Head of Information Security

Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) is an international financial institution established in 199

• Its mission is to promote the transition to open market-oriented economies and to foster private and entrepreneurial initiatives in countries across Europe, Central Asia, and the Southern and Eastern Mediterranean. The EBRD operates in over 30 countries and has a diverse workforce of approximately 2,000 employees. The organization focuses on sustainable development and economic growth, aiming to create a positive impact in the regions it serves.

Job Overview:
As the Head of security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security at the EBRD, you will play a crucial role in leading the Bank’s Information Security initiatives and collaborating closely with the IT Security team to implement the Cyber Resilience Programme. This position requires a strategic mindset to determine the vision and strategy for Information Security risk management. You will provide expert consultancy to senior management and governance bodies, ensuring that the Bank's operations adhere to best practices in Information Security. Your responsibilities will include scoping and managing risk programmes, conducting assessments, and delivering assurance activities to enhance the Bank's security posture. This role is pivotal in shaping the future of the Bank's Information Security framework and ensuring compliance with regulatory requirements and emerging security threats.

Duties and Responsibilities:
The Head of Information Security will be responsible for measuring and reporting on the implementation of the Bank’s Information Security framework, ensuring compliance across the organization. You will manage both internal teams and external consultants to support risk mitigation activities. Your role will involve influencing policy updates in alignment with new regulations and business needs, as well as managing security oversight for IT and business projects. You will act as the Subject Matter Expert (SME) for Information Security, supporting the transition to a new Governance, Risk, and Compliance (GRC) solution. Additionally, you will track industry security trends and advise on their implications for the Bank's operations. Your duties will also include designing and delivering enterprise-level risk remediation programmes and conducting various assessments to identify vulnerabilities.

Required Qualifications:
Candidates must have significant experience in a senior Information Security role, such as Head of Information Security or Chief Information Security Officer (CISO). A proven track record in leading teams and managing enterprise risk remediation programmes is essential. You should possess strong analytical skills to interpret regulatory information and develop effective Information Security strategies. Excellent written and verbal communication skills are required, particularly the ability to convey complex technical information in a business-friendly manner. Strong project management skills and the ability to engage stakeholders effectively are also crucial for this role. A collaborative mindset and problem-solving capabilities are necessary to navigate the challenges of Information Security management.

Educational Background:
A relevant degree in Information Technology, Cybersecurity, or a related field is required. Professional certifications in Information Security, such as CISSP, CISM, or equivalent, are highly desirable. Continuous professional development in the field of cybersecurity and risk management is expected to stay abreast of industry trends and best practices.

Experience:
Candidates should have extensive experience in Information Security management, with a focus on enterprise-level risk remediation and cybersecurity programmes. Experience in a consulting environment is advantageous, as is familiarity with ethical hacking techniques. A strong understanding of frameworks such as NIST and ISO27001 is essential for this role.

Languages:
Fluency in English is mandatory, with strong written and verbal communication skills. Knowledge of additional languages is considered an advantage, particularly those relevant to the EBRD's operational regions.

Additional Notes:
This is a full-time position with a regular contract type. The role is based in London, United Kingdom, and requires attendance at the office for approximately 50% of the working time. The EBRD promotes an inclusive work environment and encourages applications from qualified candidates regardless of their background. Due to the high volume of applications, detailed feedback will not be provided to candidates who are not shortlisted.