Information Security Consultant
European Bank for Reconstruction and Development (EBRD)
London
United Kingdom
April 26, 2026
Full-timeApril 26, 2026
Information Security Consultant
Job Description
Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) is a multilateral development bank established in 199
Job Overview:
The security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security Consultant will play a crucial role in supporting the management and technical aspects of Information Security (IS) across the EBRD. This position involves delivering key IS and Cybersecurity projects, performing risk identification and mitigation activities, and providing independent oversight and consultancy in accordance with best practices. The successful candidate will be responsible for identifying, mitigating, and managing IS and Cybersecurity risks, advising on technical risk mitigation measures, and communicating risk mitigation actions to management. The role requires collaboration with various departments, particularly the IT Department, to ensure effective risk management and compliance with security standards.
Duties and Responsibilities:
The Information Security Consultant will be responsible for project management of the Bank’s Business-As-Usual (BAU) activities, including Cybersecurity Programme Assurance, Red and Purple Team Assessments, Social Engineering, and Training and Awareness. The consultant will perform detailed risk assessments of the Bank’s information assets and IT facilities, design risk assessments related to the Cybersecurity Resilience Programme, and conduct Business Impact Assessments. They will track risk mitigation actions, maintain the InfoSec risk register, and provide oversight of first-line remediation activities. The consultant will also develop and enhance the Bank’s InfoSec Framework and risk reporting, and work closely with external security consultants to deliver risk identification and remediation activities.
Required Qualifications:
Candidates must possess a Bachelor's Degree (2:1 or equivalent) and hold at least one industry-recognized security qualification or accreditation such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor/Implementer. A strong knowledge of Information and IT Security Frameworks, particularly NIST and ISO27001, is essential. Excellent report writing, communication, and presentation skills are required, along with the ability to translate technical information into business language. Strong project management skills and the ability to develop effective solutions are also necessary.
Educational Background:
A Bachelor's Degree in a relevant field is required, with a preference for candidates who have achieved a 2:1 classification or equivalent. Additional certifications in information security, such as CISM, CISA, CISSP, or ISO 27001, are highly desirable and will enhance a candidate's profile.
Experience:
Candidates should have a proven track record in information security and risk management, with experience in conducting risk assessments and managing cybersecurity projects. Familiarity with security frameworks and compliance requirements is essential, as is the ability to work autonomously and manage external resources effectively. Experience in a financial or international organization is advantageous.
Languages:
Strong written and spoken communication skills in English are mandatory. Proficiency in additional languages may be considered an asset, particularly for candidates who will engage with diverse stakeholders across the EBRD's operational regions.
Additional Notes:
This position is a regular contract with a length that extends until at least March 30, 202
The European Bank for Reconstruction and Development (EBRD) is a multilateral development bank established in 199
- Its mission is to promote the transition to open market-oriented economies and to foster private and entrepreneurial initiative in countries from Central Europe to Central Asia and the Southern and Eastern Mediterranean. The EBRD operates in over 30 countries and employs around 2,000 staff members. The organization focuses on sustainable development, economic growth, and the promotion of private sector investment.
Job Overview:
The security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security Consultant will play a crucial role in supporting the management and technical aspects of Information Security (IS) across the EBRD. This position involves delivering key IS and Cybersecurity projects, performing risk identification and mitigation activities, and providing independent oversight and consultancy in accordance with best practices. The successful candidate will be responsible for identifying, mitigating, and managing IS and Cybersecurity risks, advising on technical risk mitigation measures, and communicating risk mitigation actions to management. The role requires collaboration with various departments, particularly the IT Department, to ensure effective risk management and compliance with security standards.
Duties and Responsibilities:
The Information Security Consultant will be responsible for project management of the Bank’s Business-As-Usual (BAU) activities, including Cybersecurity Programme Assurance, Red and Purple Team Assessments, Social Engineering, and Training and Awareness. The consultant will perform detailed risk assessments of the Bank’s information assets and IT facilities, design risk assessments related to the Cybersecurity Resilience Programme, and conduct Business Impact Assessments. They will track risk mitigation actions, maintain the InfoSec risk register, and provide oversight of first-line remediation activities. The consultant will also develop and enhance the Bank’s InfoSec Framework and risk reporting, and work closely with external security consultants to deliver risk identification and remediation activities.
Required Qualifications:
Candidates must possess a Bachelor's Degree (2:1 or equivalent) and hold at least one industry-recognized security qualification or accreditation such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor/Implementer. A strong knowledge of Information and IT Security Frameworks, particularly NIST and ISO27001, is essential. Excellent report writing, communication, and presentation skills are required, along with the ability to translate technical information into business language. Strong project management skills and the ability to develop effective solutions are also necessary.
Educational Background:
A Bachelor's Degree in a relevant field is required, with a preference for candidates who have achieved a 2:1 classification or equivalent. Additional certifications in information security, such as CISM, CISA, CISSP, or ISO 27001, are highly desirable and will enhance a candidate's profile.
Experience:
Candidates should have a proven track record in information security and risk management, with experience in conducting risk assessments and managing cybersecurity projects. Familiarity with security frameworks and compliance requirements is essential, as is the ability to work autonomously and manage external resources effectively. Experience in a financial or international organization is advantageous.
Languages:
Strong written and spoken communication skills in English are mandatory. Proficiency in additional languages may be considered an asset, particularly for candidates who will engage with diverse stakeholders across the EBRD's operational regions.
Additional Notes:
This position is a regular contract with a length that extends until at least March 30, 202
- The EBRD promotes a flexible working environment, expecting employees to work in the office 50% of the time. The organization values diversity and encourages applications from qualified candidates regardless of their background. Due to the high volume of applications, detailed feedback will not be provided to candidates who are not shortlisted.
Info
Job Posting Disclaimer
This job posting is provided for informational purposes only. The accuracy of the job description, qualifications, and other details mentioned is the sole responsibility of the employer or the organization listing the job. We do not guarantee the validity or legitimacy of this job posting. Candidates are advised to conduct their own due diligence and verify the details directly with the employer before applying.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.