Senior IT Assistant, Security, Risk and Compliance

Senior IT Assistant, Security, Risk and Compliance Job #: req34241 Organization: World Bank Sector: Information Technology Grade: GD Term Duration: 3 years 0 months Recruitment Type: Local Recruitment Location: Chennai,India Required Language(s): English Preferred Language(s): Closing Date: 9/18/2025 (MM/DD/YYYY) at 11:59pm UTC

 Description

Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org
ITS Vice Presidency Context:
The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video:https://www.youtube.com/watch?reload=9&v=VTFGffa1Y7w
Vice Presidency Context
Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries.
ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions.
The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity.
Unit Context
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG’s business objectives.  ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy.   ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance.  ITSSR consists of three main units:  1) ITS Risk Management, Compliance, and Policy, 2) ITS Information Security Engineering and Operations (ITSIS), and 3) Program Management Office (PMO).
Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.
Duties and Accountabilities:
ITSIS is seeking to fill the position of Senior IT Assistant, Security, Risk and Compliance. The successful candidate will partner with other security professionals to develop AI applications and automation playbooks supporting security operations team. 
Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.
Scope of Work

• Plan and execute the implementation of threat management solutions using a data driven and Agile approach.• Continuously identify and implement necessary tools and infrastructure to support and enhance the threat management program. Develop scripts, tools, and methodologies to strengthen security operation.

• Develop and build applications and APIs using Python, Power Platform, SharePoint Online and Data Modeling capabilities using Dataverse following Agile principles.• Employ Python for backend and use technologies like HTML, CSS, JavaScript for front-end to build scalable web applications. Ensure seamless integration and user experience.

• Design and manage Azure cloud infrastructure, focusing on deploying scalable applications and services. Optimize cloud resources for security, performance, and cost.• Utilize OpenAI's GPT models via Azure, including fine-tuning, deploying, and scaling.

• Integrate AI/ML models using OpenAI and other AI frameworks into applications. Apply machine learning algorithms to enhance application intelligence and functionality.• Create RESTful APIs with Python and integrate third-party APIs. Ensure the APIs are secure, efficient, and scalable.

• Design, implement, and manage SQL and NoSQL databases. Focus on data integrity, performance optimization, and security.• Build and maintain applications using Power platform, automate using power automate, perform data modeling using Dataverse, build dashboards and reports using Power BI.

• Implement security best practices and protocols to protect data and comply with regulations. Use tools and methodologies to secure applications and data.• Maintain code quality with reviews, testing, and documentation. Use version control (e.g., Git) and document development processes for maintainability.

• Keep up to date with the latest in software development, cloud technologies, and AI. Innovate and apply new technologies to improve application performance and user experience.• Continuously research, explore, and document newly onboarded enterprise technologies and data sources to identify new artifacts and analytical methodologies that can be leveraged to detect cyber threats.

• Leverage operational results to identify, communicate, and mitigate identified threats as well as implement knowledge sharing across various teams.• Identify process and resiliency improvement areas; propose changes.

• Bring an applied understanding of relevant and emerging technologies, begin to identify opportunities to provide input to the team and coach others, and embed learning and innovation in the day-to-day• Perform other duties as assigned.

Selection Criteria

• Bachelor's degree in computer science, information technology, systems engineering, or a related field.

• Direct experience working with large datasets and log analysis tools including but not limited to: SIEM, EDR, Python, PowerShell, etc.• Demonstrable knowledge of large enterprise environments, network protocols, network devices, operating systems (Windows, macOS, Linux, etc.), and cloud environments.

• Experience using Splunk’s Search Processing Language (SPL) and Microsoft’s Kusto Query Language (KQL).• Familiarity with common enterprise scripting languages (PowerShell, Python, Bash, etc.).

• Demonstrated knowledge of cloud platforms, with a specific focus on Microsoft Azure, including Azure WebApp, Azure functions, Azure OpenAI, APIM, Azure SQL Database, and Azure Blob Storage.• Deep understanding in using any of the DevOps tool such as Azure DevOps.

• Experience with Azure's OpenAI technologies and familiarity with machine learning frameworks, indicating the ability to integrate AI capabilities into applications.• Proficient in front-end technologies, including HTML, CSS, JavaScript, and frameworks like React or Angular, showcasing the ability to work on full-stack projects.

• Database Management: Experience in designing, implementing, and managing both SQL and NoSQL databases, ensuring data integrity, security, and performance optimization. • Proven ability to develop and manage RESTful APIs, along with integrating third-party APIs, demonstrating expertise in creating scalable and maintainable service interfaces.

• Experience in understanding and analyzing various log formats from various sources.• Familiarity with industry-standard processes defined for systems design, database design, development, testing, and integration phases of a project, including Agile-based implementations.

• Experience working in Agile environments, participating in Agile ceremonies, and utilizing Agile methodologies for security operations and threat hunting. • Ability to work well under pressure and meet tight deadlines. Demonstrate a high level of motivation, confidence, integrity and responsibility.

• Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results.• Demonstrate excellent interpersonal skills, including the ability to work in dependently, effectively in a team/task force as a team member. 

• Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.• Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.

• Excellent problem solving, communication and collaboration skills.
Preferred Skillsets / Requirements

• GIAC Certified Intrusion Analyst (GCIA)  or GIAC Certified Incident Handler (GCIH)Competencies 

• Client Understanding and Advising - Looks at issues from the client’s perspective and takes action beyond normal expectations to ensure client satisfaction.• Learning Orientation - Stays abreast of new trends and developments in own specialty area, the broader industry, and exposes self to increasingly more challenging projects and opportunities to learn.

• Broad Business Thinking - Maintains an in-depth understanding of the long term implications of decisions both for department and the client’s business. Ensures that decisions are supported by relevant stakeholders as well as sound performance data.• Compliance with Standards - Monitors and maintains records on requests for information and assistance.

• Knowledge of Emerging Technology - Tests new technology to evaluate capability compared to specifications.

World Bank Group Core Competencies

The World Bank Group offers comprehensive benefits, including a retirement plan; medical, life and disability insurance; and paid leave, including parental leave, as well as reasonable accommodations for individuals with disabilities.

We are proud to be an equal opportunity and inclusive employer with a dedicated and committed workforce, and do not discriminate based on gender, gender identity, religion, race, ethnicity, sexual orientation, or disability.

Learn more about working at the World Bank and IFC, including our values and inspiring stories.