Associate Lawyer
European Bank for Reconstruction and Development (EBRD)
London
United Kingdom
January 29, 2026
Full-timeJanuary 29, 2026
Personal Data Management and Information Security Officer
Job Description
Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) was established in 1991 with the mission to promote the transition to open market-oriented economies and to foster private and entrepreneurial initiative in countries from Central Europe to Central Asia. The EBRD operates in over 30 countries, employing a diverse workforce that reflects the rich variety of cultures and backgrounds of the regions it serves. The organization is committed to sustainable development and aims to support projects that enhance economic growth while ensuring environmental sustainability and social inclusion.
Job Overview:
The role of the Personal Data Management and security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security Officer at EBRD is crucial for maintaining the integrity and security of the Bank's information systems and personal data. This position involves a dual responsibility: leading the Bank's Personal Data Protection initiatives and supporting the overall Information Security agenda. The officer will ensure compliance with relevant regulations and standards, thereby contributing to the Bank's mission of promoting sustainable development. The officer will work closely with various departments, particularly the IT Department, to identify and mitigate risks associated with information security and personal data protection. This role is essential in fostering a culture of security awareness and compliance within the organization, ensuring that all staff are equipped with the necessary knowledge and skills to protect sensitive information.
Duties and Responsibilities:
The Personal Data Management and Information Security Officer will be responsible for a wide range of duties, including but not limited to: developing, reviewing, and updating the Bank's Information Security and Personal Data Protection Frameworks; managing and implementing internal training programs for staff; conducting compliance assessments to ensure adherence to policies; advising on the implementation of the PDP Framework; providing support on incident remediation related to personal data breaches; responding to data subject requests; advising on IT and business projects regarding InfoSec and privacy risks; maintaining risk registers and conducting ongoing risk analysis; supporting the completion of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs); managing business-as-usual activities such as social engineering exercises and supplier assurance assessments; researching emerging threats and evaluating their applicability to the Bank's operations; and monitoring changes in regulations and best practices to propose necessary updates.
Required Qualifications:
Candidates must possess a Bachelor’s or Master’s degree in IT, Security, Risk Management, or a related field. Additionally, they should hold at least one recognized information security qualification, such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor/Implementer. A data protection certification, such as EU-GDPR-P or CIPP/E, is also required. The ideal candidate will have excellent written and verbal communication skills, strong project management abilities, and a high attention to detail. They should be capable of working independently while managing multiple priorities and possess strong relationship management skills to influence stakeholders at all levels.
Educational Background:
The educational background required for this position includes a Bachelor’s or Master’s degree in a relevant field such as Information Technology, Security, Risk Management, or similar disciplines. Candidates with degrees in other fields may also be considered if they demonstrate relevant experience and skills. The emphasis is on having a solid foundation in areas related to information security and data protection, which are critical for the role.
Experience:
The position requires candidates to have substantial experience in information security and personal data protection. This includes practical experience in developing and implementing security frameworks, conducting compliance assessments, and managing data protection initiatives. Candidates should have a proven track record of working in roles that involve risk management, incident response, and training related to information security and privacy. Experience in a financial institution or similar environment is highly desirable, as it provides context for the regulatory and operational challenges faced in this sector.
Languages:
Fluency in English is mandatory, as the role requires excellent communication skills to present technical information effectively. While English is the primary language of communication, knowledge of additional languages may be considered an asset, particularly if it aligns with the regions in which the EBRD operates.
Additional Notes:
This position is a short-term contract lasting 12 months. The EBRD promotes a flexible working environment, expecting employees to attend the office 50% of their working time. The organization values diversity and encourages applications from qualified candidates regardless of their background. The compensation package is attractive and includes opportunities for professional development. Due to the high volume of applications, the EBRD may not provide detailed feedback to candidates who are not shortlisted.
The European Bank for Reconstruction and Development (EBRD) was established in 1991 with the mission to promote the transition to open market-oriented economies and to foster private and entrepreneurial initiative in countries from Central Europe to Central Asia. The EBRD operates in over 30 countries, employing a diverse workforce that reflects the rich variety of cultures and backgrounds of the regions it serves. The organization is committed to sustainable development and aims to support projects that enhance economic growth while ensuring environmental sustainability and social inclusion.
Job Overview:
The role of the Personal Data Management and security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security Officer at EBRD is crucial for maintaining the integrity and security of the Bank's information systems and personal data. This position involves a dual responsibility: leading the Bank's Personal Data Protection initiatives and supporting the overall Information Security agenda. The officer will ensure compliance with relevant regulations and standards, thereby contributing to the Bank's mission of promoting sustainable development. The officer will work closely with various departments, particularly the IT Department, to identify and mitigate risks associated with information security and personal data protection. This role is essential in fostering a culture of security awareness and compliance within the organization, ensuring that all staff are equipped with the necessary knowledge and skills to protect sensitive information.
Duties and Responsibilities:
The Personal Data Management and Information Security Officer will be responsible for a wide range of duties, including but not limited to: developing, reviewing, and updating the Bank's Information Security and Personal Data Protection Frameworks; managing and implementing internal training programs for staff; conducting compliance assessments to ensure adherence to policies; advising on the implementation of the PDP Framework; providing support on incident remediation related to personal data breaches; responding to data subject requests; advising on IT and business projects regarding InfoSec and privacy risks; maintaining risk registers and conducting ongoing risk analysis; supporting the completion of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs); managing business-as-usual activities such as social engineering exercises and supplier assurance assessments; researching emerging threats and evaluating their applicability to the Bank's operations; and monitoring changes in regulations and best practices to propose necessary updates.
Required Qualifications:
Candidates must possess a Bachelor’s or Master’s degree in IT, Security, Risk Management, or a related field. Additionally, they should hold at least one recognized information security qualification, such as CISM, CISA, CISSP, or ISO 27001 Lead Auditor/Implementer. A data protection certification, such as EU-GDPR-P or CIPP/E, is also required. The ideal candidate will have excellent written and verbal communication skills, strong project management abilities, and a high attention to detail. They should be capable of working independently while managing multiple priorities and possess strong relationship management skills to influence stakeholders at all levels.
Educational Background:
The educational background required for this position includes a Bachelor’s or Master’s degree in a relevant field such as Information Technology, Security, Risk Management, or similar disciplines. Candidates with degrees in other fields may also be considered if they demonstrate relevant experience and skills. The emphasis is on having a solid foundation in areas related to information security and data protection, which are critical for the role.
Experience:
The position requires candidates to have substantial experience in information security and personal data protection. This includes practical experience in developing and implementing security frameworks, conducting compliance assessments, and managing data protection initiatives. Candidates should have a proven track record of working in roles that involve risk management, incident response, and training related to information security and privacy. Experience in a financial institution or similar environment is highly desirable, as it provides context for the regulatory and operational challenges faced in this sector.
Languages:
Fluency in English is mandatory, as the role requires excellent communication skills to present technical information effectively. While English is the primary language of communication, knowledge of additional languages may be considered an asset, particularly if it aligns with the regions in which the EBRD operates.
Additional Notes:
This position is a short-term contract lasting 12 months. The EBRD promotes a flexible working environment, expecting employees to attend the office 50% of their working time. The organization values diversity and encourages applications from qualified candidates regardless of their background. The compensation package is attractive and includes opportunities for professional development. Due to the high volume of applications, the EBRD may not provide detailed feedback to candidates who are not shortlisted.
Info
Job Posting Disclaimer
This job posting is provided for informational purposes only. The accuracy of the job description, qualifications, and other details mentioned is the sole responsibility of the employer or the organization listing the job. We do not guarantee the validity or legitimacy of this job posting. Candidates are advised to conduct their own due diligence and verify the details directly with the employer before applying.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.
