Digital Program Specialist - IT Risk and Program Management  

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is Financing Infrastructure for Tomorrow in Asia and beyond – infrastructure with sustainability at its core. We began operations in Beijing in 2016 and have since grown to 111 approved members worldwide. We are capitalized at USD100 billion and AAA-rated by the major international credit rating agencies. Collaborating with partners, AIIB meets clients' needs by unlocking new capital and investing in infrastructure that is green, technology-enabled and promotes regional connectivity.

The Information Technology Department (ITD) provides technical services in the areas of digital services, IT-related procurement, cybersecurity, IT risk and resilience, data management, digital learning, and digital transformation, ensuring their overall alignment with the Bank's needs and priorities. The team oversees the development and refinement of the IT strategy as well as the effective management of technology resources and the provision of technical support across Bank operations. These efforts are critical to fostering a digital and data-driven culture within the Bank aligned with its Corporate Strategy, promoting the innovation of digital infrastructures, and ensuring the smooth operation and security of daily functions.

ITD is hiring a highly skilled and motivated Digital Program Specialist in IT Risk and Program Management. The candidate will play a critical role in managing the Bank's IT supply-chain risks, including IT outsourcing, third-party security, cloud services, and embargo and sanction risks related to IT vendors and products. Additionally, the role will support IT security and AI risk program management, working closely with various IT function teams to strengthen security governance, ensure compliance, and mitigate AI risks. This position requires expertise in assessing IT supply-chain and third-party security risks, AI risks, and project and program management and in driving continuous improvements in risk posture.

Responsibilities:

• Conduct IT security and risk due diligence on vendors and third parties during the related corporate procurement stages.
• Collaborate with corporate procurement, legal, compliance, and IT teams to ensure vendors' security risks and embargo and sanction risks are assessed.
• Lead the Third-Party Security Assessments (TPSA) program to evaluate, mitigate, and monitor security risks associated with IT vendors and suppliers, also including outsourcing supplier, cloud service providers, open-source technologies, and product security.
• Coordinate IT Outsourcing management activities including outsourcing planning, risk assessment, performance monitoring, and compliance oversight, to ensure alignment with the Bank's outsourcing management requirements.
• Support the Team Lead of IT Risk, Resilience and Cyber Security to oversee the Responsible AI Governance framework, policies, and standards, ensuring compliance, ethical standards, and risk mitigation are embedded throughout the development lifecycle.
• Conduct ongoing risk assessments of AI use cases and systems, and implement tailored oversight and risk controls based on use case criticality and AI maturity.
• Coordinate with various IT and business teams to support IT security and risk initiatives, ensuring alignment with bank requirements and industry best practices.
• Support internal and external IT audits, ICFR control testing, risk control assessment, etc.
• Track, analyze, and report on the effectiveness of IT security and risk programs using key metrics and data insights, ensuring compliance with security requirements and supporting continuous improvement.

Requirements:

• 5-8 years of relevant working experience in IT risk and program management and relevant fields, preferably with financial institutions.
• Bachelor's degree in computer science, information security, data science, risk management, or a related discipline. Master's degree would be a plus.
• Strong understanding of information security, AI and privacy standards, frameworks, and compliance requirements, including ISO 27001, NIST AI RMF, NIST CSF, NIST SP800, SOC 2, and GDPR.
• Certifications such as CISSP, CISM, CRISC, PMP, and ISO 27001 Auditor would be an advantage.
• Hands-on experience conducting due diligence and third-party security risk assessments.
• Strong knowledge of IT outsourcing risk, cloud risk, AI risk, and embargo and sanction risk.
• Familiarity with cloud security principles and cloud-native security solutions on Azure and AWS.
• Strong business acumen and the ability to balance technical security needs with business priorities.
• Ability to work effectively in a multicultural organization.
• Strong data analysis, reporting, writing, and communication skills, with the ability to interpret complex data and prepare clear, actionable reports and insights for executive-level stakeholders.
• Excellent project-management skills and attention to detail, with the ability to lead the team to manage multiple workstreams.
• Excellent written and oral English language skills.

AIIB is committed to diversity, transparency, and inclusion. We believe our strength comes from having a team with the right diverse skills, experiences and abilities selected through a merit-based competitive process. We actively encourage applications from people from both within and outside AIIB members, regardless of nationality, religion, gender, race, disability, or sexual orientation.

Previous experience and qualifications will determine the grade and job title at which successful applicants will enter AIIB.

Join us and help create a prosperous and sustainable Asia while growing your career in a diverse and innovative environment.

How cinfo Can Support You in the Application Process for This Position

• Application and Interview Preparation: Whether you're preparing your application documents or getting ready for an interview, you can book a Job Application Support session to receive tailored guidance.
• For Swiss nationals invited to the first round of the selection process (e.g., written test, interview, assessment center): Notify us at recruitment@cinfo.ch, and we will inform our HR partners in the respective organization and the Swiss Government to help increase your visibility.

"Important Application Information:
Please submit your application only via the official website of the hiring organization or by using the "Apply" button on CinfoPoste, which will redirect you to the organization's application site. Applications submitted through other job portals will not be forwarded to the respective organization and will not be considered. To ensure your application reaches the right destination, always follow the official application process as indicated in the job posting."