Principal Digital Program Specialist – IT Risk & Resilience, Cyber Security (5660)

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is financing the Infrastructure for Tomorrow—infrastructure with sustainability at its core. We began operations in Beijing in January 2016 and have since grown to 109 approved Members worldwide. We are capitalized up to USD100 billion and rated Triple A by the major international credit rating agencies. Working with partners, AIIB meets clients’ needs by unlocking new capital and investing in infrastructure that is green, technology-enabled and promotes regional connectivity.

The Information Technology Department (ITD) is looking for an experienced IT Risk & Resilience, Cyber Security Specialist who has a key role within the organization, tasked with ensuring the robustness and security of the Bank’s information systems, as well as leading efforts to enhance the overall resilience and operational efficiency of its services. The role will:

• Develop and implement a comprehensive risk management strategy to identify, assess, and mitigate potential risks to the organization’s information assets.
• Lead and manage cyber security initiatives aimed at safeguarding confidential information, preserving data integrity, and ensuring system availability.
• Strengthen the organization’s resilience by designing and implementing effective business continuity and disaster recovery plans.
• Oversee service operations to ensure optimal performance, availability, and reliability of IT services.
• Manage four sub-teams responsible for IT risk and resilience, cyber security, IT service operations management, and identity and access management.

Responsibilities:

The Principal Specialist will be accountable for and responsible for the following:

Risk Management:

• Conduct risk assessments to identify and evaluate potential threats and vulnerabilities.
• Develop and implement risk mitigation strategies and action plans to address identified risks in alignment with industry best practices.
• Establish continuous monitoring mechanisms to track and report the effectiveness of risk management initiatives and promptly address emerging threats.
• Ensure that risk management practices comply with applicable internal and external requirements, maintaining a proactive stance towards evolving compliance requirements.

Cyber Security:

• Develop and execute a robust cybersecurity strategy aligned with the bank’s objectives and compliance requirements.
• Provide strategic guidance and oversight to ensure the confidentiality, integrity, and availability of sensitive data and systems.
• Lead the development and implementation of a comprehensive cyber security program to safeguard against evolving cyber threats and attacks.
• Oversee cybersecurity operations, including security event monitoring, incident response, threat detection, and vulnerability management.
• Foster a culture of security awareness and education among bank personnel to enhance overall security posture.

Resilience and Business Continuity:

• Develop and maintain business continuity and disaster recovery plans (BCP and DRP) to ensure the Bank’s resilience against potential disruptions.
• Conduct regular tests and drills to ensure the effectiveness of these plans.
• Collaborate with relevant stakeholders across the Bank to align BCP and DRP strategies, and provide guidance and training on resilience and business continuity measures to enhance organizational readiness for potential crises.

Service Operations:

• Implement and uphold IT Service Management (ITSM) best practices based on ITIL framework methodologies to enhance service delivery and efficiency.
• Oversee the day-to-day operations of IT services to ensure optimal performance, availability, and reliability of IT services.
• Manage change and release processes, ensuring controlled and efficient deployment of changes while mitigating associated risks to the Bank’s IT infrastructure.

Identity and Access Management:

• Provide strategic direction and leadership to the IAM team, guiding the development and implementation of comprehensive IAM strategies aligned with organizational goals.
• Oversee the formulation and enforcement of IAM policies, ensuring adherence to industry standards, mandatory requirements, and best practices.
• Collaborate with cross-functional teams and stakeholders to integrate IAM solutions seamlessly across systems, applications, and business units.
  

Requirements:

• A minimum of 15 years of relevant experience in cybersecurity, IT risk management, and IT service operation management：

o    In-depth understanding of risk management principles and methodologies.
o    Comprehensive knowledge of cyber security frameworks, tools, and best practices.
o    Familiarity with business continuity and disaster recovery planning.
o    Proficient in IT service management frameworks (e.g., ITIL).
o    Possession of security and risk certifications, such as CISSP, CISM, CISA, CRISC, etc., would be an advantage.
o    Knowledge and experience in security, risk, and compliance frameworks such as COSO, NIST, ISO, SOX, etc.

• Successful track record of partnership across organizations to build trust and achieve shared goals.
• Good understanding and practical experience working with privacy and legal requirements, such as GDPR, data security, sanction, embargo, etc.
• Excellent communication and presentation skills. Able to communicate sophisticated and technical issues effectively and concisely to all levels.
• Ability to work collaboratively and effectively with other ITD teams, business units and other organizations.
• Effective in building partnerships with organizational leaders and influencing senior management.
• Experience in facilitating executive leadership meetings.
• Fluency in oral and written English is required.
• Master’s degree in IT, business management, risk management, or relevant field of specialization.
  

AIIB is committed to diversity, transparency and inclusion. We believe our strength comes from having a team with the right diverse skills, experiences and abilities selected through a merit-based competitive process. We actively encourage applications from people from both within and outside AIIB Members, regardless of nationality, religion, gender, race, disability or sexual orientation.

Join us and help create a prosperous and sustainable Asia while growing your career in a diverse and innovative environment.

Previous experience and qualifications will determine the grade and job title at which successful applicants will enter AIIB.