Security Analyst (Awareness) – ITD

JOB DESCRIPTION

 

Job Summary

The IT Department’s Information Security and Governance Division is seeking a a Security Analyst (Awareness). Under the supervision of the Section Chief (Information Security), this role will provide security expertise and execution of the IMF’s Information Security Culture, Training and Awareness Program.

The selected candidate is expected to bring pragmatic risk-based work experience allowing for the Fund to meet its present and emerging business needs.

 

 

Major Duties and Responsibilities

1. Enables the development and implementation of annual objectives and tactical plans to achieve strategic initiatives of the IMF’s Information Security Culture, Training and Awareness Program (“the Program”).

 

2. Plans for the Development of Effective Security Awareness Campaigns to meet the needs of the Program.

  • Identifies and evaluates top human risks to the organization and the behaviors that must change to mitigate those risks.
  • Participates in the development and promotion of Information Security policies for general awareness.
  • Develops, reviews, implements, and maintains a security awareness program to mitigate human risks present in the organization’s extant operating environment.
  • Establishes mechanisms to effectively measure the performance of the security awareness program.
  • Establishes, and maintains, an understanding of security awareness of employees in the organization.
  • Works with relevant business units to improve security awareness.

3. Manages and Leads Security Awareness Campaigns.

  • Creates and manages effective awareness training and communications.
  • Work with IMF learning management system admins to deploy training modules in a timely manner.
  • Targets campaigns to specific segments of the employee population.
  • Ensures employees and third parties understand, acknowledge, and fulfill all applicable information security policies..
  • Encourages employee engagement with information security broadly.

4. Reviews and Iterates Security Awareness Campaigns

  • Ensures security awareness trainings, communications are engaging and influences changes in employees’ behavior.
  • Assesses effectiveness of each major campaign using a metrics framework and incorporates employee feedback.
  • Iterates and continuously improves upon existing awareness campaigns as appropriate

5. Manages the social engineering defense initiative including, but not limited to:

  • planning, creating, and scheduling of social engineering simulations
  • creation of internal communications related to the simulations
  • reviewing reports for actionable insights and determine adjustments to constantly improve the program and strengthen staff resilience to cyber breaches

6. Supports the Section Chief (Information Security) with the management of a Security Ambassador Program via the Departmental Information Security Contacts (DISCs).

7. Monitors cyber security industry news, threats, and trends for internal educational opportunities.

 

Minimum Qualifications

Advanced degree in information security, computer science, engineering, mathematics, communications, or related field of study plus a minimum of 4 years of relevant work experience; or a bachelor’s degree in information security, computer science, engineering, mathematics, communications, or related field of study and minimum 10 years of relevant work experience.

  • Possess globally recognized information security certifications. This includes certifications such as CISSP, CISM, etc.
  • Strong critical thinking and problem-solving skills.

 

In addition, the selected candidate will have:

  • Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to both technical non-technical stakeholders.
  • Excellent relationship management skills and experience with change management of organizational culture.
  • Demonstrable knowledge of the principles of social engineering, information handling and protection.
  • Designing and executing social engineering campaigns using commercial solutions and services.
  • Interpersonal skills that create openness and trust among colleagues.
  • Experience with eLearning design.

 

Department:

ITDAI SG Information Technology Department Immediate Office Information Security Group 

Hiring For:

A11, A12 

The IMF is committed to achieving a diverse staff, including age, creed, culture, disability, educational background, ethnicity, gender, gender expression, nationality, race, religion and beliefs, and sexual orientation.