The World Bank is looking for an “Application of Senior IT Officer, Business Solutions” to improve security in our applications and platforms. This role ensures that security is a priority throughout the solution lifecycle and involves collaboration with various teams, including the Information Security Office. The World Bank are looking for someone who not only has the technical know-how and experience but also the soft skills to effectively communicate and collaborate with various stakeholders to influence outcomes.

Job Responsibilities for Senior IT Officer, Business Solutions:

Applications & Platforms – Work with stakeholders to ensure that solutions and platforms are secure using a risk-based approach:

1. Work with key stakeholder to identify high-impact solutions and platforms based on their function or the type of information they store.
2. Application Threat and Risk Model(s): Work closely with solution and OIS teams to ensure that we have a risk and threat model for these critical applications and platforms.
3. Assess the critical applications against the threat and risk model to identify key improvement areas.
4. Implement a continuous improvement program to systematically improve risk posture by addressing key improvement areas for these solutions and platforms.
5. Development: Collaborate with OIS to enhance secure software development practices, including software supply chain, code reviews, change management, and access control.
6. Incident Response: Ensure solution teams have incident response plans for applications and platforms.

People and Practices – Promote security awareness and clarify roles and responsibilities across teams:

7. Security Awareness: Work with application and platform teams application and platform teams foster a culture of security awareness and best practices.

8. Roles and Responsibilities: Work with the stakeholders to ensure that the roles and responsibilities of the various aspects of solution lifecycles are clear.

Technology – ensure technology, architectures, and patterns support enhanced application and platform security:

9.New Technologies: Work closely with different teams to identify new capabilities that could improve our application and platforms’ risk levels and security.

10.Cloud Architecture, Security, and Risk Management: Work closely with other teams in ITS to design the cloud landscape, including the secure design of specific services; support the implementation of enterprise initiatives like SASE, ZTA etc.

11.Solution Architecture for Secure Applications: Support application teams in the design of a secure overall solution architecture.

Program Management: effectively manage and implement various initiatives within the program:

12.Program Management: Structure and manage the initiatives to ensure essential elements are planned, tracked, and implemented.

13.Metrics: Develop relevant metrics to measure the effectiveness of security implementations and practices.

You also might be interested in :2023 Internship of Climate Change Specialist at The World Bank

Selection Criteria:

Education: 

•Master’s degree in information technology, Computer Science, or a related field  with 8 years relevant experience OR equivalent combination of education and experience.

Professional Experience:

We are looking for a seasoned professional who has had experience in some of the following areas:

•Solution architecture and application development experience and understanding of secure software development practices.

•Experience covering enterprise architecture, cybersecurity, risk, and threat modeling.

•Experience in Program Management: As the role involves structuring and managing initiatives, experience in program management is beneficial.

•Understanding of affecting change across multiple stakeholders.

Skills:

• Communication and Collaboration Skills: Ability to collaborate with various stakeholders and foster a culture of security awareness.
• Risk Assessment and Management: Ability to identify and assess risks and prioritize them based on impact.
• Knowledge of Security Frameworks and Best Practices: Understanding of frameworks like NIST, ISO 27001, etc.
• Cloud and Identity: Hands on experience in cloud technologies  (AWS, Azure). Knowledge and understanding of modern authentication.
• Content and Data Security: Experience in managing/securing content (such as M365) and data; this includes understanding of data cleansing etc.
• Roles, Users and Permissions: Understanding how business users gain access to content via well-structured roles and permissions management approaches.

Soft Skills:

• Analytical Skills: Ability to analyze complex issues.
• Problem Solving: Ability to solve problems efficiently and creatively.
• Leadership Skills: Capability to lead initiatives and influence others to follow best security practices.

Term Duration: The position has an anticipated duration of two years.