Overview
Provide specialist expertise to support work on trust services, including digital signatures, e-seals, and timestamps, which are core enablers of trusted digital transactions. The role focuses on developing reusable technical assets, architectures, and standards to support World Bank teams implementing trust services at scale.
Key Responsibilities
- Develop and maintain a Reference Architecture repository for PKI and Certification Authority (CA) services aligned with DPI principles.
- Define integration patterns for signature validation and remote signing services.
- Create a "DPI trust module" specification for use in DPI stacks.
- Document Architectural Decision Records (ADRs) for key design choices.
- Maintain standards baselines for signature creation and validation (OCSP, CRL).
- Develop options and guidance for root CA models (government-operated, contracted, hybrid).
- Provide guidance on technical implementation of trust concepts (advanced vs. qualified services) and their applicability across different country contexts.
- Create a requirements library covering PKI/CA technical and operational requirements.
- Develop procurement-ready template clauses and quality assurance checklists.
- Maintain a pattern catalog for embedding e-signatures and e-seals into government workflows.
- Review technical annexes, concept notes, and procurement documents for Bank-financed operations on request.
- Run office hours and clinics to provide rapid technical advisory to task teams.
- Advise on government-developed CA specifications and gap assessments.
- Prepare learning materials including guidance notes and slide decks for internal audiences.
- Identify and document operating models for sustainable CA implementation (public, private, hybrid).
- Deliver enablement sessions for Bank teams working on trust services components.
Required Experience
- 10+ years of experience in PKI, digital signatures, and trust services, including demonstrated experience in at least one project of implementing or enhancing PKI and CA infrastructure.
- Hands-on experience with Root/Sub CAs, Registration Authority (RA) processes, certificate lifecycle management, OCSP/CRL services, and Hardware Security Module (HSM) operations.
- Understanding of X.509/CRL/OCSP standards; familiarity with ETSI-aligned signature formats (XAdES, PAdES); grounding in cryptographic key management and secure-by-design patterns.
- Demonstrated experience defining reusable technical requirements, procurement specifications, and reviewing complex technical deliverables.
- Ability to communicate complex technical topics to mixed audiences including non-technical stakeholders; strong written and facilitation skills.
- Knowledge of cross-border trust frameworks (e.g., eIDAS, AfCFTA, ASEAN frameworks) and their implications for PKI design.
- Familiarity with eIDAS regulatory frameworks; prior experience working with the World Bank or other international development organizations.
Qualifications
Advanced degree (Master's or equivalent) in Computer Science, Information Security, Engineering, or equivalent field.
