Security Analyst​/Senior Security Analyst; Infrastructure Security - ITDSGGR; Contractual

Work for the IMF. Work for the World. This position is being readvertised. Previous candidates need not reapply. The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting‑edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency. Within the IT department, the Information Security and Governance (ISG) division and other first‑line cybersecurity teams stand as guardians of integrity and a beacon of trust.

We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability.

The Information Technology Department (ITD)’s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill a Security Analyst/Senior Security Analyst (Infrastructure Security) position. Under the general supervision of an information security assurance manager, the role will provide expertise with the definition, design, engineering, and validation of security configuration of technology platforms in the cloud and on‑premises.

The candidate will work with project teams, service providers, and business units internal and external to the Fund’s IT function. The candidate is expected to bring pragmatic on‑premises and cloud security and risk management experience, allowing the Fund to meet its present and emergent business needs. The candidate will advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally and that information risks are managed.

Senior individual contributor to provide cybersecurity assurance expertise for a broad range of IT initiatives. This includes but is not limited to defining, guiding the engineering and validating implementation of technology agnostic security control standards, technology‑specific configuration baselines (security hardening), and implementation guidelines for technology platforms (both cloud and on‑prem) and services. Maintains impartiality around IT systems to produce unbiased reports on information security risk.

Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions. Effectively communicates requirements and educates stakeholders in IT divisions on appropriate security design and technical configuration of related controls on IT platforms throughout their lifecycle. Works closely with IT project teams to develop implementation plans for new security‑related products, platforms, and services. Advocates information security by working proactively with IT stakeholders, service providers, and business units to provide security‑related technical solutions.

Identifies opportunities to improve business practices or IT security‑related processes. Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality. Other ad‑hoc responsibilities may include supporting the information security assurance manager in maintaining the Fund's ISO 27001 certification, keeping abreast of international information security codes of practice such as ISO 27001/27002 and information security and privacy regulations, and analyzing, recommending, and implementing process improvements within the context of information security.

• Bachelor's degree in information security, computer science, engineering, mathematics, business, or a related field of study plus a minimum of 10 years of relevant experience working in infrastructure or enterprise security roles.
• Advanced degree in information security, computer science, engineering, mathematics, business, or a related field of study plus a minimum of 4 years of relevant experience working in infrastructure or enterprise security roles.

• CISSP or CISM (minimum required)
• CCSP (preferred)
• Microsoft…