Associate Director, IT Security

Purpose of Job

The Associate Director, IT Security provides ownership and leadership in defining, implementing and maintaining policies, procedures, controls and standards to ensure a secure, controlled and resilient Information Technology work environment for all Bank IT systems and users. The role interacts with all levels of management across the Bank to support the Bank’s strategy through effective selection, implementation and support of strategic and tactical IT Security initiatives and solutions.

Accountabilities & Responsibilties

• Establish, implement and maintain consistent and repeatable IT Security related Standards, Policies, and Procedures, aligned to the international standard for Information Security Management Systems, ISO 27001: 2013.
• Establish, implement and maintain a suite of IT Security tools to protect IT systems and give visibility of potential threats and vulnerabilities.
• Development of clear and concise reporting suitable to be presented to IT Management. This includes submissions of regular Key Risk Indicator reports that can be used to prioritise IT Security activities.
• Work closely with members of Operation Risk and Information Security to ensure IT Security and associated risks are appropriately managed.
• Establish, implement, test and maintain the policies and procedures within IT to ensure a robust and resilient IT environment that can meet the Bank’s Business Continuity requirements.
• Manage the annual resilience exercises from an IT perspective.
• Coordinate responses to Internal Audit recommendations to ensure that audit observations related to IT Security are appropriately managed.
• Co-ordinate vulnerability assessment and penetration testing as well as managing the associated remediation activities.
• Contribute to IT Security compliance with the Bank’s Internal Control Framework to ensure the accurate completion of annual testing schedules.
• Define the minimum IT Security and Business Continuity requirements for IT projects and IT operations, ensuring alignment to industry best practice recommendations.
• Provide expertise in the definition, selection and implementation of IT Security and Business Continuity related controls to the IT Department.
• Management of the IT Security and Business Continuity service providers, vendors, and consultants to ensure key objectives and deliverables are met in an efficient manner.
• Provide guidance and assistance to IT Senior Management and other areas within the Bank with regard to addressing IT Security, Business Continuity and IT Change issues.
• Keep abreast of all IT Security trends and best practice recommendations to ensure the Banks IT Security strategy is fit for business and future proof.
• Manage and promote IT Security and Business Continuity to ensure that the business understands the value of best practice and supports these key objectives.

Knowledge, Skills, Experience & Qualifications

Experience/Knowledge

• Extensive understanding of IT Security environment, policies, guidelines and standards.
• Experience of relevant standards (ISO 27001, 27005, 27015).
• Experience of working in the Financial Sector.

Skills

• Excellent interpersonal skills, including tact and diplomacy.
• Leadership skills.
• Fluency in oral and written English is essential and also good writing skills.
• Good understanding of the Bank’s processes and procedures.
• Extensive and proven track record of working within the IT Security arena at a senior managerial position.
• Ability to operate sensitively and effectively in a multicultural environment.
• Ability to communicate effectively to a wide variety of audiences in and outside EBRD.
• Ability to work both independently and as part of a small team.
• Good team player with strong interpersonal and diplomatic skills.
• Ability to handle pressure and work to challenging deadlines.
• Excellent organisational and multi-tasking skills.

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in. 

The EBRD environment provides you with:

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
• A working culture that embraces inclusion and celebrates diversity;
• An environment that places sustainability, equality and digital  transformation at the heart of what we do.

Diversity is one of the Bank’s core values which are at the heart of everything it does.  A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities.  As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.