Global RolesGlobal Roles

Security Analyst/Senior Security Analyst (Technical cyber risk management)

International Monetary Fund

Location:
Washington DC, USA
Grade:
A11, A12
Category:
Professional Staff
Posted Jun 24, 2026Apply by Jul 9, 2026 (12d left)

The IMF's Information Technology Department (ITD) is seeking experienced cybersecurity professionals for the Information Security and Governance (ISG) division. The Security Analyst/Senior Security Analyst will provide expertise in technical cyber risk management, focusing on Azure cloud services, IT products and platforms, hybrid architectures, and Identity and Access Management Governance to support the IMF's secure operational framework.

Responsibilities

  • Serve as senior individual contributor for information security risk management projects including control design and assessment for technical areas such as ERP, IT Service Management, Identity and Access Management, IT Resiliency, Cloud.
  • Map and implement compliance frameworks, manage risk remediation, and report and monitor information security risks.
  • Create road maps to mature or advance Information Security strategies, programs, and controls.
  • Design and enable cyber controls functions and processes.
  • Act as power user of Cybersecurity GRC solutions, tools, and technologies, specifically ServiceNow and Archer.
  • Coordinate across lines of defense working with technical, business, compliance, risk, and audit teams to deliver solutions.
  • Deliver information security risk assessments for large-scale IT implementation projects including consulting with security architecture for threat modeling and infrastructure security controls design.
  • Consult and review implementation of authentication, authorization, and cryptography mechanisms within applications.
  • Consult with security assurance function on delivery of technical security standards, configuration baselines, and procedures for hardening cloud and non-cloud application and infrastructure components.
  • Collaborate with other security functions to review and apply appropriate risk levels to assessment outputs.
  • Maintain impartiality around IT systems to produce unbiased information security risk reports.
  • Work closely with IT project teams to develop implementation plans for new security-related products and services.
  • Conduct quality assurance reviews of security requirements for identified solutions.
  • Define and enhance processes and procedures for using external security service providers including scoping, management, remediation tracking, and exception management.
  • Communicate requirements and train IT staff and managers to identify and manage risks throughout project lifecycle.
  • Manage engagement process of external risk assessment providers and act as liaison with internal IT project teams and business units where applicable.
  • Advocate information security by working closely and proactively with IT project leaders, service providers, and business units to provide security-related technical solutions.
  • Identify opportunities to improve business practices or IT security-related processes.
  • Analyze, recommend, and implement process improvements within information security context.
  • Support governance activities for Identity and Access Management as requested.

Requirements

  • Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10 years of relevant experience working as a technical information security risk manager or information security architect; OR Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 4 years of relevant experience working as a technical information security risk manager or information security architect.
  • Certifications: CISSP or CISM (minimum required).
  • Preferred certifications: CCSP, Microsoft Certified: Cybersecurity Architect Expert, other Microsoft cloud security related certifications at the Expert level, GIAC certifications, Offensive security related certifications.
  • Experience must include prior work in a technical cybersecurity risk management function at organizations with security related regulatory requirements.
  • Practical use of risk management concepts and principles including assessment, prioritization, delivery of treatment plans, tracking and reporting, and metrics (accreditation and certification). Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.
  • Embedding security into processes such as SDLC, Project Lifecycle, ITIL.
  • Demonstrated cybersecurity expertise with infrastructure, applications, and database system technologies.
  • Basic IT consultancy skills including consulting and delivering on security hardening of application and infrastructure components, tools, and techniques.
  • Ability to balance security demands with business reality and quickly grasp new technologies and appropriate security controls.
  • Familiarity with a broad range of security technologies with in-depth knowledge in specific areas.
  • Knowledge of security solutions, latest threats, and countermeasures.
  • Analytical skills for strategic thinking and tactical implementation.
  • Compelling spoken and written communication skills to articulate complex technical ideas to non-technical stakeholders.
  • Ability to think laterally and propose detailed, complex solutions to technical issues.
  • Interpersonal skills to create openness and trust among colleagues.
  • Ability to work well under pressure and meet tight deadlines with high motivation, confidence, integrity, and responsibility.
  • Organizational skills, responsiveness, and ability to multi-task with focus on results.
  • Excellent interpersonal and relationship management skills including working independently, in teams, and with senior staff.
  • Facilitation and conflict management skills for effective working relationships.

Skills

  • Technical Cybersecurity Risk Management
  • Information Security Architecture
  • CISSP Certification
  • CISM Certification
  • CCSP
  • Microsoft Certified Cybersecurity Architect Expert
  • GIAC Certification
  • Offensive Security Certifications
  • NIST-SP800-30
  • ISO 27001
  • ISO 27002
  • ISO 27005
  • COBIT Implementation
  • Security Risk Assessment
  • Security Risk Prioritization
  • Security Treatment Planning
  • Security Metrics and Reporting
  • Security Accreditation and Certification
  • Security in SDLC
  • Project Lifecycle Security
  • ITIL Security Integration
  • Cybersecurity Infrastructure
  • Application Security
  • Database Security
  • IT Security Consultancy
  • Security Hardening
  • Security Technologies
  • Threat and Countermeasure Knowledge
  • Strategic Security Thinking
  • Tactical Security Implementation
  • Technical Communication
  • Security Solution Design
  • Interpersonal Skills
  • Facilitation and Conflict Management
  • Azure Cloud Security
  • Hybrid Architecture Security
  • Identity and Access Management Governance

Languages

English

View on Global Roles — see your AI match

Source: original IMF posting ↗