International Monetary Fund (IMF)

Chief Information Security Officer

International Monetary Fund (IMF)

Job Description

 

The International Monetary Fund (IMF) is looking to hire a Chief Information Security Officer who will be reporting to the Chief Information Officer and Head of the Information Technology Department of the IMF. Position Scope 
  • A visionary and strategic leader with a sound knowledge of business management and a working knowledge of technologies along with the understanding of broader digital ecosystem.

  • Responsible for establishing and maintaining the information security program, assets and associated technology, systems, infrastructure and processes are protected in the digital ecosystem we operate.

  • Develops and owns the cybersecurity framework while maintaining strong partnership with all senior stakeholders in the IMF.   Ensures all risk management policies are  in compliance and  enforced. 

  • Knowledgeable about both internal and external business environments, and ensures that the delivery of work programs within the IMF is optimal.

  • Leads, develops, and supervises information security staff, including mentoring, coaching, and providing growth opportunities for staff in the unit. 

 Main Responsibilities:
  • Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program for the Fund.

  • Works directly with the business units to facilitate risk assessment and risk management processes.

  • Develops and enhances an information security management framework.

  • Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.

  • Provides leadership to the enterprise's information security organization (core and extended teams).

  • Partners with business stakeholders across the company to raise awareness of risk management concerns.

  • Assists with the overall business technology planning, providing current knowledge and a future vision of secure technology and systems.

Qualifications

Education and Background:
  • Bachelor’s Degree in Business Administration or a technology-related field required;  Master’s degree in same disciplines preferred

  • Professional security management certification required

  • Proven track record of success in leadership positions

  • 15 years of managerial experience 

  • 8-12 years experience in a combination of risk management, information security, and IT positions

  • Knowledge of common information security management frameworks 

  • Experience with contract and vendor negotiations and management including managed services 

Required Technical Competencies:
  • Experience in business case development and analysis, business scenarios and views and viewpoints. Knowledge of IT Industry Standards (Frameworks, Methodologies, etc.). Knowledge of relevant Industry and Provider Ecosystems and Consortiums. Experience in Obsolescence Monitoring. Experience in Technology Architecture  (cloud, infrastructure), target state design and strategy.

  • Knowledge and experience of threat and risk-based Information Security Policies, Standards, technical security configuration baselines, procedures, critical security performance management processes, interpretation, and training founded on leading best practices

  • Knowledge and experience of risk-based information security awareness and technical development programs to continuously improve security incident prevention, preparedness, detection, response, recovery

  • Knowledge and experience of Security Risk and Compliance Management techniques, processes, and tools leveraging leading best practice IT security and Data/Information risk management frameworks and standards to deliver continuously improving prioritized risk identification, treatment, verification, and monitoring

  • Knowledge and experience of 3rd party service provider and cloud security requirements, data and operations protection controls, architectures, shared security accountability models, leading best practice risk and control framework evaluation and continuous security performance and assurance models, and contractual controls implementation

  • Knowledge and experience of Independent security assurance programs, techniques, practices, and processes through certification against leading Information security leading frameworks, continuous improvement focused critical security process assessments, and security posture capability and maturity assessments   

  • Knowledge of Threat modeling techniques and methodologies to deliver security requirements input for solution, architecture, and process design leading to more cyber resilient solutions

  • Knowledge and experience of Threat intelligence and analytics to deliver strategic business aligned and tactical operational prioritized threat intelligence reporting and requirements, threat actor identification and monitoring, efficient collection of high confidence actionable relevant intelligence, operationalizing analysis of threat intelligence and security posture to drive actions that prevent, prepare for, and respond to security incidents effectively

  • Knowledge and experience of continuous security monitoring techniques, process, technology to continuously improve the detection of security incidents and policy violations

Apply Now