Section Chief-Information Security (SOC and Threat Intelligence)-ITDSG

International Monetary Fund•Washington DC, DC

About The Position

Work for the IMF. Work for the World. The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration of cutting-edge technology solutions, ensuring the IMF's mission is propelled by innovation and efficiency. Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand as the guardians of integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to: Crafting and executing a forward-thinking and resilient Cybersecurity Strategy. Enacting inclusive governance that balances security needs with operational fluidity. Developing policies and standards that stay ahead of the threat landscape. Ensuring compliance, resilience, and agility in our cybersecurity posture. Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to the utilization of the Fund's information assets, ensuring a secure operational framework. Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization. Administering a compliance management program dedicated to maintaining firm adherence to the Fund's information security policies and standards. Preserving a solid enterprise security reference architecture that acts as a safeguard for the Fund's information assets against pertinent threats. Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the Fund's mission. Overseeing cyber threat intelligence, and incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly. As we expand our efforts to serve the Fund's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills and expertise to address the current and forthcoming cybersecurity and business challenges faced by the Fund. Job Summary The Information Technology Department (ITD) of the International Monetary Fund (IMF) is seeking to fill a Section Chief-Information Security (SOC and Threat Intelligence) . Under the general supervision of the Chief Information Security Officer, this role will be responsible for leading, developing, maturing, and scaling capabilities in cybersecurity monitoring, detection and incident and breach response, digital forensics, e-Discovery, and cyber threat management. The incumbent will lead and develop a team of highly skilled cyber security analysts to develop and mature these capabilities. A key objective of this role would be to lower the IMF’s information risk profile, by proactively preventing and responding to common and advanced cyber threats.

Requirements

Advanced degree in information security, computer science, engineering, mathematics, or related field of study plus a minimum of 8 years of progressive information security work experience; or a bachelor’s degree in information security, computer science, engineering, mathematics, or related field of study and minimum of 14 years of progressive information security work experience.
Candidate must possess at least 2 of the certifications below. Having more than 2 is a plus— CISSP, CISM, CCSP, CISA, CEH, Cloud Security Certifications, EnCE, CFE, GIAC certifications (GCIH, GCFE, GSOC, GDAT, GCTI, GWAPT, GPEN, GREM etc.) or equivalent.
Hands-on technical experience in establishing and delivering services in the area of cyber threat management, security engineering, security monitoring, incident and breach response, digital forensics, and eDiscovery in on-prem and multi-cloud environments.
Experience in leading vulnerability management and threat intelligence programs in organizations facing complex and sophisticated threats (external and internal).
Experience working with cyber threat intelligence communities and information security focused ISACs.
Experience in managing and developing in house and outsourced cyber teams.
Relationship Management Skills Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity. Demonstrates ability to represent the department fully and successfully to internal and external audiences.
Work Management Skills Fulfills a more formal role in planning, organizing, and effectively completing large or complex team projects. Navigates through obstacles and challenges effectively and demonstrates commitment to deliver successful results.
Ability to lead, guide and mentor a diversified team of information security experts.
Ability to collaborate with IT and business colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.
Ability to manage a broad portfolio of services; ability to balance multiple priorities and demands.
Budget and cost management.
Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
Interpersonal skills that create openness and trust among colleagues.
Facilitation and conflict management skills that enable effective working relationships.
Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
Pragmatic security expert with an inherent ability to balance security demands with business reality.

Responsibilities

Leads the execution of a robust security monitoring, detection and incident and breach response strategy and operating model. Works with relevant stakeholders to ensure that the process is mutually understood, agreed, and responsibilities are clear and accepted.
Develops and implements processes to investigate, analyze and profile the structure and dynamics of a particular sector or group within the adversary community of interest to the IMF. This includes analysis and determination of the intent, operational and technical capabilities, tradecraft, and modus operandi of threat actors. Creates and keeps up to date a unique threat profile map specific to the IMF.
Develops and implements processes to investigate within information security policy provisions, all infrastructure and application intrusions and data theft by internal and external threat actors and threat vectors. Leads the implementation of the incident response capability through intelligence backed decisions in a dynamic threat environment. Develops and delivers management summaries and briefs on intrusions and intrusion attempts.
Supports the preparedness of IMF departments to respond to information security incidents. Participates in regular exercises to simulate incident scenarios to ensure the currency of incident response plans and capability, and incorporates lessons learned from realized security incidents.
Develops, leads, and supports a cyber threat intelligence capability including the collection, analysis, production, and dissemination of timely and actionable cyber threat intelligence to operational and business teams and an executive audience.
Supports IMF’s cybersecurity threat and vulnerability management program focusing on infrastructure, applications and IoT, with a goal to continually reducing the risk exposure of the IMF’s on-premise and multi-cloud environment within acceptable risk tolerances.
Works closely with Enterprise Architecture, Information Security Architecture and Cybersecurity Platform functions to ensure the co-development and implementation of security reference architectures and patterns for security monitoring, detection, automation, and orchestration in multi-cloud environments.
In close coordination with the Cybersecurity Platforms team, develops and implements the cybersecurity operations service management capability, including change, incident, and problem management according to established processes and procedures. Optimizes the cybersecurity operations service delivery processes and demonstrates measurable value by identifying opportunities for automation, standardization, and elimination of process waste.
Establishes professional relationships at technical and management levels with security product vendors and managed security service providers to manage contracted security services, and drive product functionality, break-fix, training, and service delivery improvements. Ensures that the overall services are delivered as expressed in the contract Statement of Work and related exhibits, that the service levels for outsourced services/functions are maintained and continually improved, and that any problems with the day-to-day delivery of services provided by the Supplier are minimized.
Manages administrative activities of threat intelligence and security operations including oversight of cybersecurity staff and vendors, recruitment of qualified analysts, shift management, technical training, budget management, monitoring non-compliance to security operations policies and procedures, and secure management of privileged access by analysts.
Ensures security operations analysts are equipped with the latest security intelligence from subscribed feeds and through partnerships with other IOs, intelligence communities, and external law enforcement agencies.
Carries out other duties as assigned.