Duties and Accountabilities:
ITSIS is seeking to fill the position of IT Analyst, Security, Risk and Compliance within ISOC. The IT Analyst serves across all areas of threat intelligence to help inform and defend the business and protect brand reputation. As a trusted member of the cybersecurity team and industry community, the analyst works closely with internal technical teams, business units and external entities aligned with the business, including private intelligence-sharing groups, law enforcement, government agencies and public affiliation peers. The IT Analyst is responsible for conducting in-depth research, documenting threats, understanding the risk to the business, and sharing information with those who need to know. The analyst will also distill threat intelligence so technical and non-technical contacts can understand it and make educated decisions about next-step actions. In addition to applied experience, the individual will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus. Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment. Scope of Work
- Research current and emerging threats facing the business and industry sector.
- Lead production and delivery of recurring threat intelligence products including reports, one pager, threat briefs etc.
- Deliver threat briefings and awareness sessions to internal staff.
- Conduct and publish in-depth risk assessments to evaluate and categorize the risk posture of detected cyber threats while supporting development and refinement of risk assessment methodologies and tools used for threat categorization
- Collaborate with internal and external stakeholders, to gather and share relevant threat intelligence.
- Develop and maintain threat profiles and reports to enhance detection and response capabilities.
- Continuously update and refine existing threat intelligence processes and methodologies to ensure the organization remains at the forefront of cyber defense.
- Centralize multiple threat sources (premium, industry-shared, open-source, dark web), correlate indicators and threats, and distill actionable intelligence.
- Deliver on the digital risk management portfolio covering social media, brand protection etc.Develop and maintain high quality PowerBI dashboards to show coverage and effectiveness.
- Automate routine tasks for efficient operations and support of the team.
- Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams.
- Be readily available to participate in collaborative threat analysis meetings with internal and external trusted entities.
- Liaison with threat hunting, infrastructure, IT, vulnerability management, threat intelligence and software engineer team members.
- Understanding of various generative models (e.g., GPT, GANs) and their applications.
- Plan and execute the implementation of threat management solutions through a data driven and agile approach.
- Perform other duties as assigned.
Bachelors degree in computer science, information technology, systems engineering, or a related field.
Minimum 5 years of Information Security experience required with majority of time in a SOC.
Strong written and verbal communication skills across all levels of the organization.
Maintain a current understanding of advanced persistent threats (APTs), threat actor tactics, techniques, and procedures (TTPs), and cyber threat trends.
Applicable knowledge of adversary tactics, techniques and procedures (TTPs), MITRE ATTACK framework, CVSS, open source intelligence (OSINT) and deception techniques.
Demonstrated ability to investigate, handle and track incidents.
Proficient in SIEM, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms and security orchestration, automation and response (SOAR) solutions to centralize and manage incident and remediation workflow.
Ability to analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge.
Experience in incident handling, vulnerability management, hacking tools, intelligence gathering and kill chain methodology.
Capable of working with diverse teams and promoting an enterprise-wide positive security culture.
Ability to maintain a high level of integrity, trustworthiness and confidence, with the highest level of professionalism.
Strong project management, multitasking and organizational skills.
Ability to preserve credibility with the team and external constituents through sustained industry knowledge.
Ability to motivate teammates to achieve excellence and willingly shares knowledge.
Proven experience executing cyber threat hunting, incident response, or other relevant security operations.
Familiarity with common enterprise scripting languages (PowerShell, Python, Bash, etc.).
Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.
Excellent problem solving, communication and collaboration skills.
Understanding of how operating systems work and how malware exploits them.
Past exposure to handle malware and financial crime malware related incidents.
Familiarity with industry-standard processes defined for systems design, database design, development, testing, and integration phases of a project, including Agile-based implementations.
Experience working in Agile environments, participating in Agile ceremonies, and utilizing Agile methodologies for security operations and threat investigations.
Preferred Skillsets / Requirements
GIAC Certified Incident Handler (GCIH), GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware Certification (GREM) preferred, but not required.
Competencies
Client Understanding and Advising - Looks at issues from the client s perspective and takes action beyond normal expectations to ensure client satisfaction.
Learning Orientation - Stays abreast of new trends and developments in own specialty area, the broader industry, and exposes self to increasingly more challenging projects and opportunities to learn.
Broad Business Thinking - Maintains an in-depth understanding of the long term implications of decisions both for department and the client s business. Ensures that decisions are supported by relevant stakeholders as well as sound performance data.
Compliance with Standards - Monitors and maintains records on requests for information and assistance.
Knowledge of Emerging Technology - Tests new technology to evaluate capability compared to specifications.
1. Sense of Urgency Anticipating and quickly reacting to the needs of internal and external stakeholders.
2. Thoughtful Risk Taking Taking informed and thoughtful risks and making courageous decisions to push boundaries for greater impact. 3. Empowerment and Accountability Engaging with others in an empowered and accountable manner for impactful results.
The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.
We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.
