1. Supports and maintains cloud security assurance framework and processes for performing continuous information security assurance assessments across existing and new cloud technologies, service providers, and internal/external General Computer Controls (ITGCC). Guides Fund personnel on the appropriate security assurance management strategies. Supports information security related assurance issues across the IMF.

2. Validates information security key controls to identify control risks, analyzes root causes and trends in potential control weaknesses. Suggests new controls to meet risk-based expectations where applicable.

3. Guides, monitors, and drives mitigation of identified risks in cloud solutions and financial systems through follow-up and follow-through with lines of business and IT stakeholders.

4. Collaborates with cloud technology platform teams to evolve automation footprint of security controls validation.

5. Continuously monitors the effectiveness of security controls in cloud environments and financial systems through comprehensive assessments across domains including but not limited to IAM, secure CI/CD pipeline, data security/protection, incident management, vulnerability management, key management, cryptography, etc.

6. Supports the Section Chief as the audit liaison for the IT Department as it relates internal audit, external audit entities, and committees. Supports the coordination of audit-related tasks such as ensuring the readiness of IT managers and staff for audit testing, and facilitates the tracking, timely resolution and reporting of any audit findings.

7. Contributes to improvements in information security KPI’s and KRI’s. Supports the communication and reporting on security metrics to stakeholder governance groups.

8. Maintains independence and impartiality around IT systems and IT/business processes to produce unbiased reports on information security.

Requirements:

Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 4 years of progressive information security work experience OR Bachelor’s degree in information security, computer science, engineering, mathematics, or related field of study and minimum 10 years of progressive information security work experience.

• Candidates should possess one or more globally recognized information security professional certifications e.g., CCSP, CISSP, CISM, etc. One of the certifications should be cloud-platform security focused e.g., Microsoft Certified: Cybersecurity Architect Expert, GIAC PCS, GIAC CTD, GIAC CFR, GIAC CSA, etc.
• Experience with assessment of a comprehensive and broad set of security technologies and processes, data security, cryptography, key management, identity, and access management, cloud API integration, network security, logging and monitoring within SaaS, IaaS, PaaS, and other cloud environments.

Work Management Skills

• Navigates through obstacles and challenges effectively and demonstrates commitment to deliver successful results.
• Ability to collaborate with IT and business colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.
• Ability to balance multiple priorities and demands.
• Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
• Interpersonal skills that create openness and trust among colleagues.
• Facilitation and conflict management skills that enable effective working relationships.
• Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
• Pragmatic security expert with an inherent ability to balance security demands with business reality.

Technical Skills

Knowledge of and experience with:

• Integrating information security compliance requirements into project management, service management, security architecture, ITIL, and SDLC frameworks.
• Applying information security controls in infrastructure, network, endpoints, applications, and database system technologies.
• Designing and assessing operating effectiveness of technical security controls that enable ICFR.
• Proven experience implementing security programs in cloud environments such as Azure (preferred), AWS, or GCP.
• Design and implementation of security initiatives associated with control frameworks including but not limited to CSA CCM & STAR, ISO 27017, NIST CSF, COSO, SWIFT CSCF, etc.