Work for the IMF. Work for the World.
**This position is being readvertised. Previous Candidates need not reapply. **
The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration ofcutting-edgetechnology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.
Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand asguardiansof integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:
Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to theutilizationof the IMF's information assets, ensuring a secure operational framework.
Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.
Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the IMF's mission.
Overseeing cyber threatintelligence,incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.
As we expand our efforts to serve the IMF's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills andexpertiseto address the current and forthcoming cybersecurity and business challenges faced by the IMF.
The Information Technology Department (ITD)'s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) isseekingto fill aSecurity Analyst/Senior Security Analyst (Infrastructure Security)position.
Under the general supervision of an information security assurance manager, theSecurity Analyst/Senior Security Analyst (Infrastructure Security)will provideexpertisewith definition, design, engineering, and validation of security configuration of technology platforms in the cloud and on-premises.
The candidate willbe requiredto work with project teams, service providers, and business unitsinternalandexternalto the Fund's IT function. The candidate is expected to bring pragmatic on-premises and cloud security and risk management experience, allowing the Fund to meet its present and emergent business needs. The candidate is expected to advise and influence technology and business personnelregardingthe value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally; work practices are optimized so that the information risks are managed.
Minimum Qualifications
Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10years of relevant experience workingin infrastructure or enterprise security roles;OR
Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of4years of relevant experience workingin infrastructure or enterprise security roles.
Certifications: (Minimum plus at least 2 preferred)
Experience should include:
- Proventrack recordin delivering technical security assurance and engineering solutions, with practical implementation experience in operational security within regulated environments.
- Extensive technical security experience across a broad range of core Azure services, including Microsoft 365 security controls, Entra ID, Microsoft Defender suite, Azure network security, and other key components of the Microsoft security ecosystem.
- Advanced working knowledge (preferablyprevioushands-on experience) in:
- Wide array of Infrastructure servicese.g.Virtualization Platform, Linux and Windows Operating systems and OS applications, Active Directory and related services, Networking services - switches and routers and other supporting servicesWeb Servere.g.Apache and IISApplicationse.g.Tomcat and other application serversDatabase systeme.g.MSSQL,PgSQL, Oracle,MongoDBetc.
- Security technologiese.g.Firewall (Checkpoint, Palo Alto, Azure Firewall), IDS/IPS, Proxy service (forward and reverse), Zero trust, SIEM, SOAR, Networkdetectionand Response (NDR)
- Hands-on security configuration of platforms (cloud and non-cloud).
- Basic IT consultancy skills. Demonstratesexpertisein securing application, database, and infrastructure components through tailored hardening approaches, employing modern tools and techniques to protect the full technology stack.
- Pragmatic security expert with an inherent ability to balance security demands with business reality.Demonstrates a commitment to continuous learning to stay current with the evolving cybersecurity landscape and to effectively apply security controls that support business goals.
- Strong knowledge of security solutions, emerging threats, and effective countermeasures.
- Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
- Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
- Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues.
- Interpersonal skills that create openness and trust among colleagues.
- Ability to work well under pressure and to meet tight deadlines. Demonstratesa high levelof motivation, confidence, integrity, and responsibility.
- Ability to be organized,responsive,and to be able to effectively multi-task with a focus on driving results.
- Demonstrate excellent interpersonal and relationship management skills. This includes the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers.
- Ability to work well under pressure and to meet tight deadlines, whilstdemonstratinga high levelof motivation, confidence, integrity, and responsibility.
- Excellent relationship management skills. Facilitation and conflict management skills that enable effective working relationships.
Major Duties and Responsibilities
Specific responsibilities include:
- Senior individual contributor to provide cybersecurity assuranceexpertisefor a broad range of IT initiatives. This includes but is not limited to defining, guiding theengineeringandvalidatingimplementation of technology agnostic security control standards, technology-specific configuration baselines (Security Hardening)and implementation guidelines for technology platforms (both cloud and on-prem) and services.
- Maintainsimpartiality around IT systems to produce unbiased reports on information security risk.
- Conducts quality assurance reviews of security requirements and audit recommendations for the implementation ofidentifiedsolutions.
- Effectively communicates requirements and educates stakeholders in IT divisions onappropriate securitydesign and technical configuration of related controls on IT platforms throughout their lifecycle,
- Works closely with IT project teams to develop implementation plans for new security-related products,Platformsand services.
- As an advocate of information security,worksclosely and proactively with IT stakeholders, service providers, and business units to provide security-related technical solutions.Identifiesopportunities to improve business practices or IT security-related processes.
- Prioritizes,monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality.
Other ad hoc responsibilities may include:
- Support the information security assurance manager inmaintainingthe Fund's ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers.
- Keeps abreast of international information security codes of practice such as ISO 27001/27002, informationsecurityand privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the IMF.
- Analyzes, recommends, and implements process improvements within the context of information security.
This is a one-year contractual appointment. Contractual appointments at the IMF are renewable for up to four years of cumulative contractual service, pending incumbent's performance, budget availability, and continuous business need.
Department:
ITDSG Information Technology Department Information Security & Governance
Hiring For:
A11, A12
The IMF is guided by the principle that the employment, classification, promotion, and assignment of staff shall be made without discrimination against any person. We welcome requests for reasonable accommodations for disabilities during the selection process. Information on how to request accommodations will be provided during the application process.