ET Consultant - IT Compliance

Description

Do you want to build a career that is truly worthwhile? Working at the World Bank provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank consists of two entities – the International Bank for Reconstruction and Development (IBRD) and the International Development Association (IDA). It is a global development cooperative owned by 189 member countries. As the largest development bank in the world, the World Bank provides loans, guarantees, risk management products, and advisory services to middle-income and creditworthy low-income countries, and coordinates responses to regional and global challenges. Visit www.worldbank.org.

ITS Vice Presidency Context:

Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty and promote shared prosperity in a sustainable way by delivering transformative information and technologies to its staff working in over 150 locations.

Our vision is to transform how the Bank Group accomplishes its mission through information and technology. In this fast-paced, ever-changing world, the formulation and implementation of the ITS strategy is an ongoing, iterative process of learning and adaptation developed through extensive consultations with business partners throughout the World Bank Group.

ITS shapes its strategy in response to changing business priorities and leverages new technologies to achieve three high-level business outcomes: business enablement, by providing Bank Group units with innovative digital tools and technologies to transform how they deliver value for their clients; empowerment & effectiveness, by ensuring that all Bank Group staff are connected, able to find information, and productive to accelerate the delivery of development solutions globally; and resilience, by equipping the Bank Group to provide risk-based cybersecurity and robust data protection for a global network and a growing cloud platform.

Implementation of the strategy is guided by three core principles. The first is to deliver solutions for business partners that are customer-centric, innovative, and transformative. The second is to provide the Bank Group with value for money with selective and standard technologies. The third principle is to excel at the basics by providing a high performing, robust, and resilient IT environment for the organization.

The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives.

Duties and Accountabilities:

• Support the Internal Controls over Financial Reporting (ICFR) program for IT General Controls. Collaborate with external auditors on audit planning, testing and evaluation procedures, and ensure compliance with the requirements.

• Assist in controls implementation including documentation of processes and procedures to address the ICFR requirements for the IT General Controls for Information Security, Change Management and IT Operations areas.

• Evaluate the design and operating effectiveness of Information Technology General Controls and system-dependent automated controls.

• Conduct IT audits of operating systems, databases, platforms, cloud implementations and emerging technologies based on industry standards.

• Assess compliance against technical standards for various platforms and technologies.

• Conduct audits of IT processes and functions based on COBIT, ISO 27001 & ISO 20000 frameworks.

• Provide recommendations on how to remediate audit findings or noted exceptions.

• Discuss compliance and audit issues with stakeholders and develop action plans to address them.

• Perform other duties in the compliance work program, as assigned.

Selection Criteria

• Master’s degree with minimum 5 years relevant experience or Bachelor’s degree with minimum 7 years of relevant experience in information security, Information technology or IT audit related field.

• Experience in conducting design and operating effectiveness testing for the ITGCs.

• Experience in conducting technology audits for operating systems (UNIX, Windows), platforms, databases (Oracle, MS SQL) and cloud implementations.

Required Skills/Abilities:

• Demonstrated knowledge and experience in auditing IT and security controls for network, operating systems, databases, platforms and applications.

• Good understanding of industry standards and regulations including COBIT, COSO, and SOX.

• Knowledge of Emerging Technology - Participates in the evaluation of emerging technologies that are new to the information systems industry.

• Systems Thinking - Researches the critical and underlying relationships between primary business, technology and systems platforms.

• Client Orientation - Takes personal responsibility and accountability for timely response to client queries, requests or needs, working to remove obstacles that may impede execution or overall success.

• Drive for Results - Takes personal ownership and accountability to meet deadlines and achieve agreed-upon results and has the personal organization to do so.

• Teamwork (Collaboration) and Inclusion - Collaborates with other team members and contributes productively to the team's work and output, demonstrating respect for different points of view.

• Knowledge, Learning and Communication - Actively seeks knowledge needed to complete assignments and shares knowledge with others, communicating and presenting information in a clear and organized manner.

• Business Judgment and Analytical Decision Making - Analyzes facts and data to support sound, logical decisions regarding own and others' work.

• Ability to work independently and within groups, Must be self-motivated and able to work independently with minimal supervision.

• Excellent written and verbal communication skills and presentation skills.

• Highest ethical standards.

Certification Requirements:

• Industry certifications highly preferred, including but not limited to Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and Information Systems Security Management Professional (ISSMP).

World Bank Group Core Competencies

The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC, including our values and inspiring stories.