Principal Security Capability Lead

Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) is an international financial institution established in 199

• The EBRD's mission is to promote the transition to open market-oriented economies and to foster private and entrepreneurial initiative in countries from Central Europe to Central Asia and the Southern and Eastern Mediterranean. The organization operates in over 30 countries and employs a diverse workforce of approximately 2,000 employees. The EBRD is committed to sustainability, equality, and digital transformation, and values diversity as one of its core principles.

Job Overview:
The Principal security" style="border-bottom: 1px dotted #007bff !important;">Security Capability Lead is responsible for leading the strategy, design, implementation, support, and maintenance of the Bank's platforms and software solutions. This role acts as the technical lead for one or more multi-disciplinary platform or software delivery squads, setting the overall technical direction and design approaches. The Principal will ensure that technical approaches are well-defined and prioritized in collaboration with Product Owners, Solution Architects, Delivery Managers, Capability Leads, and other engineering teams. The focus is on ensuring product robustness and facilitating efficient and effective delivery while adhering to best practices and EBRD standards. The Principal will also develop a culture of technical and engineering excellence within their teams, champion agile ways of working, manage costs effectively, ensure quality, and embed security-first practices throughout the development lifecycle. Additionally, the Principal will drive user experience by ensuring that all work is user-centered and aligned with business requirements.

Duties and Responsibilities:

• Develop and lead a culture of technical and engineering excellence within the team, ensuring adherence to IT standards and best practices.
• Act as a champion for agile methodologies, participating in the continuous improvement of the agile playbook and utilizing data to enhance team performance.
• Demonstrate cost-effective practices in project execution, ensuring continuous improvement in cost management.
• Ensure that team members deliver high-quality work within deadlines, collaborating with the Quality community of practice.
• Embed a shift-left approach to security, promoting a 'secure by design' philosophy from project initiation through testing and implementation.
• Lead security engagement across a defined portfolio of IT capabilities, providing oversight throughout the service and delivery lifecycle.
• Define and apply a consistent security approach across teams, ensuring uniform adoption of security principles and risk management practices.
• Advise on security considerations for capability roadmaps and major initiatives, ensuring early and proportionate security measures.
• Assess and manage security risks, collaborating to develop pragmatic mitigation strategies. 1
• Serve as a senior escalation point for security-related design issues and incidents. 1
• Collaborate with central functions to align security strategy with operational delivery. 1
• Create metrics to monitor security posture and ensure remediation plans are communicated effectively. 1
• Manage vendor-provided security resources, ensuring effective support and value for money. 1
• Set clear objectives and priorities for vendor resources, ensuring high-quality security support. 1
• Ensure proper documentation and knowledge transfer to improve overall security maturity.

Required Qualifications:

• Proficient in communicating complex technical issues to diverse audiences, both orally and in writing.
• Extensive experience in security technology and engineering, with a deep understanding of current security trends.
• Proven experience in senior security engineering or leadership roles within complex, multi-geographical IT environments.
• Demonstrable experience providing security leadership across multiple technology capabilities.
• Deep knowledge of enterprise security principles and frameworks, including secure-by-design, defense-in-depth, identity and access management, cloud security, and data protection.
• Extensive experience managing distributed teams, including vendor resources, with a focus on performance management and value delivery.

Educational Background:
A bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required. A master's degree or relevant certifications in security (such as CISSP, CISM, or equivalent) is highly desirable.

Experience:
The position requires extensive experience in security technology and engineering, particularly in senior roles that involve leadership across multiple technology domains. Candidates should have a proven track record of managing complex IT environments and distributed teams, demonstrating the ability to set priorities and manage performance effectively.

Languages:
Fluency in English is mandatory, with additional languages being a plus. Candidates should be able to communicate technical information clearly and effectively to diverse audiences.

Additional Notes:
This is a fixed-term contract position for a duration of 2 years. The role is based in London, United Kingdom, and requires the employee to attend the office 50% of the time. The EBRD promotes flexible working arrangements and encourages applications from qualified candidates regardless of their background.