Security Analyst/Senior Security Analyst (Technical cyber risk management)
International Monetary Fund (IMF)
Washington Dc
United States
December 23, 2025
Full-timeDecember 23, 2025
Security Analyst/Senior Security Analyst (Technical cyber risk management)
International Monetary Fund (IMF) About
The International Monetary Fund (IMF) is an organization of 189 countries, working to foster global monetary cooperation, secure financial stability, facilitate international trade, promote high employment and sustainable economic growth, and reduce poverty around the world. Created in 1945, the IMF is governed by and accountable to the 189 countries that make up its near-global membership.
Job Description
Job Posting Organization:
The International Monetary Fund (IMF) is a global organization that plays a crucial role in promoting international monetary cooperation and financial stability. Established in 1944, the IMF has a mission to foster global economic growth and stability by providing financial assistance, policy advice, and technical assistance to its member countries. The organization operates in 190 countries and employs over 2,700 staff members from diverse backgrounds, working collaboratively to address the challenges of the global economy. The Information Technology Department (ITD) at the IMF is integral to this mission, serving as a catalyst for change by integrating innovative technology solutions that enhance the IMF's operational efficiency and effectiveness. Within ITD, the security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security and Governance (ISG) division is dedicated to safeguarding the integrity of the IMF's information assets and ensuring compliance with security standards, thereby contributing to the overall stability of the global economy.
Job Overview:
The Information Technology Department (ITD) at the IMF is seeking to fill four positions for Security Analyst/Senior Security Analyst specializing in Technical Cyber Risk Management. These roles are critical in providing expertise in security risk management and assessment, particularly concerning Azure cloud services, IT products, platforms, and services, including those with complex hybrid architectures. The selected candidates will work under the supervision of an information security risk manager and will be responsible for advising and influencing both technology and business personnel on safeguarding information, applications, systems, and infrastructure. The role requires a pragmatic approach to cloud security and risk management, ensuring that the IMF can meet its current and future business needs effectively. The candidates will engage with project teams, service providers, and various business units, contributing to the development and implementation of a robust cybersecurity strategy that aligns with the IMF's mission.
Duties and Responsibilities:
The Security Analyst/Senior Security Analyst will have a range of responsibilities, including but not limited to: acting as a senior individual contributor for information security risk management projects; designing and assessing controls for high-demand technical areas such as ERP, IT Service Management, and Identity and Access Management; mapping and implementing compliance frameworks; managing risk remediation; and reporting on information security risks. The role also involves delivering information security risk assessments for large-scale IT projects, consulting with security architecture functions for threat modeling, and designing infrastructure security controls. The candidates will be expected to consult on the implementation of authentication and cryptography mechanisms, collaborate with various security functions, and maintain impartiality in producing unbiased reports on information security risks. Additionally, they will work closely with IT project teams to develop implementation plans for new security-related products and services, conduct quality assurance reviews, and define processes for using external security service providers. The role requires effective communication of security requirements and training for staff and managers, as well as identifying opportunities for improving business practices related to IT security.
Required Qualifications:
Candidates must possess a Bachelor's degree in information security, computer science, engineering, mathematics, business, or a related field, along with a minimum of 10 years of relevant experience in a technical information security risk management role. Alternatively, candidates with an advanced degree in the aforementioned fields may qualify with a minimum of 4 years of relevant experience. Required certifications include CISSP or CISM, with at least two preferred certifications such as CCSP, Microsoft Certified: Cybersecurity Architect Expert, and various GIAC or offensive security-related certifications. Experience in a technical cybersecurity risk management function, familiarity with risk management concepts, and practical use of frameworks such as NIST-SP800-30 and ISO 27001/2 are essential. Candidates should also demonstrate expertise in cybersecurity across infrastructure, applications, and database technologies, along with basic IT consultancy skills.
Educational Background:
The educational background required for this position includes a Bachelor's degree in information security, computer science, engineering, mathematics, business, or a related field. An advanced degree in these areas is preferred and may substitute for a portion of the required experience. The educational qualifications should provide a strong foundation in technical concepts and principles relevant to information security and risk management.
Experience:
Candidates are expected to have extensive experience in technical cybersecurity risk management, with a minimum of 10 years of relevant experience for those with a Bachelor's degree or 4 years for those with an advanced degree. This experience should include working in environments with security-related regulatory requirements, practical application of risk management principles, and demonstrated expertise in cybersecurity technologies and practices. Familiarity with security frameworks and the ability to consult on security hardening of applications and infrastructure components are also critical.
Languages:
While the job description does not specify mandatory languages, proficiency in English is essential for effective communication within the IMF. Additional language skills may be beneficial but are not explicitly required.
Additional Notes:
This position is a one-year contractual appointment, with the possibility of renewal for up to four years based on performance, budget availability, and ongoing business needs. The IMF is committed to diversity and inclusion, ensuring that employment decisions are made without discrimination. The organization welcomes requests for reasonable accommodations for disabilities during the selection process, and information on how to request accommodations will be provided during the application process.
The International Monetary Fund (IMF) is a global organization that plays a crucial role in promoting international monetary cooperation and financial stability. Established in 1944, the IMF has a mission to foster global economic growth and stability by providing financial assistance, policy advice, and technical assistance to its member countries. The organization operates in 190 countries and employs over 2,700 staff members from diverse backgrounds, working collaboratively to address the challenges of the global economy. The Information Technology Department (ITD) at the IMF is integral to this mission, serving as a catalyst for change by integrating innovative technology solutions that enhance the IMF's operational efficiency and effectiveness. Within ITD, the security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security and Governance (ISG) division is dedicated to safeguarding the integrity of the IMF's information assets and ensuring compliance with security standards, thereby contributing to the overall stability of the global economy.
Job Overview:
The Information Technology Department (ITD) at the IMF is seeking to fill four positions for Security Analyst/Senior Security Analyst specializing in Technical Cyber Risk Management. These roles are critical in providing expertise in security risk management and assessment, particularly concerning Azure cloud services, IT products, platforms, and services, including those with complex hybrid architectures. The selected candidates will work under the supervision of an information security risk manager and will be responsible for advising and influencing both technology and business personnel on safeguarding information, applications, systems, and infrastructure. The role requires a pragmatic approach to cloud security and risk management, ensuring that the IMF can meet its current and future business needs effectively. The candidates will engage with project teams, service providers, and various business units, contributing to the development and implementation of a robust cybersecurity strategy that aligns with the IMF's mission.
Duties and Responsibilities:
The Security Analyst/Senior Security Analyst will have a range of responsibilities, including but not limited to: acting as a senior individual contributor for information security risk management projects; designing and assessing controls for high-demand technical areas such as ERP, IT Service Management, and Identity and Access Management; mapping and implementing compliance frameworks; managing risk remediation; and reporting on information security risks. The role also involves delivering information security risk assessments for large-scale IT projects, consulting with security architecture functions for threat modeling, and designing infrastructure security controls. The candidates will be expected to consult on the implementation of authentication and cryptography mechanisms, collaborate with various security functions, and maintain impartiality in producing unbiased reports on information security risks. Additionally, they will work closely with IT project teams to develop implementation plans for new security-related products and services, conduct quality assurance reviews, and define processes for using external security service providers. The role requires effective communication of security requirements and training for staff and managers, as well as identifying opportunities for improving business practices related to IT security.
Required Qualifications:
Candidates must possess a Bachelor's degree in information security, computer science, engineering, mathematics, business, or a related field, along with a minimum of 10 years of relevant experience in a technical information security risk management role. Alternatively, candidates with an advanced degree in the aforementioned fields may qualify with a minimum of 4 years of relevant experience. Required certifications include CISSP or CISM, with at least two preferred certifications such as CCSP, Microsoft Certified: Cybersecurity Architect Expert, and various GIAC or offensive security-related certifications. Experience in a technical cybersecurity risk management function, familiarity with risk management concepts, and practical use of frameworks such as NIST-SP800-30 and ISO 27001/2 are essential. Candidates should also demonstrate expertise in cybersecurity across infrastructure, applications, and database technologies, along with basic IT consultancy skills.
Educational Background:
The educational background required for this position includes a Bachelor's degree in information security, computer science, engineering, mathematics, business, or a related field. An advanced degree in these areas is preferred and may substitute for a portion of the required experience. The educational qualifications should provide a strong foundation in technical concepts and principles relevant to information security and risk management.
Experience:
Candidates are expected to have extensive experience in technical cybersecurity risk management, with a minimum of 10 years of relevant experience for those with a Bachelor's degree or 4 years for those with an advanced degree. This experience should include working in environments with security-related regulatory requirements, practical application of risk management principles, and demonstrated expertise in cybersecurity technologies and practices. Familiarity with security frameworks and the ability to consult on security hardening of applications and infrastructure components are also critical.
Languages:
While the job description does not specify mandatory languages, proficiency in English is essential for effective communication within the IMF. Additional language skills may be beneficial but are not explicitly required.
Additional Notes:
This position is a one-year contractual appointment, with the possibility of renewal for up to four years based on performance, budget availability, and ongoing business needs. The IMF is committed to diversity and inclusion, ensuring that employment decisions are made without discrimination. The organization welcomes requests for reasonable accommodations for disabilities during the selection process, and information on how to request accommodations will be provided during the application process.
Info
Job Posting Disclaimer
This job posting is provided for informational purposes only. The accuracy of the job description, qualifications, and other details mentioned is the sole responsibility of the employer or the organization listing the job. We do not guarantee the validity or legitimacy of this job posting. Candidates are advised to conduct their own due diligence and verify the details directly with the employer before applying.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.