7:49 PM
Jojon
Job # 121262
Job Title Information Security Officer - Security Engineering
Job Family Information Management and Technology
Location Washington, DC
Appointment Local Hire
Closing Date 10-jun-2012
Language Requirements English [Essential]
Appointment Type
Background / General description
The World Bank Group (WBG) Office of Information Security (OIS) provides information security services to the WBG. OIS’s mission is to protect the WBG’s information assets in a manner that supports the WBG's mission to free the world of poverty. The office develops strategy, standards and processes to protect the confidentiality, integrity and availability of WBG information assets in a manner that is commensurate with their value and risk. OIS maintains an information security program in way that respects the rights and dignity of those it serves and addresses the needs of the WBG’s business units. OIS is responsible for managing security strategy, operations and compliance activities for the WBG’s five member institutions and protecting assets that total more than $628 billion of annual investments in poor and developing countries. In addition, OIS manages security across remote sites in over 180 countries throughout globe. OIS is seeking an Information Security Officer who will be responsible for mobile computing security and threat and vulnerability management. The Information Security Officer will report to the Senior Information Security Officer leading Security Engineering.
Duties and Accountabilities
The Information Security Officer will have overall responsibilities for executing the work program under the Security Engineering team; as well as for working as an integral part of the OIS team in executing OIS’s work programs. The primary responsibilities will include, but are not limited to, the following:
Interface effectively with business units and the IMT community to provide security oversight and guidance for mobile computing initiatives. Ensure best practices in the areas of security operations are followed.
Analyze emerging threats, produce threat and risk assessment reports, lead the design and engineering of technical security controls to mitigate the threats and risks.
Execute the threat and vulnerability management work program, including application and infrastructure penetration testing. Maintain and manage the tools and systems supporting the key TVM security controls. Design and document operating procedures. Research and engineer technical solutions and perform the penetration testing work program.
Work closely and proactively with OIS management to maintain the WBG’s high standards in managing security around its operational risk associated with technology.
Provide guidance and support in the development of security standards for mobile computing infrastructure and applications to conform to the information enterprise architecture, WBG risk profile, and policy requirements.
Act as the subject matter expert in the area of mobile computing; lead the development of security architecture along with the corresponding technical controls to support the broad adoption of mobile computing technologies.
Interface with business units and IMT stakeholders to identify requirements and assess their applicability on the WBG IT infrastructure.
Maintain an up-to-date understanding of emerging trends in information security architecture. Apply new techniques and trends, in-line with overall information security objectives and risk tolerance of the WBG.
Maintain impartiality around IT systems to produce unbiased reports on information security risk.
Selection Criteria
1. Master’s degree (or equivalent combination of education and experience) preferred in Computer Science, Information Systems or related field. Bachelor’s degree is minimum education requirement. 2. Minimum of 5 years experience working in IT/Information Security engineering and operations (7 years experience with Bachelor’s degree). 3. Demonstrated experience and familiarity with large scale enterprise IT infrastructure, overall security posture, and engineering process 4. Advanced technical knowledge of network security 5. Advanced technical knowledge of application security and demonstrated experience in testing applications for security holes and working with development team to remediate the issues 6. Demonstrated experience with conducting threat and vulnerability management work program, including threat analysis, vulnerability scanning and remediation 7. Demonstrated experience with conducting application and infrastructure penetration testing 8. Demonstrated ability to implement vulnerability mitigation at all levels of the OSI network model. Must be able to quantify the severity of discovered vulnerabilities and prioritize remediation efforts 9. Minimum 2 years enterprise experience using commercial vulnerability scanning tools. Ability to work with system and application owners to ensure remediation of discovered vulnerabilities and rectify any false positive conditions 10. Advanced knowledge of interpreted languages such as Perl, Python, PowerShell, or Bash 11. Advanced technical knowledge of common mobile computing platforms (including but not limited to Blackberry, iOS and Android) and associated security risks; demonstrated experience in assessing risk in mobile computing environment, including mobile applications 12. Working knowledge of risk mitigation techniques for mobile computing platforms 13. Demonstrated experience with enterprise integration of mobile computing devices, including centralized management tools and policy enforcement techniques 14. Demonstrated experience with enterprise security engineering and implementation for a financial services organization or other organizations with similar information security needs and requirements 15. Ability to assess risks in line with information security objectives and risk tolerance of the institution. Proven conceptual, analytical and evaluation skills 16. Proven ability to conduct research independently and present results effectively 17. Proven ability to clearly and concisely prepare, present, discuss, and defend recommendations and to produce a wide range of deliverables such as memoranda, recommendations, requirements documents, status reports, etc. 18. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility 19. Knowledge of best practices and standards for enterprise security architecture 20. Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP) and SANS GIAC 21. Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers 22. Ability to collaborate with senior stakeholders to identify requirements and drive compliance with approved standards 23. Demonstrated ability to listen and integrate ideas from diverse views, create partnerships and collaborate with others, advocate and influence, resolve conflicts constructively, and work effectively across boundaries 24. Ability to make forward-looking and practical decisions and operate effectively in a results-oriented and implementation culture 25. Excellent written and verbal communication skills, including the capacity to communicate complex and technical issues in simple terms. The World Bank Group is committed to achieving diversity in terms of gender, nationality, culture and educational background. Individuals with disabilities are equally encouraged to apply. All applications will be treated in the strictest confidence.
for full information please following link.
