IT Risk Senior Associate

We improve lives

The IDB Group is a community of diverse, versatile, and passionate people who come together on a journey to improve lives in Latin America and the Caribbean. Our people find purpose and do what they love in an inclusive, collaborative, agile, and rewarding environment.

About this position

We are looking for an experienced professional to join the Technology & Data Assurance Division (TTD/TDA) as an IT Risk Senior Associate.The main objective of this position is to work directly with members the Enterprise Product Family (TTD/TTE) and the Technology & Data Solutions (TTD/TDS) in developing and documenting the IT internal controls around the new system implementation and all the impacted downstream systems, as well as coordinating the IT General Controls Self-Assessment Exercise.

The ideal candidate combines hands-on expertise in IT controls, risk management, and compliance frameworks, with the analytical ability to identify control gaps, evaluate technology risks, and recommend effective remediation strategies. They bring strong practical experience implementing and testing IT General Controls (ITGCs), and cybersecurity standards across cloud and on‑premises environments. They can translate regulatory and policy requirements into actionable technical controls and collaborate effectively with cross‑functional teams—including security, architecture, audit, and products—to ensure compliance throughout the system lifecycle. The ideal candidate is detail‑oriented, highly organized, proactive in problem‑solving, and comfortable balancing multiple priorities in a fast‑moving environment. They also demonstrate excellent communication skills to document control processes, articulate risk findings, and support stakeholders in strengthening the organization’s risk posture.

What you’ll do

You will be responsible for the Information Technology General Controls Framework of the IDB, and you will be executing the process of maintaining, updating, and assessing the effectiveness of the framework. You will report to the IT Risk Leader in the Information Technology Data & Assurance Division (TDA/ITRisk). The following are the most important activities you will be doing:

• Conduct regular evaluations, risk assessments, and gap analysis of the ITGC framework to improve it and strengthen it with a focus on efficiency and continuous improvement. Participate in the revision, actualization, and creation of all related documentation to the ITGC's controls. This may include procedures, operational documents, monitoring documents, inventories, system automations, and a wide variety of different types of documentation.
• Continuous identification of IT internal controls that will apply to the specific new system implementations and all the downstream implications by using a vertical analysis methodology or other type of risk assessment tool.
• Aid in the ongoing enhancement of the ITGC Framework to ensure it aligns with the Bank’s shift toward a product-oriented and more agile delivery model. This includes updating control designs, adjusting control ownership and execution workflows to fit agile teams, and ensuring the framework remains practical, scalable, and fully integrated into the department’s evolving processes.
• Update and Coordinate the design and testing of the internal control testing exercise. For each of the ITGCs controls, the Bank performs an annual testing.
• Deliver training and guidance to testers and reviewers before the start of the annual ITGC testing exercise, covering the practical application of COSO, COBIT, SOX‑related principles, and internal policy requirements. Promote consistent control execution practices, high‑quality evidence collection, and a strong understanding of TTD security policies, standards, and guidelines.
• Present to executive management findings and technical recommendations for the internal control testing exercise. Assist in consolidating observations, identifying root causes, and proposing pragmatic remediation actions.
• Coordinate the continuous monitoring for high-privileged accounts across all infrastructure (DB, OS, cloud components, privileged Identity manager, and applications) and advise TTD Product technical owners on the implementation of monitoring controls.

What you'll need

• Education: Master's degree or equivalent in Computer Science or related fields or equivalent in Computer Science or related fields and any Certifications in the fields of information security, IT risk, and cloud security (CISA, CISM, CRISC, CISSP).
• Experience: At least 3 years with a Master's Degree of progressive experience in Information Systems, IT Audit, or IT Risk Management fields.  Additional Experience required in:

• • IT Risk Assessment – evaluating and designing controls, conducting impact assessments, identifying gaps, remediating risk, etc.
  • IT Policy, Audit, Compliance, and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST, COBIT and COSO Frameworks.
  • Working with people with different functional expertise and backgrounds.
  • Addressing Presentation and Documentation Concerns.
  • Analyzing as-is processes to produce assessments and recommendations to improve them.
  • Strong knowledge of Cloud technologies, Cloud Security, and trends.
  • Excellent knowledge of technology environments, including information security, infrastructure, data, and software development.
  • Working with ServiceNow and Change Management.
  • Skilled with reporting tools such as PowerBI.
  • Previous experience in controls automation in Azure Technology or AI Agents implementation is a plus.

Languages: Proficiency in Spanish and English, spoken and written, is required. Additional knowledge of French and Portuguese is preferable.

Requirements

•    Citizenship: You are either a citizen of the country where you live or a citizen of one of our 48-member countries with residency or a legal permit to work in the country where you live.   

•    Consanguinity: You have no family members (up to the fourth degree of consanguinity and second degree of affinity, including spouse) working at the IDB, IDB Invest, or IDB Lab.

Type of contract and duration

•    Staff: National staff contract, 36 months initially, renewable upon mutual agreement.

What we offer

The IDB group provides benefits that respond to the different needs and moments of an employee's life. These benefits include:
 

• A competitive compensation package.
• Leaves and vacations: 2 days per month of contract + gender- neutral parental leave.
• Health Insurance: the IDB Group provides a monthly allowance for the purchase of health insurance.
• Savings plan: The IDB Group cares about your future, depending on the length of the contract, you will receive a monthly savings plan allowance.
• We offer assistance with relocation and visa applications for you and your family when it applies.
• Hybrid and flexible work schedules.
• Development support: We offer learning opportunities to boost your professional profile such as seminars, 1:1 professional counseling, and much more.
• Health and wellbeing:  Access to our Health Services Center which provides preventive care and health education for all employees.
• Other perks: Lactation Room, Daycare Center, Gym, Bike Racks, Parking, and others.

Our culture

At the IDB, we work so everyone brings their best and authentic selves to work while finding their purpose. Our people consistently strive for excellence, and we recognize and celebrate the impact of their contributions.

In our efforts to drive innovation, we intentionally include all voices, cultivate a sense of belonging and champion fairness. We welcome individuals from underrepresented groups to join us and share their unique perspectives.

We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job interview process. If you require an accommodation to complete this application, please email us at.