Manager, IT Risk Management

Job Posting Organization:
The World Bank Group (WBG) is a unique global partnership of five institutions dedicated to ending poverty and promoting shared prosperity. Established in 1944, the organization has grown to include 189 member countries and operates in more than 120 offices worldwide. The WBG is one of the largest sources of funding and knowledge for developing countries, working with public and private partners to invest in groundbreaking projects and utilize data, research, and technology to address global, regional, and local challenges. The organization is currently undergoing a significant transformation to adapt to the multiple crises affecting the world today, as outlined in its Evolution Roadmap.

Job Overview:
The Manager, IT Risk Management position at the World Bank Group is a critical role that involves leading cyber risk governance and ensuring the security" style="border-bottom: 1px dotted #007bff !important;">security of the organization's information assets. The successful candidate will be responsible for driving the adoption of an AI-enabled Risk Management Framework, which includes the development of automated dashboards, heatmaps, and quantitative risk scoring. This position requires a deep understanding of Zero Trust principles and the ability to embed these principles across the enterprise security architecture. The role also involves modernizing the certification, accreditation, and compliance program, ensuring compliance with key regulatory frameworks, and preparing the organization for emerging technology risks. The Manager will play a significant role in shaping the workforce culture and advisory functions within the organization, building a high-performing cybersecurity team and driving executive engagement in risk management.

Duties and Responsibilities:
The Manager, IT Risk Management will have a wide range of responsibilities, including leading cyber risk governance initiatives, developing and maintaining the organization’s 'CISO Top 10 Risks,' and ensuring alignment with the institution’s overall risk appetite. The role involves embedding Zero Trust principles across various aspects of security architecture, ensuring that DevSecOps practices are standard across the enterprise. The Manager will also modernize the certification and compliance program, oversee resilience planning for emerging technology risks, and establish responsible AI governance practices. Additionally, the position requires building and mentoring a diverse cybersecurity team, fostering a culture of accountability and continuous learning, and enhancing operational excellence through process improvements and automation.

Required Qualifications:
Candidates must possess a Master’s degree in cybersecurity, information systems, engineering, or business, along with at least 12 years of progressively responsible IT and information security leadership experience. Alternatively, a Bachelor’s degree with 15 years of experience is acceptable. The ideal candidate should have a minimum of 10 years of hands-on experience in cybersecurity architecture and IT risk management, preferably within large financial, governmental, or multinational organizations. Strong knowledge of enterprise security architecture, Zero Trust principles, and cloud security frameworks is essential, along with experience in automated compliance and continuous assurance capabilities. Proven leadership skills and the ability to influence executive stakeholders are also critical for this role.

Educational Background:
The educational requirements for this position include a Master’s degree in a relevant field such as cybersecurity, information systems, engineering, or business. Candidates with a Bachelor’s degree may also be considered if they have extensive experience in the field, specifically 15 years or more of relevant experience. The educational background should reflect a strong foundation in information technology and security principles, as well as an understanding of regulatory frameworks and compliance requirements.

Experience:
The position requires a significant level of experience, specifically a minimum of 12 years in IT and information security leadership roles. Candidates should have at least 10 years of hands-on experience in cybersecurity architecture and IT risk management, ideally within large organizations that operate on a global scale. Experience in managing cross-functional teams and strategic planning is also essential, as well as a proven track record of preparing organizations for emerging technologies and associated risks.

Languages:
While the job posting does not specify mandatory languages, proficiency in English is typically expected in international organizations like the World Bank Group. Additional language skills may be considered an asset, particularly for candidates from diverse backgrounds or those who can engage with stakeholders in multiple regions.

Additional Notes:
This position is a local recruitment opportunity with a term duration of 3 years. The World Bank Group values diversity and encourages applications from qualified candidates who are nationals of member countries, with a particular emphasis on Sub-Saharan African nationals, Caribbean nationals, and female candidates. The organization promotes a culture of empowerment and accountability, and candidates should be prepared to demonstrate their commitment to fostering an inclusive and diverse workplace.