Security Analyst/Senior Security Analyst (Technical cyber risk management)

Job Posting Organization:
The International Monetary Fund (IMF) is a global organization established to promote international monetary cooperation, facilitate sustainable economic growth, and reduce poverty around the world. The IMF was founded in 1944 and has grown to include 190 member countries. The organization employs over 2,700 staff members and operates in various countries, providing financial assistance, policy advice, and technical assistance to its member nations. The IMF's mission is to foster global monetary cooperation and financial stability, and it plays a crucial role in the global economy by providing a platform for dialogue and collaboration among its member countries.

Job Overview:
The Information Technology Department (ITD) at the IMF is seeking to fill four positions for security" style="border-bottom: 1px dotted #007bff !important;">Security Analyst/Senior Security Analyst within its Information Security and Governance (ISG) division. This role is pivotal in managing and assessing security risks associated with various IT products and services, particularly focusing on Azure cloud services and complex hybrid architectures. The successful candidates will work under the supervision of an information security risk manager and will be responsible for advising on security measures, ensuring compliance with security policies, and implementing a robust cybersecurity strategy. The role requires a proactive approach to identifying and mitigating risks while collaborating with project teams and business units to enhance the overall security posture of the IMF.

Duties and Responsibilities:
The Security Analyst/Senior Security Analyst will have a range of responsibilities, including but not limited to: leading information security risk management projects, conducting risk assessments for large-scale IT implementations, and collaborating with various teams to ensure security measures are effectively integrated into business processes. Specific duties include designing and assessing security controls for critical technical areas, managing compliance frameworks, and developing roadmaps for advancing information security strategies. The role also involves consulting on the implementation of authentication and cryptography mechanisms, conducting quality assurance reviews of security requirements, and providing training to staff on risk management practices. Additionally, the analyst will be responsible for maintaining impartiality in reporting security risks and identifying opportunities for process improvements within the context of information security.

Required Qualifications:
Candidates must possess a Bachelor's degree in information security, computer science, engineering, mathematics, business, or a related field, along with a minimum of 10 years of relevant experience in technical information security risk management or as an information security architect. Alternatively, an advanced degree in a related field with at least 4 years of relevant experience is acceptable. Required certifications include CISSP or CISM, with additional certifications such as CCSP, Microsoft Certified: Cybersecurity Architect Expert, and GIAC being preferred. Candidates should have practical experience with risk management concepts, familiarity with security-related regulatory requirements, and demonstrated expertise in cybersecurity across various technologies.

Educational Background:
The educational background required for this position includes a Bachelor's degree in a relevant field such as information security, computer science, engineering, mathematics, or business. An advanced degree in these areas is preferred and can substitute for a portion of the required experience. The educational qualifications should provide a strong foundation in technical concepts and principles related to information security and risk management.

Experience:
Candidates should have extensive experience in technical cybersecurity risk management, particularly in environments with security-related regulatory requirements. This includes practical experience in risk assessment, prioritization, and the delivery of treatment plans. Familiarity with frameworks such as NIST-SP800-30, ISO 27001/2, and COBIT is essential. The role requires a pragmatic approach to security, with the ability to balance security demands against business realities and to quickly adapt to new technologies and their security implications.

Languages:
While the job description does not specify mandatory languages, proficiency in English is likely essential given the international nature of the IMF and its operations. Additional language skills may be beneficial but are not explicitly required.

Additional Notes:
This position is a one-year contractual appointment, with the possibility of renewal for up to four years based on performance, budget availability, and ongoing business needs. The IMF emphasizes a non-discriminatory hiring process and welcomes requests for reasonable accommodations for disabilities during the selection process. The organization is committed to fostering a diverse and inclusive workplace.