IT Analyst, Security, Risk and Compliance

Job Posting Organization:
The World Bank Group is a prominent global institution established to provide financial and technical assistance to developing countries. Its mission is to end extreme poverty and promote shared prosperity by providing funding and knowledge to address the most pressing development challenges. Founded in 1944, the organization has grown to include 189 member countries and operates in over 130 offices worldwide, making it one of the largest sources of funding and knowledge for development. The World Bank Group is committed to leveraging data, research, and technology to create innovative solutions for global issues, and it emphasizes collaboration with both public and private sector partners.

Job Overview:
The IT Analyst for security" style="border-bottom: 1px dotted #007bff !important;">Security, Risk, and Compliance will play a pivotal role within the World Bank Group's Information and Technology Solutions (ITS) Vice Presidential Unit (VPU). This position is essential for supporting the organization's Internal Controls over Financial Reporting (ICFR) program, particularly focusing on IT General Controls (ITGCs). The successful candidate will be responsible for conducting pre-implementation reviews of systems that fall under the ICFR scope, evaluating the design and operational effectiveness of ITGCs, and performing compliance assessments to ensure that the organization adheres to its IT policies and relevant control frameworks. The role demands modern technical skills, familiarity with Agile methodologies, and relevant professional certifications to maintain a robust IT control environment. The IT Analyst will also be expected to engage with various stakeholders, ensuring that compliance and audit issues are addressed effectively and that recommendations for strengthening ITGCs are implemented.

Duties and Responsibilities:
The IT Analyst will have a comprehensive set of responsibilities, including but not limited to: supporting the ICFR program for IT General Controls, collaborating with external auditors on audit planning and evaluation procedures, assisting in the implementation of controls, and documenting processes to meet ICFR requirements. The candidate will evaluate the design and operational effectiveness of ITGCs, conduct IT technical and process audits, and perform compliance assessments based on established frameworks such as COBIT, ISO 27001, ISO 20000, and NIST. Additionally, the IT Analyst will develop test plans and procedures to assess the effectiveness of IT controls, discuss compliance issues with stakeholders, and provide actionable recommendations. The role also involves designing and implementing IT controls aligned with Agile methodologies and integrating automation and AI solutions to enhance compliance activities. The candidate will be responsible for maintaining data for management reporting and monitoring open audit items to ensure that remedial activities are executed as planned.

Required Qualifications:
Candidates must possess a Bachelor’s degree with at least four years of relevant experience or a Master’s degree with a minimum of two years of relevant experience. They should have experience in conducting design and operational effectiveness testing for IT General Controls and demonstrate knowledge in auditing IT and security controls across various environments, including networks, operating systems, databases, and cloud platforms. Familiarity with Agile methodologies and AI frameworks, along with their compliance implications, is essential. Industry certifications such as Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, Certified Information Systems Security Professional (CISSP), and Certified Agile Practitioner (e.g., SAFe, Scrum Master) are highly preferred. The candidate should also possess excellent communication, presentation, and problem-solving skills, and be able to work independently as well as collaboratively.

Educational Background:
The educational background required for this position includes a Bachelor’s degree in a relevant field such as Information Technology, Computer Science, or a related discipline. A Master’s degree is preferred, particularly for candidates with less than four years of experience. The educational qualifications should be complemented by relevant certifications that demonstrate expertise in IT security, compliance, and auditing.

Experience:
The position requires a minimum of four years of relevant experience for candidates with a Bachelor’s degree, or at least two years for those with a Master’s degree. Experience should include conducting audits and assessments of IT General Controls, as well as familiarity with compliance frameworks and methodologies. Candidates should have a proven track record of working in environments that require a strong understanding of IT security and risk management.

Languages:
The mandatory language for this position is English, which is essential for effective communication within the organization and with external stakeholders. While not required, proficiency in additional languages may be considered an asset, particularly if it enhances the candidate's ability to engage with diverse teams and clients.

Additional Notes:
This position is a local recruitment opportunity with a term duration of four years. The World Bank Group offers a comprehensive benefits package, including a retirement plan, medical, life, and disability insurance, as well as paid leave, including parental leave. The organization is committed to diversity and inclusion, ensuring equal opportunities for all candidates regardless of gender, identity, religion, race, ethnicity, sexual orientation, or disability. The role is full-time and requires a commitment to the organization's mission and values.