Senior Security Engineer, Information Protection and M365 Security
Apply NowCompany: The World Bank Group
Location: Washington, DC 20011
Description:
Senior Security Engineer, Information Protection and M365 Security
Job #:
req32448
Organization:
World Bank
Sector:
Information Technology
Grade:
GG
Term Duration:
3 years 0 months
Recruitment Type:
Local Recruitment
Location:
Washington, DC,United States
Required Language(s):
English
Preferred Language(s):
Closing Date:
4/7/2025 (MM/DD/YYYY) at 11:59pm UTC
Description
Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org
ITS Vice Presidency Context:
The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w
ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions.
The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.
Unit Context
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG's business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG's information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance. ITSSR consists of three main units: 1) ITS Risk Management, Compliance, and Policy, 2) ITS Information Security Operations (ITSIS), and 3) Program Management Office (PMO).
Roles & Responsibilities:
The Senior Information Security Officer will have overall responsibilities for executing the work program under the Security Engineering team; as well as for working as an integral part of the ITSIS team in executing ITSSR work programs.
The primary responsibilities will include, but are not limited to, the following:
Plan, socialize and oversee the implementation of a data access governance program for Cloud and on-premise data repositories.
Develop policy framework for data repository usage, to ensure compliance with data protection and governance standards over the lifecycle of the solution.
Oversee directory services security management, including Active Directory and Entra ID.
Develop strategies for Identity and Access Management (IAM) solutions, considering entitlement management and governance principles.
Develop and enforce policies for user access, entitlements, and group management.
Design, deploy, and manage information protection technologies, including Microsoft Digital Rights Management (DRM), Microsoft Purview, and Data Loss Prevention (DLP) solutions.
Develop operational procedures to monitor and manage data protection technologies ensuring effective protection of sensitive information.
Work closely with business units and stakeholders to provide guidance on data access management and enforcement of policies, rules and safeguards.
Propose guardrails that ensure least privilege access to data throughout the data lifecycle, enhancing user-experience and mitigating the risks of controls bypass and Shadow IT.
Collaborate with technical and non-technical teams to design, present to management, and implement data protection processes and solutions that reduce risks from insider threats and data breaches.
Design, implement, and securing AI systems, with a focus on mitigating vulnerabilities and defending against data breaches and cyber threats.
Selection Criteria
Master's degree preferred in information assurance, computer science, engineering or related technical field.
7+ years' experience in security systems administration, with 2+ years' technical hands-on data protection practitioner experience.
Expert knowledge of SharePoint and associated security best practice and configuration.
Familiarity with directory services management, role-based access, entitlement management and governance solutions
Solid understanding and practical experience with SharePoint Online, and Information protection technologies, including DLP, DRM, and data classification.
Knowledge of information protection principles and control frameworks including CIS, NIST, Zero Trust, etc.
Familiarity with regulatory requirements and laws, such as Payment Card Industry (PCI), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following is required: ISO 17799, ITIL, NIST Cybersecurity Framework (CSF).
Proficiency with one or more scripting languages (e.g., Python, PowerShell and Bash) and proven experience in scripting to automate IT and security tasks.
Proven ability to conduct research independently and present results effectively.
Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
A solid understanding of SAFe (Scaled Agile Framework) Agile methodologies, including its core principles, practices, and processes, such as Lean-Agile mindset, Program Increment (PI) planning, Agile Release Trains (ARTs), and continuous delivery pipelines.
Strong written and oral communication skills across varying levels of the organization, including the capacity to communicate complex and technical issues in simple terms.
Organized with the ability to prioritize and complete tasks within defined SLAs.
Excellent judgment and the ability to make quick decisions when working with complex situations.
Possession of relevant industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), SANS GIAC, Certified Ethical Hacker (CEH), Microsoft security and administration related certifications.
World Bank Group Core Competencies
The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.
We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.
Learn more about working at the World Bank and IFC, including our values and inspiring stories.
Job #:
req32448
Organization:
World Bank
Sector:
Information Technology
Grade:
GG
Term Duration:
3 years 0 months
Recruitment Type:
Local Recruitment
Location:
Washington, DC,United States
Required Language(s):
English
Preferred Language(s):
Closing Date:
4/7/2025 (MM/DD/YYYY) at 11:59pm UTC
Description
Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org
ITS Vice Presidency Context:
The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w
ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions.
The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.
Unit Context
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG's business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG's information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance. ITSSR consists of three main units: 1) ITS Risk Management, Compliance, and Policy, 2) ITS Information Security Operations (ITSIS), and 3) Program Management Office (PMO).
Roles & Responsibilities:
The Senior Information Security Officer will have overall responsibilities for executing the work program under the Security Engineering team; as well as for working as an integral part of the ITSIS team in executing ITSSR work programs.
The primary responsibilities will include, but are not limited to, the following:
Plan, socialize and oversee the implementation of a data access governance program for Cloud and on-premise data repositories.
Develop policy framework for data repository usage, to ensure compliance with data protection and governance standards over the lifecycle of the solution.
Oversee directory services security management, including Active Directory and Entra ID.
Develop strategies for Identity and Access Management (IAM) solutions, considering entitlement management and governance principles.
Develop and enforce policies for user access, entitlements, and group management.
Design, deploy, and manage information protection technologies, including Microsoft Digital Rights Management (DRM), Microsoft Purview, and Data Loss Prevention (DLP) solutions.
Develop operational procedures to monitor and manage data protection technologies ensuring effective protection of sensitive information.
Work closely with business units and stakeholders to provide guidance on data access management and enforcement of policies, rules and safeguards.
Propose guardrails that ensure least privilege access to data throughout the data lifecycle, enhancing user-experience and mitigating the risks of controls bypass and Shadow IT.
Collaborate with technical and non-technical teams to design, present to management, and implement data protection processes and solutions that reduce risks from insider threats and data breaches.
Design, implement, and securing AI systems, with a focus on mitigating vulnerabilities and defending against data breaches and cyber threats.
Selection Criteria
Master's degree preferred in information assurance, computer science, engineering or related technical field.
7+ years' experience in security systems administration, with 2+ years' technical hands-on data protection practitioner experience.
Expert knowledge of SharePoint and associated security best practice and configuration.
Familiarity with directory services management, role-based access, entitlement management and governance solutions
Solid understanding and practical experience with SharePoint Online, and Information protection technologies, including DLP, DRM, and data classification.
Knowledge of information protection principles and control frameworks including CIS, NIST, Zero Trust, etc.
Familiarity with regulatory requirements and laws, such as Payment Card Industry (PCI), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following is required: ISO 17799, ITIL, NIST Cybersecurity Framework (CSF).
Proficiency with one or more scripting languages (e.g., Python, PowerShell and Bash) and proven experience in scripting to automate IT and security tasks.
Proven ability to conduct research independently and present results effectively.
Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
A solid understanding of SAFe (Scaled Agile Framework) Agile methodologies, including its core principles, practices, and processes, such as Lean-Agile mindset, Program Increment (PI) planning, Agile Release Trains (ARTs), and continuous delivery pipelines.
Strong written and oral communication skills across varying levels of the organization, including the capacity to communicate complex and technical issues in simple terms.
Organized with the ability to prioritize and complete tasks within defined SLAs.
Excellent judgment and the ability to make quick decisions when working with complex situations.
Possession of relevant industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), SANS GIAC, Certified Ethical Hacker (CEH), Microsoft security and administration related certifications.
World Bank Group Core Competencies
The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.
We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.
Learn more about working at the World Bank and IFC, including our values and inspiring stories.