Cybersecurity, Information Security, Risk Management
IT Security and Risk - Sr. Specialist or Specialist
Background: The Inter-American Development Bank is looking for an IT security and risk expert to work in the Security and Risk Team. The candidates should have experience designing, engineering, and implementing security solutions for IaaS, SaaS, and PaaS environments and performing IT risk assessments of security controls.
The team: The IT department designs and implements the Bank’s IT Strategy and provides the governance, tools, solutions, and services to implement it. The IT Security and Risk Team is part of the IT Policy and Planning Division which is responsible for IT policies, architecture, security risk and governance for the IDB Group.
What you’ll do:
Establish, maintain, and continuously enhance the Information Security and IT Risk Management program, which includes alignment of the program with standard Cybersecurity Frameworks and the contextual analysis of the security landscape to propose new creative and innovative projects and ideas to eliminate gaps and optimize existing processes.
Provide security domain expertise to the various cloud operations and development teams, to design and integrate secure cloud architectures and methodologies across SaaS, PaaS, IaaS, serverless compute and event-driven platforms.
Maintain, monitor, report and continuously improve the IT risk and Cybersecurity dashboard, using modern analytics tools, that includes key security indicators and metrics, such as the information technology risk register, and its alignment with the Bank’s Digital strategy.
Work collaboratively with other teams to integrate security controls in the DevSecOps pipeline and the automation of detection and remediation actions to ensure compliance with established security standards.
Identify, assess, and communicate current and emerging security threats, vulnerabilities, risks, business impact and exposure, and develop security architecture elements to mitigate them.
Coordinate and improve the Bank’s information security awareness program to promote broader use of security standard methodologies in the Bank. Liaise with key Bank Stakeholders to assist and collaborate in the dissemination of the security awareness materials and training and identify challenges and opportunities.
Participate in the execution of the IT Internal Controls Framework, which evaluates the effectiveness of the implementation and execution of a predefined set of IT controls for financial systems.
Skills you will need:
You hold a Master’s degree (or equivalent education such as a 5 year Licenciatura) in Cybersecurity, Computer Science or related field.
Minimum 8 years combined experience in cybersecurity, risk management or software development.
Experience with designing and implementing cybersecurity controls to identity, protect, detect, respond, and recover from cyber threats and vulnerabilities.
Experience working with and implementing common frameworks and security and compliance standards such as Cloud Security Alliance (CSA) cloud controls, ISO 27001, SWIFT CSP, OWASP, SOC, and NIST CSF.
Technical skills in cloud and security design in AWS and Azure incorporating native security controls (including network firewalls, access control lists, encryption, auditing, and monitoring, alerting, secrets management, and security scores).
Experience programing and scripting.
Certifications in the fields of information security, IT risk, cloud security are desirable. AWS Certified Security Specialty, CISSP, CISM, CISA certifications are preferred.
Languages: You are proficient in English and in another Bank official language (Spanish, Portuguese and/or French).
Internal Number: 2100000377
About Inter-American Development Bank
At the Inter-American Development Bank, we’re devoted to improving lives. Since 1959, we’ve been a leading source of long-term financing for economic, social, and institutional development in Latin America and the Caribbean. We do more than lending though. We partner with our 48 member countries to provide Latin America and the Caribbean with cutting-edge research about relevant development issues, policy advice to inform their decisions, and technical assistance to improve on the planning and execution of projects. For this, we need people who not only have the right skills, but also are passionate about improving lives.