ITE/IPP ITE Internal Controls for the Bank Application Consultant

ITE/IPP ITE Internal Controls for the Bank Application Consultant

Post of duty: Washington, DC

The IDB Group is a community of diverse, versatile, and passionate people who come together on a journey to improve lives in Latin America and the Caribbean. Our people find purpose and do what they love in an inclusive, collaborative, agile, and rewarding environment.

About this position

The Information Technology Department (ITE) provides the information and technology tools, solutions and services that enable the ongoing operation and management of the Bank. The department is the focal point for the application and governance of information technology. The main objective of this consultancy is to work directly with members of the ITE Policy and Planning (ITE\\IPP), and the Information Technology Operations Division (ITE\\ITO) in developing and documenting the IT internal controls around the new system implementation and all the impacted downstream systems as well as participate in the ITGC Self-Assessment Exercise.

The ITE department is responsible for formulating the Bank’s IT Strategy, its implementation and providing related tools, solutions and services. It is also the focal point for all IT services (infrastructure and applications), architecture, policies and security for the IDB.

What you’ll do:

You will be responsible for the Information Technology General Controls Framework of the IDB, and you will be executing the process of maintaining, updating, and assessing effectiveness of the framework. You will report to the IT Governance Team Leader in the Information Technology Policy & Planning Division. Following are the most important activities you will be doing:

Conduct regular evaluations, risk assessments and gap analysis of the ITGC framework to improve it and strengthen it with focus on efficiency and continuous improvement. Participate in the revision, actualization, and creation of all related documentation to the ITGCs controls. This may include procedures, operational documents, monitoring documents, inventories, system automations and a wide variety of different types of documentation.

• Work with ITE\\IPP in identifying out of the IT internal controls, which ones would be applicable to the specific new system implementations and all the downstream implications by using a vertical analysis methodology or other type of risk assessment tool.
• Aid in the design of the ITGC Framework aiming at the new product-oriented organization that is being implemented in the department. The department is implementing a more agile way of working which will have an impact of the current ITGC design.
• Participate in conjunction of members of ITE/IPP in the design and testing of the internal control testing exercise. For each of the ITGCs controls, the Bank performs an annual testing.
• Provide training to testers and reviewers prior to staring the internal control testing exercise regarding COSO and COBIT frameworks and SOX compliance to promote good practices of IT security policies, standards, and guidelines.
• Participate in the process of reporting and presenting to executive management findings and technical recommendations of the internal control testing exercise.
• Perform continuous monitoring for high-privileged accounts across all infrastructure (DB, OS, cloud components, privileged Identity manager, and applications) and advise ITE SMEs on the implementation of monitoring controls.

  What you'll need

  • Education: bachelor’s degree or equivalent in Computer Science or related fields. Master’s degree preferred. Certifications in the fields of information security, IT risk, and cloud security are desirable. (CISA, CISM, CRISC, CISSP).
  • Experience: At least 2 years (5 years preferred) of progressive experience in Information Systems, IT Audit, or IT Risk Management fields. Additional Experience:
    • IT Risk Assessment – evaluating and designing controls, conducting impact assessments, identifying gaps, remediating risk, etc.
    • IT Policy, Audit, Compliance, and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST, COBIT and COSO Frameworks.
    • Working with people with different functional expertise and backgrounds.
    • Addressing Presentation and Documentation Concerns.
    • Analyzing as-is processes to produce assessments and recommendations to improve them.
    • Strong knowledge of Cloud technologies, Cloud Security, and trends.
    • Excellent knowledge of technology environments, including information security, infrastructure, data, and software development.
    • Working with ServiceNow and Change Management.
    • Skilled with reporting tools such as PowerBI.
    • Previous experience on controls automation in Azure Technology is a plus.
    • Languages: Proficiency in Spanish and English, spoken and written, is required. Additional knowledge of French and Portuguese is preferable.

      Key skills:

      • Learn continuously.
      • Collaborate and share knowledge.
      • Focus on clients.
      • Communicate and influence.
      • Innovate and try new things.

        Requirements:

        • Citizenship: You are a citizen of one of our 48-member countries.
        • Consanguinity: You have no family members (up to the fourth degree of consanguinity and second degree of affinity, including spouse) working at the IDB, IDB Invest, or IDB Lab.

          Type of contract and duration: