The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy.
Responsibilities:
Research current and emerging threats facing the business and industry sector.
Lead production and delivery of recurring threat intelligence products including reports, one pager, threat briefs etc.
Deliver threat briefings and awareness sessions to internal staff.
Conduct and publish in-depth risk assessments to evaluate and categorize the risk posture of detected cyber threats while supporting development and refinement of risk assessment methodologies and tools used for threat categorization.
Collaborate with internal and external stakeholders, to gather and share relevant threat intelligence.
Develop and maintain threat profiles and reports to enhance detection and response capabilities.
Continuously update and refine existing threat intelligence processes and methodologies to ensure the organization remains at the forefront of cyber defense.
Centralize multiple threat sources (premium, industry-shared, open-source, dark web), correlate indicators and threats, and distill actionable intelligence.
Deliver on the digital risk management portfolio covering social media, brand protection etc.Develop and maintain high quality PowerBI dashboards to show coverage and effectiveness.
Automate routine tasks for efficient operations and support of the team.
Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams.
Participate, implement and maintain deception technology.
Requirements:
Bachelor's degree in computer science, information technology, systems engineering, or a related field.
Minimum 5 years of Information Security experience required with majority of time in a SOC.
Strong written and verbal communication skills across all levels of the organization.
Maintain a current understanding of advanced persistent threats (APTs), threat actor tactics, techniques, and procedures (TTPs), and cyber threat trends.
Ability to maintain a high level of integrity, trustworthiness and confidence, with the highest level of professionalism.
Strong project management, multitasking and organizational skills.
Ability to preserve credibility with the team and external constituents through sustained industry knowledge.
Ability to motivate teammates to achieve excellence and willingly shares knowledge.
Proven experience executing cyber threat hunting, incident response, or other relevant security operations.
Familiarity with common enterprise scripting languages (PowerShell, Python, Bash, etc.).
Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.
Excellent problem solving, communication and collaboration skills.
