*Please submit resumes to go...@cy-tec.com*
Information Security Risk Analyst position, the manager is looking for
someone with experience in risk management methods (identification,
assessment, reporting) and processes. The individual should also be able to
look at risks from a business perspective and relate these back to specific
frameworks like ISO, COBIT, etc.
Location: Washington, DC
Duration: 12+ months
*Information Security Risk Management Risk Analyst (5+Years)
The Office of Information Security (OIS) provides information security
services to the WBG. OIS’s mission is to protect the WBG’s information
assets in a manner that supports the WBG's mission to free the world of
poverty. The office develops strategy, standards and processes to protect
the confidentiality, integrity and availability of WBG information assets in
a manner that is commensurate with their value and risk. OIS maintains an
information security program in way that respects the rights and dignities
of those it serves and addresses the needs of the WBG’s business units. OIS
is responsible for managing security strategy, operations and compliance
activities for the WBG’s five member institutions and protecting assets that
total more than $628 billion of annual investments in poor and developing
countries. In addition, OIS manages security across remote sites in over 180
countries across the globe.
OIS is in need of a contractor to work in the area of risk management
program design, implementation, planning, and coordination.
Duties and Accountability
The contractor will have responsibilities for specific individual tasks and
for working as an integral part of the team in executing OIS’s work program.
The primary responsibilities will include, but are not limited to, a
combination of the following:
· Develop, document, maintain and support the WBG’s information security
risk management program in line with WBG information security policy,
practices and leading industry standards;
· Understand WBG information security risks pertinent to its business goals
and technology infrastructure and design an enterprise information security
risk program to identify, assess and respond to risks;
· Maintain an up-to-date understanding of emerging trends in information
security risks; apply new techniques and trends, in-line with overall
information security objectives and risk tolerance of the WBG, to the WBG’s
information security enterprise architecture;
· Document risk management policies, practices and procedures;
· Work with technology and business teams to facilitate risk assessments,
risk evaluation and reporting;
· Provide business units with recommendations to reduce information security
risk within their areas;
· Prepare and present risk assessment reports to system owners, business
units and other;
· Work with technology and business teams to develop and document risk
mitigation action plans;
· Monitor and track the status of risk mitigation plans;
· Assist in developing and implement risk reporting requirements for OIS, IT
and the business stakeholders;
· Identify efficiencies to improve the performance and responsiveness of the
OIS information security risk function; and
· Assist with vendor assessments and risk and control evaluations of new
1. Bachelor’s degree in Computer Science, Information Systems or a related
2. Minimum five (5) years of experience working in an information security,
information technology, and information risk management related field.
3. Demonstrated experience leading risk management programs and
implementation for a financial services organization or other organizations
with similar information security needs and requirements.
4. Extensive knowledge of IT, enterprise architecture, software development
life cycle, and information security platforms and applications;
5. Ability to work well under pressure and to meet tight deadlines.
Demonstrates a high level of motivation, confidence, integrity and
6. Ability to be organized, responsive and to be able to effectively
multi-task with a focus on driving results.
7. Knowledge of best practices and standards for risk management practices
specifically with the ISO, COSO, COBIT, OCTAVE, ISO and NIST frameworks.
8. Possession of industry certifications highly preferred including, but not
limited to, Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM), Global Information Assurance
Certification (GIAC), and Information Systems Security Management
9. Demonstrate excellent interpersonal skills; including the ability to work
independently, effectively in a team/task force as a team member or leader,
and with senior staff and managers in the unit and elsewhere in the WBG.
Ability to collaborate with senior management stakeholders to identify
requirements and drive compliance with approved *
Thanks & Regards
11710 Plaza America Drive, Suite 2000, Reston, Virginia – 20190
Email: go...@cy-tec.com <mo...@cy-tec.com>
You received this message because you are subscribed to the Google Groups
To post to this group, send email to reqsresu...@googlegroups.com.
To unsubscribe from this group, send email to
For more options, visit this group at