Description

Working at the World Bank Group (WBG) provides a unique opportunity to help client countries solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending poverty on a livable planet. 

With 189 member countries and more than 120 offices worldwide, the World Bank Group works with public and private partners, invests in groundbreaking projects, and uses data, research, and technology to develop solutions to global, regional, and local challenges. For more information, please visit http: http://www.worldbank.org.

The organization has undertaken an ambitious exercise to revise its mandate, products and structure to adjust to the multiple, intertwined crises affecting the world today (see Evolution Roadmap), in the move to becoming a better Bank.

Business Unit Overview

The mission of the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) is to leverage information and technology as a force multiplier to accelerate, deepen, and sustain development impact. Their vision is to harness information and technology for a world free of poverty on a livable planet. For more information on ITS, check this video: https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w 

Department Context

The WBG Information Security Office (ITSSR) provides strategic leadership and enterprise oversight for the World Bank Group’s cybersecurity program. The department’s mission is to safeguard the confidentiality, integrity, and availability of the Bank Group’s digital assets, platforms, and data that enable development operations across 189 member countries. ITSSR delivers global cybersecurity services spanning governance, risk, and compliance; threat intelligence and monitoring; cloud and application security; identity and access management; and incident detection and response. Its role is to ensure resilience of the World Bank Group’s critical systems, including financial platforms, data exchange systems, and knowledge services while enabling digital transformation, innovation, and secure connectivity for staff and partners worldwide.

The department also leads the Bank’s adoption of Zero Trust architecture, AI-enabled security operations, and risk-based frameworks aligned to NIST and international standards. As part of its mandate, it partners with senior leadership across IBRD, IDA, IFC, MIGA, and ICSID to ensure that security governance underpins the Bank Group’s mission to reduce poverty and promote shared prosperity.

Unit Context

The Infosec Engineering & Operations (ITSIS) unit is the World Bank Group’s strategic initiative dedicated to safeguarding the institution’s digital assets, information systems, and technology infrastructure. Operating under the ITS Vice Presidency, ITSIS is responsible for the design, implementation, and continuous improvement of the Bank’s information security framework, ensuring that robust protection measures are embedded across all technology platforms and business processes.

The ITSIS program encompasses a comprehensive set of activities that span policy development, risk management, strategy development, security architecture design and controls engineering, operational security, and compliance. It establishes and enforces global standards and procedures for information security, aligning with best practices and regulatory requirements. Through proactive risk assessment and the deployment of advanced security controls, ITSIS mitigates threats to the Bank’s data, applications, and networks, supporting the institution’s mission-critical operations in a rapidly evolving cyber landscape.

A core function of ITSIS is to serve as the second line of defense for IT and information security, overseeing risk management and advisory services for all World Bank Group entities. The program develops and maintains risk and control frameworks, monitors compliance, and provides expert guidance to ensure that technology risks are managed effectively and transparently. ITSIS also leads incident management and response, coordinating rapid and effective action in the event of security breaches or cyber threats.

ITSIS continuously integrates emerging technologies such as artificial intelligence, automation, and advanced analytics to enhance threat detection, response capabilities, and operational efficiency. The unit drives secure development and deployment of IT solutions, embedding security requirements throughout the lifecycle of applications and infrastructure. It also manages vulnerability assessments, penetration testing, and security awareness initiatives to build a resilient and security-conscious workforce.

In summary, ITSIS is the World Bank Group’s trusted authority for information security and technology risk management. ITSIS ensures that the institution’s digital environment remains secure, resilient, and capable of supporting the Bank’s global development objectives in an increasingly complex and interconnected world.

Duties and Responsibilities

The World Bank Group (WBG) operates within a highly complex and dynamic global environment, where the continuity and security of technology operations are critical to achieving its development mandate. As cyber threats continue to evolve in scale and sophistication, the institution requires strong, visionary leadership to safeguard its information assets, systems, and digital infrastructure. The Manager of IT Security Operations (ITSIS) provides the strategic direction, technical expertise, and operational discipline necessary to ensure that WBG maintains a resilient security posture, fully aligned with its digital transformation objectives under the Information and Technology Solutions (ITS) Vice Presidency.

This executive role is established to lead and modernize WBG’s global cybersecurity function. The Manager of IT Security Operations is accountable for building and sustaining a strong cybersecurity posture that protects the Bank’s digital platforms and business processes. This encompasses end-to-end responsibility for security strategy development, architecture design and cyber defense engineering, security operations centers (SOCs), incident response, threat detection, threat intelligence and vulnerability management. Serving as a strategic bridge between daily operational defense and enterprise-level risk management, the position ensures that WBG’s cyber operations are both effective in the present and adaptable for future challenges.

The Manager of IT Security Operations orchestrates the detection and containment of cyber threats, ensuring that response playbooks and executive escalation protocols are executed seamlessly during incidents. Beyond day-to-day defense, the role drives innovation in operational practices by introducing AI-enabled analytics, automation, and advanced cyber defense technologies to enhance efficiency and resilience. The scope also includes risk-driven vulnerability management, fulfillment of compliance obligations, and integration of security metrics into WBG’s enterprise risk reporting.

The position is expected to deliver measurable outcomes that demonstrate both operational resilience and strategic impact. These include an annually updated cybersecurity operations strategy, quarterly performance dashboards for leadership, and after-action reviews that inform continuous improvement. The Manager of IT Security Operations is also responsible for maintaining timely and accurate threat and vulnerability scorecards, building global workforce capabilities, and conducting maturity assessments that track WBG’s progress against recognized frameworks such as NIST and ISO.

Reporting directly to the Chief Information Security Officer (CISO), the Manager of IT Security Operations plays a pivotal role in shaping the institution’s overall cyber defense strategy. The position requires close collaboration with the Chief Information Officer (CIO), ITS leadership, and risk and compliance functions to ensure that security operations are aligned with business priorities. Regular reporting to senior management and governance boards ensures transparency, highlights key risks, and demonstrates the value of investments in cyber operations.

People Management & Leadership

- Build, mentor, and empower a diverse, high-performing team to deliver program objectives, ensuring clarity of roles, skills development, and alignment with strategic priorities.

- Foster a culture of accountability, collaboration, and continuous learning that enables staff to innovate and deliver impactful outcomes.

- Provide coaching, feedback, and growth opportunities that strengthen both technical and leadership capabilities, preparing staff for future organizational needs.

Within the first year, this leader will deliver the following:

- Develop a strategy and implementation roadmap for managing Human Risk and Insider Threat.

- Organize and execute at least two cyber resilience-focused Executive Tablet Top Exercises.

- Mature Cyber Threat Intelligence; publish Cyber Threat Awareness bulletin for ITS and WBG senior management.

- Define AI and automation opportunities for a) streamlining Threat and Vulnerability Management operations, and b) optimizing the efficiency and effectiveness of the security monitoring and incident response operational processes.

- Establish well-functioning teams aligned with ITS Digital and Agile Transformation strategies and the new Job Architecture

Selection Criteria

The Manager of IT Security Operations will provide strategic and operational leadership to safeguard the World Bank Group’s global IT environment. This role is responsible for running 24/7 global security operations, leading incident detection and response, managing vulnerabilities, and ensuring cyber defense capabilities align with enterprise risk frameworks. The role demands a balance of technical mastery, crisis leadership, global workforce management, and executive communication, with a strong emphasis on innovation, automation, and transformation to keep pace with an evolving threat landscape.

Key Requirements

* Master’s degree in information systems, computer science, engineering, or related field with 12+ years of experience in information security management and operations in a global IT organization, with proven leadership of global SOCs and incident response (or Bachelor’s degree with 15+ years).

* Operational Excellence: Expertise in SIEM, SOAR, XDR, ZTNA, vulnerability management, and AI-driven SOC capabilities.

* Strategic Leadership: Ability to develop vision and strategy, and to align security architecture, engineering and operations with enterprise risk management, regulatory compliance (NIST, ISO, GDPR), and the WBG digital agenda.

* Program Management: Demonstrated ability to lead the development and implementation of large-scale multi-year programs cutting across several departments.

* Crisis Management: Demonstrated ability to lead large-scale incident responses and communicate effectively to executives and boards during crises.

* Workforce Leadership: Track record managing diverse, globally distributed teams; experience with agile job architectures and workforce resilience.

* Innovation Mindset: Successful introduction of automation, AI-driven defense, and integration of cyber ops into DevSecOps pipelines.

* Executive Communication: Strong stakeholder influence and ability to translate technical risks into business impact for senior leadership.

Certifications

Required:

CISSP, SAFe Agilist

Preferred:

. SANS GIAC Certifications

. SABSA Chartered Security Architect

. SAFe Product Manager/Product Owner (POPM)

WBG Culture Attributes:
1. Sense of urgency: Anticipate and quickly respond to the needs of internal and external stakeholders.
2. Thoughtful risk-taking: Challenge the status quo and push boundaries to achieve greater impact.
3. Empowerment and accountability: Empower yourself and others to act and hold each other accountable for results.

The World Bank Group values diversity and encourages all qualified candidates who are nationals of World Bank Group member countries to apply, regardless of gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.  Sub-Saharan African nationals, Caribbean nationals, and female candidates are strongly encouraged to apply.