Section Chief (Security Operations) – ITD

4 نوفمبر، 2022

0 9 4 دقائق

الوصف الوظيفي

Job Summary

IT Department’s Enterprise Platforms Division is looking to hire a Section Chief (Security Operations). This position reports to the Head of Enterprise platform to make tactical and strategic recommendations on how to improve the Fund’s information security posture. The selected candidate will be responsible for managing the entire Information Security Technology stack.

In addition, the selected candidate will:

Ensure that value is achieved as anticipated from any outsourced relationships under management.
Ensure that the overall services are delivered as expressed in the contract Statement of Work and related exhibits, that the service levels for outsourced services/functions are maintained and continually improved, and that any problems with the day-to-day delivery of services provided by the Supplier are minimized.
Liaise closely with process owners and managers, IT teams, architects, and other stakeholders to ensure compliance with ITD strategy, security policies and standards for the entire lifecycle of the services delivered.
Establish the roadmap for the Information Security Technology platforms to match the roadmaps of IT products and platforms that rely on those platforms.
Educate the stakeholder on secure use of the Security stack to standardize service delivery and maximize return on investment.
Manage the Information security budget and advises the head of the Enterprise platforms of Information Security spent and technology acquisitions.

Major Duties and Responsibilities

Leads and directs Cybersecurity Engineering and Operations teams comprising staff, vendors and MSP personnel ensuring delivery of key services.
Works with Product and Platform owners to facilitate prioritization of work in alignment with the business and supplier response to demand.
Coordinates services, projects, and plans to ensure priorities are addressed appropriately.
Ensures the appropriate implementation of Transition and Transformation initiatives.
Works closely with the vendor management office (VMO) to ensure service delivery from the supplier meets agreed performance standards, driving value and performance.
Coordinates root-cause and trend analyses to identify areas of improvement in integrated, Cross-Delivery Service Management and service delivery.
Participates in capacity and demand planning with product/platform leadership, supplier, and Service Managers – Acts as primary liaison contact person for client and supplier regarding Information Security service delivery requirements, issues, changes, and performance.
Reviews and authorizes work orders/requests for platform services.
As operational problems occur, reviews recovery and permanent fix plans.
Reviews and monitors service delivery and management problems, process issues, and escalation procedures.
Establishes Cybersecurity Operational Metrics, conducts regular service reviews; manages and audits Supplier performance and productivity relative to Service Level Agreements.
Works with Architects to set strategic direction for Information Security technology stack.
Ensures platform security standards are maintained and implement an automated program to avoid technical obsolescence.
Provides technical expertise across multiple platform areas. Identifies and defines new and secure technologies for business units, recommending short-term alternatives where appropriate. Participates in analysis of cost, benefit, and risk. Oversees the implementation of Information Security solution prototypes or proof of concept projects for emerging Information Security Technology products and services.
Orchestrates and Automates Information Security Technology stack to achieve economies of scale and optimized delivery of Information Security Services and eliminate process waste.
Oversees Security Architecture, Security configuration Controls engineering and Implementation
Develops, maintains, and supports an intelligence capability to identify current and emerging IT security risks to the organization. Investigates within policy provisions, all infrastructure and application intrusions and data theft by internal and external threat actors and threat vectors.
Manages all aspects of the Fund’s vulnerability program (configuration, scanning, tracking, remediation, and verification) and continuously maintains security baseline compliance and patch monitoring.
Maintains a robust security monitoring strategy through continuous management of advanced correlated business and technology rules to detect common and advanced information security threats.
Manages the overall Cybersecurity budget and demonstrates value on security spend to various stakeholders as requested.
Coordinates all administrative activities of cybersecurity operations including oversight of cyber security analysts, recruitment of qualified analysts, shift management, monitoring non-compliance to security policies and procedures, and secure management of privileged access by analysts.

Minimum Qualifications

Educational development, typically acquired through the completion of an advanced university degree in computer science, engineering, mathematics or related field of study or equivalent, plus a minimum of eight years of relevant professional experience; or a bachelor’s degree in computer science or a related field of study plus a minimum of 14 years of relevant professional experience, is required.

This vacancy shall be filled by a 3-year Term appointment in accordance with the Fund’s new employment rules that took effect on May 1, 2015.

الوصف الوظيفي

المهارات

In addition, below skills are preferred:

Demonstrated technical domain experience in ITIL-based Service Management and Information Security Domains.
Technical expertise in the following Information Security Engineering and Operations domains: Cloud Security, Network Security, Federation Services, Endpoint Security, Database Security, Identity and Access Management, Key and Certificate Management, Privilege Access Management, and Security Monitoring.

Skills and Experience

Relationship Management Skills

Demonstrates ability to fully and successfully represent the department to internal audiences.
Has effective business relationships outside the Fund.
Deals proficiently with executive/deputy directors and country officials.
Demonstrates significant fungibility and collaboration across departmental work.
Leverages contacts inside and outside division and knows where to go for information to effectively accomplish responsibilities.

Leading and Managing Skills

Demonstrates leadership and motivates teams.
Delegates appropriately and fosters teamwork.

Work Management Skills

Fulfills a more formal role in planning, organizing, and effectively completing large or complex team projects.
Navigates through obstacles and challenges effectively and demonstrates commitment to deliver successful results.
Deals with the project from beginning to end; leads the project in all aspects ensuring all deliverables are in scope, on time, and in budget.
Technical leadership and vision in the domains that make up the Information Security Platform.
Demonstrated experience managing managed service providers, including negotiation and enhancement of metrics and SLAs used to maximize value delivered.
Ability to collaborate with IT colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.
Ability to manage a broad portfolio of platforms and services; ability to balance multiple priorities and demands.
Ability to manage and deliver on multi-million projects and task orders.
Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
Interpersonal skills that create openness and trust among colleagues.
Facilitation and conflict management skills that enable effective working relationships.
Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
Pragmatic security expert with an inherent ability to balance security demands with business reality.