Cybersecurity, Information Security, Risk Management
4 Year Degree/Bachelor Degree
Background: We are looking for an IT Security professional to join the Policy and Planning division (IPP) of the Information Technology Department (ITE), who has experience performing risk assessments covering the life cycle of information system and technologies based in the cloud (IaaS, SaaS, and PaaS) or on-premises.
The Team: The ITE department is responsible for formulating the Bank’s IT Strategy, its implementation and providing related tools, solutions and services. It is also the focal point for all IT services (infrastructure and applications), architecture, policies and security for the IDB.
What you’ll do: Working with the IT Security Policy Team leader, you will:
Work evaluating the security design and configurations of on-premises and well as cloud-based solutions, identifying potential security risks and recommending security controls to mitigate those risks
Work evaluating security controls, frameworks used, and compliance reports from third party cloud service providers
As a deliverable of every evaluation, produce a final risk assessment document including findings and mitigating controls as applicable.
Maintaining up to date the security standards and guidelines the IPP CISO is responsible for, including technical OS and application security hardening baseline configurations
Participate in the accreditation process for IT solutions being delivered by project teams. This accreditation focuses in the evaluation of security controls implemented in solutions built in house, outsourced, or by third parties
Participate in the execution of the IT Internal Controls Framework, which evaluates the effectiveness of the implementation and execution of a predefined set of IT controls for financial systems
Participate in the process to develop automated processes to verify compliance with established technology security standards and best practices
Participate in the development of reports, using modern analytics tools, with metrics and indicators that show current state and progress of the compliance reviews
What you’ll need:
Citizenship: You are a citizen of one of our 48-member countries. We may?offer assistance?with relocation and visa applications for you and your eligible dependents.
Consanguinity:?You have no family members (up to fourth degree of consanguinity and second degree of affinity, including spouse) working at the IDB Group.
Education: Bachelor’s degree or equivalent in Computer Science or related fields.
Experience:?At least 2 years of relevant experience in the Information Security or IT Risk fields.
Languages: Fluency in English is a requirement. Knowledge of another official Bank language (Spanish, Portuguese and/or French) is required.
Core and Technical Competencies:
Certifications in the fields of information security, IT risk, cloud security are desirable
Experience administering and, creating and applying security hardening policies to Windows/Linux servers
Experience auditing information systems and technologies
Knowledge of Cloud technologies, Cloud Security, and trends.
AWS or Azure administration experience is desirable.
Ability to write technical documents in English.
Ability to interact with different IT Teams.
Experience in quality assurance for IT implementations.
Experience analyzing as-is processes to produce assessments and recommendations to improve them
Experience creating and analyzing indicators and metrics based on risk
Knowledge of IT Policy, Audit, Compliance, and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST, COBIT and COSO Frameworks.
Internal Number: 1900000816
About Inter-American Development Bank
At the Inter-American Development Bank, we’re devoted to improving lives. Since 1959, we’ve been a leading source of long-term financing for economic, social, and institutional development in Latin America and the Caribbean. We do more than lending though. We partner with our 48 member countries to provide Latin America and the Caribbean with cutting-edge research about relevant development issues, policy advice to inform their decisions, and technical assistance to improve on the planning and execution of projects. For this, we need people who not only have the right skills, but also are passionate about improving lives.