Senior Digital Program Specialist – Application Security

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is Financing Infrastructure for Tomorrow in Asia and beyondinfrastructure with sustainability at its core. We began operations in Beijing in 2016 and have since grown to 110 approved members worldwide. We are capitalized at USD100 billion and AAA-rated by the major international credit rating agencies. Collaborating with partners, AIIB meets clients’ needs by unlocking new capital and investing in infrastructure that is green, technology-enabled and promotes regional connectivity.

The Information Technology Department (ITD) provides technical services in the areas of digital services, IT-related procurement, cybersecurity, IT risk and resilience, data management, digital learning, and digital transformation, ensuring their overall alignment with the Bank’s needs and priorities. The team oversees the development and refinement of the IT strategy as well as the effective management of technology resources and the provision of technical support across Bank operations. These efforts are critical to fostering a digital and data-driven culture within the Bank aligned with its Corporate Strategy, promoting the innovation of digital infrastructures, and ensuring the smooth operation and security of daily banking functions.

The ITD is seeking a highly skilled and motivated Senior Digital Program Specialist on Application Security. This position plays a pivotal role in ensuring that the Bank’s applications are developed, deployed, and maintained securely. This role requires a unique blend of technical expertise in secure software development, a strong understanding of architectural principles, and the ability to align security practices with business objectives. The ideal candidate will have a solid grasp of application architecture and design patterns, secure coding practices, threat modeling, and a proactive approach to integrating security throughout the Software Development Lifecycle.

Responsibilities:

• Define, implement, and oversee the Application Security framework, ensuring security is integrated into all stages of software development.
• Partner with architects, developers, and cross-functional teams to design secure application architectures and define security requirements throughout the design, development, and deployment phases.
• Conduct threat modeling and security design reviews for new and existing applications.
• Perform static and dynamic code reviews to identify vulnerabilities and ensure adherence to secure coding standards.
• Lead initiatives for automated security testing and integration into CI/CD pipelines.
• Ensure applications meet external compliance and internal security requirements, and industry standards such as ISO and OWASP.
• Collaborate with project managers, product owners, and business stakeholders to align application security initiatives with business objectives, while fostering a culture of security awareness across all phases of the SDLC.
• Support cybersecurity incident response efforts related to application security.
• Continuously monitor and improve application security processes based on industry trends, emerging threats, and lessons learned.
• Define the key risk indicators and key control indicators for application security, and support application security related audit and control testing.

Requirements:

• Bachelor’s degree in computer science, software engineering, information security, or in a related discipline. Master’s degree would be a plus.
• 8-10 years of relevant working experience in application security and relevant fields, preferably with financial institutions.
• Proficient in at least one programming language (e.g., .NET/C#, Java, JavaScript, Python).
• Hands-on experience with application security tools such as SAST, DAST, IAST, and RASP.
• In-depth knowledge of secure coding practices, application architecture, including microservices, APIs, and cloud-native design patterns, to effectively assess and secure complex application ecosystems.
• Strong understanding of information security standards and frameworks, including ISO 27001 and 27034, NIST SP800-218, OWASP Top 10 and SAMM, MITRE ATT&CK, etc.
• Security certifications such as CISSP, CSSLP, CASE, GSSP, OSWE, or relevant Cloud certifications would be an advantage.
• Strong business acumen and the ability to balance technical security needs with business priorities.
• Strong reporting, writing and communication skills, fluent in oral and written English.
• Ability to work effectively in a multicultural organization.
• Strong interpersonal and influencing skills, able to interact effectively with internal and external stakeholders.

AIIB is committed to diversity, transparency and inclusion. We believe our strength comes from having a team with the right diverse skills, experiences and abilities selected through a merit-based competitive process. We actively encourage applications from people from both within and outside AIIB members, regardless of nationality, religion, gender, race, disability or sexual orientation.

Previous experience and qualifications will determine the grade and job title at which successful applicants will enter AIIB.

Join us and help create a prosperous and sustainable Asia while growing your career in a diverse and innovative environment.

How cinfo Can Support You in the Application Process for This Position

• Application and Interview Preparation: Whether you’re preparing your application documents or getting ready for an interview, you can book a Job Application Support session to receive tailored guidance.
• For Swiss nationals invited to the first round of the selection process (e.g., written test, interview, assessment center): Notify us at recruitment@cinfo.ch, and we will inform our HR partners in the respective organization and the Swiss Government to help increase your visibility.

“Important Application Information:
Please submit your application only via the official website of the hiring organization or by using the “Apply” button on CinfoPoste, which will redirect you to the organization’s application site. Applications submitted through other job portals will not be forwarded to the respective organization and will not be considered. To ensure your application reaches the right destination, always follow the official application process as indicated in the job posting.”