Background: We are looking for an IT Security professional to join the CISO team, under the Policy and Planning division (IPP) of the Information Technology Department (ITE), who has experience performing risk assessments of security controls covering the life cycle of information system and technologies based in the cloud (IaaS, SaaS, and PaaS) or on-premises.
The Team: The ITE department is responsible for formulating the Bank’s IT Strategy, its implementation and providing related tools, solutions and services. It is also the focal point for all IT services (infrastructure and applications), architecture, policies, and cybersecurity for the IDB.
What you’ll do: Working with the very collaborative IT Security Policy Team, you will:
Evaluate the security design and configurations of on-premises and cloud-based solutions, to identify potential security risks and recommend appropriate security controls to mitigate those risks
Evaluate and perform risk analysis of cloud service providers by reviewing their security controls and compliance reports. The analysis will include findings and recommended mitigating controls as applicable.
Maintain different security standards, hardening baselines, and guidelines
Participate in the accreditation process for IT solutions being delivered by project teams. This accreditation focuses in the evaluation of security controls implemented in solutions built in house, outsourcers or by third parties
Participate in the execution of the IT Internal Controls Framework, which evaluates the effectiveness of the implementation and execution of a predefined set of IT controls for financial systems
Participate in the development of reports, using modern analytics tools, with metrics and indicators that show current state and progress of the compliance review
Work with new technologies in a very dynamic environment
Have freedom to innovate, bring ideas to leverage technologies to promote automation and improve delivery of our services
What you’ll need:
Citizenship: You are a citizen of one of our 48-member countries
Consanguinity:?You have no family members (up to fourth degree of consanguinity and second degree of affinity, including spouse) working at the IDB Group
Education: Bachelor’s degree or equivalent in Computer Science or related fields.
Experience:?At least 2 years of relevant experience in the Information Security or IT Risk fields
Languages: Fluency in English is a requirement. Knowledge of another official Bank language (Spanish, Portuguese and/or French) is required
Core and Technical Competencies:
Certifications in the fields of information security, IT risk, cloud security are desirable
Experience administering and, creating and applying security hardening policies to Windows/Linux servers
Experience auditing information systems and technologies
Knowledge of Cloud technologies, Cloud Security, and trends
AWS or Azure administration experience is desirable
Ability to write technical documents in English
Experience in quality assurance for IT implementations
Experience analyzing as-is processes to produce assessments and recommendations to improve them
Experience creating and analyzing indicators and metrics based on risk
Knowledge of IT Policy, Audit, Compliance, and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST, COBIT and COSO Frameworks
Internal Number: 2000000493
About Inter-American Development Bank
At the Inter-American Development Bank, we’re devoted to improving lives. Since 1959, we’ve been a leading source of long-term financing for economic, social, and institutional development in Latin America and the Caribbean. We do more than lending though. We partner with our 48 member countries to provide Latin America and the Caribbean with cutting-edge research about relevant development issues, policy advice to inform their decisions, and technical assistance to improve on the planning and execution of projects. For this, we need people who not only have the right skills, but also are passionate about improving lives.