Overseeing cyber threat intelligence, and incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.

As we expand our efforts to serve the Fund's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the Fund.

Job Summary

The Information Technology Department (ITD)'s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill an Information Security Architect position.

This role will design, engineer, influence and embed security controls in the early phases of the IMF's System Development Lifecycle process (Shift Left Mindset). S/he is expected to influence, drive, and collaborate with business and technical stakeholders to achieve practical architecture solutions that meet the secure by design and privacy by design principles. The candidate will also identify recurring information security use cases and develop security architecture pattern documents applicable to those use cases.

Major Duties and Responsibilities

1.Drives and supports the solution architecture development process from context to physical architecture and ensures that all relevant security controls are embedded early in the SDLC phase.

2.Works with technical and business stakeholders to identify architectural attributes that may influence threat and attack vectors.

3.Collaborates with business and technical stakeholders to develop data flows, user profiles, data dictionaries, release notes, technical specification and process flows as input for threat modeling activities.

4.Reviews high level conceptual and logical architectural artifacts and presents findings to the IMF's Enterprise Architecture Review Board.

5.Performs threat modeling activities and communicates outcomes to platform engineers, Information Security Risk Management and the Application Security teams.

6.Develops technical road maps towards achieving mid to long-term enterprise security architecture goals like zero trust architecture, automated threat modeling, secure by default, policy as code and pattern as code.

7.Attends project and enhancement meetings to advise and provide input on security architecture related issues.

8.Develops and ensures security reference architectures and patterns are up-to-date, standards-based, relevant, and agile to meet evolving business and technology needs and knowledge gaps.

9.Research new information security capabilities and technology for continuous improvement of self and the organization.

10. Collaborates with the information security assurance team on developing practical and applicable information security baselines and referencing those baselines in Enterprise Security Architecture documentation.

11. Drives and documents security architecture artifacts for protecting the IMF's crown jewels and strictly confidential assets.

12. Collaborates with IMF's DevOps team to define guardrails and process flows for configuration, development, delivery, and deployment pipelines.

13. Collaborates with the IMF Enterprise Architecture Division to create visibility of activities between ISG and EA division to ensure continuous synchronization.

14. Manages the implementation of an awareness program for promoting information security architecture principles and their application with business and IT stakeholders.

Minimum Qualifications

Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 4 years of progressive information security work experience; or a bachelor's degree in information security, computer science, engineering, mathematics, or related field of study and minimum of 10 years of progressive information security work experience.

• Candidates should possess one or more of the following certifications.

• CISSP, CISM, SABSA, CISSP-ISSAP, CSSLP, CCSK, or GSSP.

Work management skills

• Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance. Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.

• Excellent insight of business and technology trends and their impact (risks and opportunities) to business enablement.

• Analytical skills that enable synthesis and correlation of inputs from many sources and allow for strategic thinking and tactical implementation.

• Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity.

• Excellent management, organizational and interpersonal skills to influence others towards a shared vision and positive results with or without the line of command.

• Excellent written and verbal communication skills that are compelling, convincing and reassuring, with the ability to articulate complex technical ideas to non-technical stakeholders.

• Personal drive, ownership and accountability to meet deadlines and achieve agreed-upon results.

Technical Skills

• Deep and hands-on understanding and expertise in at least 4 of the following 6 areas

• Infrastructure, Application, Network, Cloud Security, Identity & Access Management and Security Automation.

• An understanding of Azure Cloud and Microsoft 365 security controls, solutions, and future roadmaps.

• Advanced knowledge Azure Key Vault, Azure Kubernetes Service, Azure Active Directory, Defender for Cloud, Azure monitor, Azure API Management, Application gateway.

• Understanding of application security assessment methods: OWASP Top 10, OWASP Application Security Verification Standard (ASVS), OWASP Mobile Application Security Verification Standard (MASVS), Attack and Defense techniques.

• Understanding and ability to perform threat modeling on a diverse category of architecture (Referencing STRIDE, DREAD, MITRE ATT&CK Frameworks)

• Experience implementing and designing DEVSECOPS and Security Automation delivery pipelines with automation tools like SAST, DAST, SCA, Container Security tooling.

• Familiarity with cloud security concepts like landing zones, Isolation concepts, NSGs/VCNs, conditional access, CI/CD pipelines.

• Familiarity with Datacentric Architectural concepts (Data storage, data lakes, raw and transformational data vaults, data isolation, ETL/ELT ingestion pipelines).

This vacancy shall be filled by a 3-year Term appointment in accordance with the Fund's new employment rules that took effect on May 1, 2015.

Department:

ITDSG Information Technology Department Information Security & Governance

Hiring For:

A11, A12

The IMF is committed to achieving a diverse staff, including age, creed, culture, disability, educational background, ethnicity, gender, gender expression, nationality, race, religion and beliefs, and sexual orientation. We welcome requests for reasonable accommodations for disabilities during the selection process.