Security Analyst/Senior Security Analyst (Infrastructure Security) - ITDSGGR (Contractual)

Work for the IMF. Work for the World. This position is being readvertised. Previous candidates need not reapply. The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting‑edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency. Within the IT department, the Information Security and Governance (ISG) division and other first‑line cybersecurity teams stand as guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Job Summary The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill a Security Analyst/Senior Security Analyst (Infrastructure Security) position. Under the general supervision of an information security assurance manager, the role will provide expertise with the definition, design, engineering, and validation of security configuration of technology platforms in the cloud and on‑premises. The candidate will work with project teams, service providers, and business units internal and external to the Fund’s IT function. The candidate is expected to bring pragmatic on‑premises and cloud security and risk management experience, allowing the Fund to meet its present and emergent business needs. The candidate will advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally and that information risks are managed. Responsibilities Senior individual contributor to provide cybersecurity assurance expertise for a broad range of IT initiatives. This includes but is not limited to defining, guiding the engineering and validating implementation of technology agnostic security control standards, technology‑specific configuration baselines (security hardening), and implementation guidelines for technology platforms (both cloud and on‑prem) and services. Maintains impartiality around IT systems to produce unbiased reports on information security risk. Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions. Effectively communicates requirements and educates stakeholders in IT divisions on appropriate security design and technical configuration of related controls on IT platforms throughout their lifecycle. Works closely with IT project teams to develop implementation plans for new security‑related products, platforms, and services. Advocates information security by working proactively with IT stakeholders, service providers, and business units to provide security‑related technical solutions. Identifies opportunities to improve business practices or IT security‑related processes. Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality. Other ad‑hoc responsibilities may include supporting the information security assurance manager in maintaining the Fund's ISO 27001 certification, keeping abreast of international information security codes of practice such as ISO 27001/27002 and information security and privacy regulations, and analyzing, recommending, and implementing process improvements within the context of information security. Qualifications Bachelor's degree in information security, computer science, engineering, mathematics, business, or a related field of study plus a minimum of 10 years of relevant experience working in infrastructure or enterprise security roles. Advanced degree in information security, computer science, engineering, mathematics, business, or a related field of study plus a minimum of 4 years of relevant experience working in infrastructure or enterprise security roles. Certifications (Minimum plus at least 2 preferred) CISSP or CISM (minimum required) CCSP (preferred) Microsoft Certified: Cybersecurity Architect Expert (preferred) Microsoft Certified: Azure Solutions Architect Expert (preferred) Other Microsoft cloud security related certifications at the Expert level (preferred) GIAC certifications (preferred) Offensive security related certifications (preferred) RedHat Certified Engineer (RHCE®) / RedHat Certified Architect (RHCA) (preferred) Experience Proven track record in delivering technical security assurance and engineering solutions with practical implementation experience in operational security within regulated environments. Extensive technical security experience across a broad range of core Azure services, including Microsoft365 security controls, EntraID, Microsoft Defender suite, Azure network security, and other key components of the Microsoft security ecosystem. Advanced working knowledge (preferably previous hands‑on experience) in virtualization platforms, Linux and Windows operating systems and OS applications, Active Directory and related services, networking services (switches, routers, and other supporting services), web servers (Apache, IIS), application servers (Tomcat, etc.), database systems (MSSQL, In·PgSQL, Oracle, MongoDB, etc.), and security technologies such as firewall (Checkpoint, Palo Alto, Azure Firewall), IDS/IPS, proxy services (forward and reverse), zero‑trust, SIEM, SOAR, NDR. Hands‑on security configuration of platforms (cloud and non‑cloud). Basic IT consultancy skills. Expertise in securing application, database, and infrastructure components through tailored hardening approaches, employing modern tools and techniques to protect the full technology stack. Pragmatic security expert with an inherent ability to balance security demands with business reality. Commitment to continuous learning to stay current with the evolving cybersecurity landscape and to effectively apply security controls that support business goals. Strong knowledge of security solutions, emerging threats, and effective countermeasures. Required Soft Skills Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation. Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non‑technical stakeholders. Ability to think laterally and to have input to propose detailed, complex solutions to technical issues. Interpersonal skills that create openness and trust among colleagues. Ability to work well under pressure and to meet tight deadlines. High level of motivation, confidence, integrity, and responsibility. Ability to be organized, responsive, and to effectively multi‑task with a focus on driving results. Excellent relationship management skills. Facilitation and conflict management skills that enable effective working relationships. Major duties and responsibilities include activities described above and other ad‑hoc responsibilities as required. This is a one‑year contractual appointment. Contractual appointments at the IMF are renewable for up to four years of cumulative contractual service, pending incumbent's performance, budget availability, and continuous business need. Department: ITDSG Information Technology Department, Information Security & Governance. Hiring for: A11, A12. The IMF is guided by the principle that the employment, classification, promotion, and assignment of staff shall be made without discrimination against any person. We welcome requests for reasonable accommodations for disabilities during the selection process. #J-18808-Ljbffr International Monetary Fund