Information Security and Privacy Consultant

Social network you want to login/join with:

col-narrow-left

The European Bank for Reconstruction and Development

London, United Kingdom

Other

-

Yes

col-narrow-right

65a0ac5a7573

3

29.06.2025

13.08.2025

col-wide

About the Role

The European Bank for Reconstruction and Development (EBRD) is seeking an Information Security and Privacy Consultantto support the Head of Information Security in managing the Bank’s information security and personal data protection landscape.

You will play a dual role—leading on the Bank’s Personal Data Protection efforts and supporting the InfoSec agenda. Your work will ensure that the Bank maintains high standards of security, privacy, and compliance, contributing to our mission of promoting sustainable development across our regions of operation.

Aboutthe Department

Operational Risk Management (ORM) is part of the Bank’s Risk Management group and forms the second line of defence. ORM is responsible for independently identifying, assessing, and supporting the mitigation of key operational risks, including those related to information security and personal data protection. ORM works in close collaboration with the IT Department and business units across the Bank.

Purpose of the Role

You will act as the Bank’s:

Primary Personal Data Protection Officer (PDPO) and contact point.

Key advisor on privacy and information security risks.

Manager of critical programmes, including the Bank’s InfoSec and Personal Data Protection Frameworks and Training & Awareness initiatives.

Coordinator for internal/external reviews related to InfoSec and privacy compliance.

You will work closely with IT and business functions to identify risks, manage incidents, and advise on good practices aligned with ISO 27001 and/or NIST.

KeyResponsibilities

Develop, review, and update the Bank’s Information Security and Personal Data Protection (PDP) Frameworks (policies, directives, guidance, and procedures).

Manage and implement internal training for staff and Bank users, including writing training materials and managing the Bank’s eLearning platform.

Conduct compliance assessments to evaluate adherence to InfoSec and privacy policies and procedures.

Provide support on incident remediation, especially in cases involving personal data breaches.

Respond to data subject requests and support the Personal Data Review Panel on personal data-related complaints.

Advise on IT and business projects with respect to InfoSec and privacy risks.

Maintain risk registers, provide ongoing risk analysis, and contribute to risk mitigation plans.

Support completion and review of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).

Manage BAU activities, including:

Social engineering exercises.

Supplier assurance assessments.

Risk assessments for business processes and technologies.

Research emerging threats and evaluate applicability to the Bank’s operations.

Monitor changes in regulations and best practices, document and propose updates, agree on changes with the Head of Information Security, and implement project plans.

Work extensively with IT, particularly the IT Security team, to address technical security and risk issues with a sound understanding of underlying technologies.

RequiredQualifications & Experience

Education: Bachelor’s or Master’s degree, ideally in IT, Security, Risk Management, or a related field (other fields will also be considered).

Certifications:

At least one recognised information security qualification (e.g., CISM, CISA, CISSM, ISO 27001 Lead Auditor/Implementer).

At least one data protection certification (e.g., EU-GDPR-P, CIPP/E).

Technical and Professional Skills:

Excellent written and verbal communication and presentation skills in English.

Ability to present technical information in business and risk language.

Strong project management and problem-solving skills.

High attention to detail and accuracy.

Ability to work independently and handle multiple priorities.

Strong relationship management and influencing skills across all levels.

Information security tools and practices (e.g., mobile device security, information classification).

Supplier assurance, social engineering testing, and security awareness training.

Privacy principles, including Privacy by Design, DPIAs, handling data subject requests, and investigating personal data breaches.

WhyJoin EBRD?

Contribute to sustainable impact in 30+ countries.

Be part of a values-driven institution that fosters transparency, innovation, and inclusion.

Collaborate with experienced professionals in a dynamic and supportive environment.

Access development opportunities and an attractive compensation package.

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.

The EBRD environment provides you with:

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
• A working culture that embraces inclusion and celebrates diversity;
• An environment that places sustainability, equality and digital transformation at the heart of what we do.