Senior IT Assistant, Security, Risk & Compliance, Chennai, India

• Organization: World Bank
• Country: India
• City: Chennai, India
• Office: World Bank in Chennai
• Follow @UNjobs

 

Closing date: Wednesday, 6 December 2017

• Grade
• Location Chennai, India
• Recruitment Type Local Hire
• Language Requirement English [Essential]
• Closing Date 06-Dec-2017

Background / General description:
The World Bank Group (WBG) is one of the world's largest sources of funding and knowledge for developing countries. It uses financial resources and extensive experience to help our client countries to reduce poverty, increase economic growth, and improve quality of life. To ensure that countries can access the best global expertise and help generate cutting-edge knowledge, the World Bank Group is constantly seeking to improve the way it works. Key priorities include delivering measurable results, promoting openness and transparency in development, and improving access to development information and data. Innovation and partnership bond the five institutions of the World Bank Group (WBG): the International Bank for Reconstruction and Development (IBRD) and the International Development Association (IDA), which together form the World Bank; the International Finance Corporation (IFC); the Multilateral Investment Guarantee Agency (MIGA); and the International Centre for Settlement of Investment Disputes (ICSID). The World Bank Group is one of the world's largest sources of funding and knowledge for developing countries. The World Bank Group's (WBG) twin goals of ending extreme poverty and promoting shared prosperity reflect a new global landscape: one in which developing countries have an unprecedented opportunity to end extreme poverty within a generation. The WBG will face traditional and new challenges as it works with partners to reach those who live in extreme and moderate poverty. Indeed, many of those who emerged from poverty in recent years remain vulnerable to shocks and slowdowns in growth. Concerted efforts to equalize opportunities are necessary for substantial improvements in shared prosperity. Vice Presidency Context: Information and Technology Solutions (ITS) enables the WBG to achieve its mission of ending extreme poverty by 2030 and boosting shared prosperity in a sustainable manner by delivering transformative information and technologies to its staff working in over 130 client countries. ITS services range from: establishing the infrastructure to reach and connect staff and development stakeholders; providing the devices and agile technology and information applications to facilitate the science of delivery through decentralized services; creating and maintaining tools to integrate information across the World Bank Group, the clients we serve and the countries where we operate; and delivering the computing power staff need to analyze development challenges and identify solutions. The ITS business model combines dedicated business solutions centers that provide services tailored to specific World Bank Group business needs and shared services that provide infrastructure, applications and platforms for the entire Group. ITS is one of three VPUs that have been brought together as the World Bank Group Integrated Services (WBGIS), to provide enhanced corporate core services and enable the institution to operate as one strategic and coordinated entity. Unit Context The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk across the World Bank Group, enabling the achievement of WBG's business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and InfoSec policies and standards; develops and engineers the WBG's information security plans and solutions; responds to security incidents; and ensures that the information risks are identified, assessed, and managed in consistent with the overall risk management approach and with the established appetite and tolerance. Note: If the selected candidate is a current Bank Group staff member with a Regular or Open-Ended appointment, s/he will retain his/her Regular or Open-Ended appointment. All others will be offered a 3 year term appointment.
Duties and Accountabilities:
ITSIS is in search of Senior IT Assistants for our Information Security Operations (ISOC) in Chennai, India. We are recruiting staff who are result oriented, multi-disciplined and comfortable in operating and maintaining secured solutions for platforms running mission critical business applications in a homogeneous environment, at the enterprise level. The person is expected to work both independently and with team of other Security incident handlers handling complex assignments and situations with unstructured interaction. Scope of Work Security Incident Response

• Provide Information Security Operations Center (ISOC) support on a 24x7x365 basis by shift work with rotation
• Review information security alerts from various sources and based on the classification and its impact would prioritize the alerts and assign to the respective teams within Information Security Office.
• Conduct thorough investigative actions based on security events and remediate as dictated by standard operating procedures
• Participate in all the phases of security incident response process, including detection, containment, eradication, and post-incident reporting.
• Record detailed Security Incident Response activities in the Case Management System.
• Wherever required perform memory forensics.
• Use Security information and event management (SIEM) capabilities to develop alerts to detect anomalies.
• Participate in Malware analysis and reporting during the incident response activities.
• Assist in developing and setting up frameworks for developing Security incident response.

Selection Criteria

• Bachelor's degree in computer science, information technology, systems engineering, or a related field.
• Minimum 3 years of Information Security experience required;
• Understanding of how operating systems work and how malware exploits them.
• Understanding of network traffic and be able to analyze network traffic from an Incident Response perspective.
• Past exposure to handle malware and financial crime malware related incidents.
• Thorough understanding of Windows Internals and memory management.
• Knowledge of common hacking tools and techniques
• Experience in understanding and analyzing various log formats from various sources.
• Experience in analyzing reports generated of SIM/SEM tools
• Proficient experience with the following concepts and related toolsets: o Network sniffers o Process analysis tools o Registry analysis tools o File analysis tools o Memory analysis tools Preferred Skillsets / Requirements
• GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH) Competencies
• Client Understanding and Advising - Looks at issues from the client's perspective and takes action beyond normal expectations to ensure client satisfaction.
• Learning Orientation - Stays abreast of new trends and developments in own specialty area, the broader industry, and exposes self to increasingly more challenging projects and opportunities to learn.
• Broad Business Thinking - Maintains an in-depth understanding of the long term implications of decisions both for department and the client's business. Ensures that decisions are supported by relevant stakeholders as well as sound performance data.
• Compliance with Standards - Monitors and maintains records on requests for information and assistance.
• Knowledge of Emerging Technology - Tests new technology to evaluate capability compared to specifications.
• Innovate - Brings new and different insights.
• Deliver Results for Clients - Contributes to delivery of results for clients on complex issues.
• Collaborate Within Teams and Across Boundaries - Collaborates within team and across boundaries.
• Make Smart Decisions - Leverages available data and makes timely decisions