Manager, IT Risk Management

Manager, IT Risk Management

Job # : req34735

Organization : World Bank

Sector :

Information Technology

Grade : GH

Term Duration : 3 years 0 months

Recruitment Type : Local Recruitment

Location :

Washington, DC,United States

Required Language(s) :

Preferred Language(s) :

Closing Date :

11 / 19 / 2025 (11 : 59pm UTC)

Description

Working atthe World Bank Group (WBG) provides a unique opportunity to help clientcountries solve their greatest development challenges. The World Bank Group isone of the largest sources of funding and knowledge for developing countries; aunique global partnership of five institutions dedicated to ending poverty on alivable planet.

With 189member countries and more than 120 offices worldwide, the World Bank Groupworks with public and private partners, invests in groundbreaking projects, anduses data, research, and technology to develop solutions to global, regional,and local challenges. For more information, please visit http :

Theorganization has undertaken an ambitious exercise to revise its mandate,products and structure to adjust to the multiple, intertwined crises affectingthe world today (see EvolutionRoadmap), in the move to becoming a better Bank.

Business UnitOverview

The missionof the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU)is to leverage information and technology as a force multiplier to accelerate,deepen, and sustain development impact. Their vision is to harness informationand technology for a world free of poverty on a livable planet. For moreinformation on ITS, check this video :

DepartmentContext

The WBG Information Security Office (ITSSR) provides strategic leadership andenterprise oversight for the World Bank Group's cybersecurity program. Thedepartment's mission is to safeguard the confidentiality, integrity, andavailability of the Bank Group's digital assets, platforms, and data thatenable development operations across 189 member countries. ITSSR deliversglobal cybersecurity services spanning governance, risk, and compliance; threatintelligence and monitoring; cloud and application security; identity andaccess management; and incident detection and response. Its role is to ensureresilience of the World Bank Group's critical systems, including financialplatforms, data exchange systems, and knowledge services while enabling digitaltransformation, innovation, and secure connectivity for staff and partnersworldwide.

The department also leads the Bank'sadoption of Zero Trust architecture, AI-enabled security operations, andrisk-based frameworks aligned to NIST and international standards. As part ofits mandate, it partners with senior leadership across IBRD, IDA, IFC, MIGA,and ICSID to ensure that security governance underpins the Bank Group's missionto reduce poverty and promote shared prosperity.

Unit Context

The ITS Risk Management (ITSRM) team is focused on safeguarding theWorld Bank Group's information assets. ITSRM delivers comprehensive informationsecurity services, including risk management, advisory support, and complianceoversight. The team plays a pivotal role in ensuring the resilience of theBank's operations by managing IT service continuity and business continuity,encompassing disaster recovery planning and the implementation of robustresiliency measures.

ITSRM ensures cybersecurity is embedded into the design andimplementation of technology solutions (e.g., SWIFT, Quantum, Numerix) acrossthe World Bank Group, in alignment with the Enterprise Security ArchitectureReference Model, which is based on leading global standards and frameworks suchas the Cloud Security Alliance, ISO and NIST.

ITSRM oversees management of third-party risks, including IT serviceproviders, to maintain a secure and compliant technology environment. The unitprovides technical breach assessments and actively supports the IncidentResponse Team (IRT) during vendor related data incidents, ensuring swift andeffective containment and mitigation.

Key responsibilities of ITSRM include leading incident response effortsin collaboration with the Office of Information Security (OIS) and the IRT,which brings together representatives from HR, Corporate Procurement, CorporateCommunications, and affected business units. The IRT coordinates mitigationstrategies, risk assessments, and communications throughout incidentmanagement. ITSRM is also responsible for ongoing risk assessments, monitoring,and reporting on security controls, and advising on best practices andregulatory compliance.

Duties andResponsibilities

The Manager, IT Risk Management, will leadcyber risk governance by driving adoption of an AI-enabled Risk ManagementFramework that integrates automated dashboards, heatmaps, and quantitative riskscoring. A central responsibility will be developing and maintaining theorganization's "CISO Top 10 Risks," ensuring these align with the institution'soverall risk appetite and inform decision-making at the highest levels.

The position requires embedding Zero Trustprinciples across enterprise security architecture, covering identity,endpoint, data, workloads, applications, and networks. The position will ensurethat DevSecOps practices, infrastructure-as-code, and security-as-codeautomation become standard across the enterprise technology landscape,strengthening resilience and operational agility.

The position will modernize thecertification, accreditation, and compliance program by shifting towardautomated assessments. It will ensure ongoing compliance with key regulatoryframeworks including GDPR, DORA, NIS2, SEC cyber rules, EU AI Act and otherglobal requirements, while advancing adoption of software bills of materials(SBOMs) and comprehensive supply chain assurance processes.

The position also carries responsibilityfor preparing the organization for emerging technology risks. This includesoverseeing resilience planning for quantum computing, blockchain, confidentialcomputing, ransomware, and AI-driven threats. The position will establish andenforce responsible AI governance practices rooted in fairness, transparency,and bias mitigation to ensure trustworthy adoption of advanced technologies.

Finally, the position will play aleadership role in shaping workforce culture and advisory functions. Thisincludes building a high-performing, agile cybersecurity workforce aligned withorganizational job architecture and transformation strategies, as well asdriving executive adoption of cyber playbooks for crisis communication,board-level briefings, and phishing resilience. The position will championcontinuous training, maturity assessments, and culture-building efforts toraise cyber resilience across the entire institution.

People Management &Leadership

• Build, mentor, and empower a diverse, high-performing team to deliver program objectives, ensuring clarity of roles, skills development, and alignment with strategic priorities.
• Foster a culture of accountability, collaboration, and continuous learning that enables staff to innovate and deliver impactful outcomes.
• Provide coaching, feedback, and growth opportunities that strengthen both technical and leadership capabilities, preparing staff for future organizational needs.

Within the firstyear, this leader will deliver the following :

Selection Criteria

The selected candidate should be aproven cybersecurity leader with deep technical expertise, strategic vision,and the ability to influence at the executive level. The ideal candidatecombines mastery of enterprise security architecture and Zero Trust principleswith experience modernizing risk management and compliance processes. They willbring strong regulatory knowledge, a history of preparing organizations foremerging technologies, and leadership skills to build high-performing, agileteams across global operations.

Key Requirements :

Certifications

Required : CISSP, SAFe Agilist

Preferred :

WBG Culture Attributes :

1. Sense of urgency : Anticipate and quickly respond to the needs of internal and external stakeholders.

2. Thoughtful risk-taking : Challenge the status quo and push boundaries to achieve greater impact.

3. Empowerment and accountability : Empower yourself and others to act and hold each other accountable for results.

The World Bank Group values diversity and encourages all qualified candidates who are nationals of World Bank Group member countries to apply, regardless of gender, gender identity, religion, race, ethnicity, sexual orientation, or disability. Sub-Saharan African nationals, Caribbean nationals, and female candidates are strongly encouraged to apply.