E T Temporary

Do you want to build a career that is truly worthwhile? Working at the World Bank Group provides a unique opportunity for you to help our clients solve their greatest development challenges. The World Bank Group is one of the largest sources of funding and knowledge for developing countries; a unique global partnership of five institutions dedicated to ending extreme poverty, increasing shared prosperity and promoting sustainable development. With 189 member countries and more than 130 offices worldwide, we work with public and private sector partners, investing in groundbreaking projects and using data, research, and technology to develop solutions to the most urgent global challenges. For more information, visit www.worldbank.org ITS Vice Presidency Context: The Information and Technology Solutions (ITS) Vice Presidential Unit (VPU) enables the World Bank Group to achieve its mission of ending extreme poverty and boost shared prosperity on a livable planet by delivering transformative information and technologies to its staff working in over 150+ locations. For more information on ITS, see this video: https://www.youtube.com/watch?reload=9 v=VTFGffa1Y7w Unit Context: The ITS Information Security and Risk Management (ITSSR) unit, led by the Chief Information Security Officer (CISO), provides enterprise wide leadership for information security and risk management across the World Bank Group. The ITS Risk Management (ITSRM) unit within ITSSR has been tasked with providing technical and architectural information security solutions for The World Bank Group and needs an Information Security professional who is results oriented, multi-disciplined and experienced in evaluating information security controls in web, cloud, AI, mobile and complex business applications Duties and accountabilities: The Extended Term Temporary will have responsibilities for specific individual tasks and for working as an integral part of the team in executing ITSRM's work program. The primary responsibilities will include, but are not limited to, a combination of the following: • Review the security architecture evaluation of WBG new systems and create security test plans based on existing and planned controls and recommendations. • Perform security analysis of the different layers of the systems (application, API, operating systems, and database layers) by performing source code review, manual testing and automated system vulnerability assessment scans using various web, application, operating systems, source code and database vulnerability scanners. • Perform manual vulnerability assessment, produce reports, and walk development team through issues. • Perform security testing for cloud-based solutions, M365 platform applications. • Perform Gray-Box/White-Box security testing of applications. Perform SAST, SCA analysis of the application code. • Perform application security testing on both native and web-based mobile applications on different mobile platforms. • Review testing results reports and work with the application development community to remediate issues following a risk-based approach. • Maintain detailed documentation of test procedures and findings in ITSRM ticketing system. • Perform AI Security testing and AI security controls Assessment • Understanding the Agile framework and its application in security testing. • Stay abreast of newer trends, technologies such as AI and the tools, techniques used for application security testing.