IT Analyst, Security, Risk and Compliance Job #: req33927 Organization: World Bank Sector: Information Technology Grade: GE Term Duration:ย 4 years 0 months Recruitment Type: Local Recruitment Location: Washington, DC,United States Required Language(s): English Preferred Language(s): Closing Date: 8/15/2025 (MM/DD/YYYY) at 11:59pm UTC
Description
Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org
ITS Vice Presidency Context:
The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w
The mission of the Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) is to leverage information and technology as a force multiplier to accelerate, deepen, and sustain development impact. Their vision is to harness information and technology for a world free of poverty on a livable planet.
The IT Analyst โ IT Compliance will play a critical role in supporting the organizationโs ICFR program, with a focus on IT General Controls (ITGCs). The candidate will be responsible for conducting pre-implementation reviews of ICFR in-scope systems, evaluating the design and operational effectiveness of ITGCs, and performing compliance assessments to ensure alignment with organizational IT policies, policies and relevant IT control frameworks. The role requires modern technical skills, experience with Agile methodologies, and relevant professional certifications to support a strong and effective IT control environment.
Duties and Accountabilities:
The candidate will be responsible for, but not limited to the following:
- Support the Internal Controls over Financial Reporting (ICFR) program for IT General Controls.
- Collaborate with external auditors on audit planning, testing and evaluation procedures, and ensure compliance with the requirements.
- Assist in controls implementation including documentation of processes and procedures to address the ICFR requirements for the IT General Controls for Information Security, Change Management and IT Operations areas.
- Evaluate the design and operating effectiveness of Information Technology General Controls and system-dependent automated controls.
- Conduct IT technical and process audits as well as compliance assessments based on COBIT, ISO 27001, ISO 20000 and NIST frameworks.
- Develop test plans and detailed test procedures to assess operating effectiveness of IT technical and process controls.
- Assess compliance against technical standards for various platforms and technologies.
- Discuss compliance and audit issues with stakeholders and develop action plans to address them.
- Provide recommendations to strengthen IT General Controls (ITGCs) and related processes, informed by assessment findings, evolving risk landscapes, and industry best practices.
- Design and implement IT controls aligned with SAFe Agile methodologies and emerging AI technologies.
- Support the integration of automation and AI solutions to enhance the effectiveness and efficiency of control monitoring and compliance activities.
- Collect, evaluate, and maintain data to ensure that required management reporting is completed as needed. This also includes inputting appropriate data intoย GRC tools.
- Assist in monitoring open audit items from audits to ensure execution of remedial activities defined in the agreed action plans and risk treatment plans.
- Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes and operations throughout the WBG. Gain commitment from stakeholders to implement recommended and agreed information technology and security controls and treatment plans.
- Provide timely updates to supervisor on assigned projects.
- Demonstrate work commitment and drive for results.
- Set high standards of performance; pursue aggressive goals and work hard to achieve them.
Selection Criteria
* Bachelorโs degree with 4 years relevant experience or masterโs degree with a minimum of 2 years of relevant experience.
* Experience in conducting design and operating effectiveness testing for IT General Controls.
* Demonstrated knowledge and experience in auditing IT and security controls for network, operating systems, databases, platforms, IT applications and cloud environments.
* Demonstrates comprehensive knowledge of Agile methodologies, artificial intelligence (AI) frameworks, and the associated compliance and security implications.
* Familiarity with industry standards and frameworks including ISO 27001, ISO 20000, COBIT and NIST.
* Possession of industry certifications highly preferred including but not limited to Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, Certified Information Systems Security Professional (CISSP) and Certified Agile Practitioner (e.g., SAFe, Scrum Master).
* Ability to work independently and within groups, must be self-motivated and able to work independently with minimal supervision.
* Posses excellent written and verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers.
WBG Culture Attributes:
1. Sense of Urgency โ Anticipating and quickly reacting to the needs of internal and external stakeholders.
2. Thoughtful Risk Taking โ Taking informed and thoughtful risks and making courageous decisions to push boundaries for greater impact.
3. Empowerment and Accountability โ Engaging with others in an empowered and accountable manner for impactful results.
World Bank Group Core Competencies
The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.
We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.
Learn more about working at theย World Bankย andย IFC, including our values and inspiring stories.