Security Analyst/Senior Security Analyst (Technical cyber risk management) - ITDSGGR (Contractual)

International Monetary Fund - IMF

Staff Closes 09 Jul 2026 1 days left

Overview

The Information Technology Department (ITD) is seeking Security Analysts/Senior Security Analysts to provide expertise in security risk management and assessment of Azure cloud services, IT products, platforms, services, and solutions with complex hybrid architectures, and Identity and Access Management Governance.


Key Responsibilities
  • Provide expertise with security risk management and assessment of Azure cloud services, IT products, platforms, and services (cloud and non-cloud), solutions with complex hybrid architectures, and Identity and Access Management Governance.
  • Work with project teams, service providers, and business units internal and external to the Fund’s IT function.
  • Advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and activities.
  • Act as a senior individual contributor for information security risk management projects.
  • Deliver information security risk assessments for large-scale IT implementation projects.
  • Consult and review the implementation of authentication, authorization, and cryptography mechanisms within applications.
  • Consult with security assurance function on the delivery of technical security standards, configuration baselines and related procedures.
  • Collaborate with other security functions to review and apply appropriate risk levels to assessment outputs.
  • Maintain impartiality around IT systems to produce unbiased reports on information security risk.
  • Work closely with IT project teams to develop implementation plans for new security-related products and services.
  • Conduct quality assurance reviews of security requirements for the implementation of identified solutions.
  • Define/enhance process and procedures for using external security service providers.
  • Train staff and managers in IT divisions to identify and manage risks throughout the project lifecycle.
  • Manage the engagement process of external risk assessment providers and act as a liaison with internal IT project teams and business units.
  • Provide security-related technical solutions.
  • Identify opportunities to improve business practices or IT security-related processes.
  • Analyze, recommend, and implement process improvements within the context of information security.
  • Support governance activities for Identity and Access Management, where requested.
Required Experience
  • Minimum of 10 years of relevant experience working as a technical information security risk manager or information security architect; OR Advanced degree plus a minimum of 4 years of relevant experience working as a technical information security risk manager or information security architect. Experience must include:
  • Prior work in a technical cybersecurity risk management function at organizations with security related regulatory requirements.
  • Practical use of risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking and reporting, and metrics (accreditation and certification).
  • Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.
  • Embedding security into processes such as SDLC, Project Lifecycle, ITIL, etc.
  • Demonstrated cybersecurity expertise with infrastructure, applications, and database system technologies.
  • Basic IT consultancy skills.
  • Ability to consult and deliver on the security hardening of application and infrastructure components, including tools, and techniques to ensure the security of application, database, and infrastructure components.
  • Pragmatic security expert with an inherent ability to balance security demands with business reality.
  • Ability to quickly grasp how new technologies work and how security controls should be applied to achieve business goals.
  • Familiarity with a broad range of security technologies supplemented by in-depth knowledge in specific areas of relevance.
  • Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
  • Knowledge of security solutions, latest threats, and countermeasures.
  • Direct experience as a power user of Cybersecurity GRC/ solutions, tools, and technologies, specifically ServiceNow and Archer.
  • Projects or roles requiring coordination across lines of defense working with technical, business, compliance, risk, and audit teams to deliver solutions.
Qualifications
  • Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study. OR Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study. Certifications:
  • CISSP or CISM (minimum required)
  • CCSP (preferred)
  • Microsoft Certified: Cybersecurity Architect Expert (preferred)
  • Other Microsoft cloud security related certifications at the Expert level (preferred)
  • GIAC certifications (preferred)
  • Offensive security related certifications (preferred)
Other Details
Languages Required
Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
Languages Preferred
Not specified
Contract Duration
one-year contractual appointment
Work Modality
Not specified
Remuneration
Not specified
Apply

Similar Opportunities

INGO.WORK: