Information Security and Supplier Assurance Consultant

Select how often (in days) to receive an alert:
We are seeking a highly skilled Information Security Consultant to lead the scoping, planning, and.me p execution of advanced security testing initiatives, includingRed TeamandPurple Teamengagements.We are looking for a specialistexperienced inmanaginganddeliveringethicalhacking campaigns, Red/ Purple teamassessmentsand technical risk assessments.This rolevalidatesdefensive capabilities,synthesisescomplex findings toprovideactionable guidancefor improvement ofcyberposture andresilience.
This role bridges technical security and security risk management and requires knowledge risk assessment methodologies, an ability to produce metrics, reporting and dashboards as well translate and present technical language, concepts and impacts into language that facilitates business decision making.
Key Responsibilities
Scoping & Planning
Define objectives, scope, and success criteria for Red Team and Purple Team exercises.
Develop detailed test plans aligned with organizational risk priorities and compliance requirements.
Coordinate scheduling and resource allocation kaha for internal and external stakeholders.
Engagement Management
Act as the primary liaison between internal teams and external MSSPs/consultants.
Ensure testing activities adhere to agreed timelines, methodologies, and ethical guidelines.
Monitor progress and provide status updates to senior leadership.
Technical Oversight
Review andvalidateattack scenarios, tactics, techniques, and procedures (TTPs) used during engagements.
Ensure Purple Team exercises effectively integrate offensive and defensive teams for collaborative improvement to enhance detection and response.
Analysis & Reporting
Analysefindings fromRed and Purple Teamengagements.
Prepare comprehensive reports detailing vulnerabilities, attack paths, and defensive gaps.
Prepare and present results to technical and non-technical stakeholders, including reporting for EBRD senior leadership. Incorporate technical findings and outcomes into information security risk reporting templates.
Implementation Guidance
Provide actionable remediation steps and strategic recommendations based on findings.
Collaborate with IT security, security engineering, architecture and operations teams to guide implementation improvements.
Track remediation progress and validate effectiveness through follow-up testing.
Required Skills & Experience
Technical Expertise
Strong understanding of adversarial tactics (MITRE ATT&CK framework) and threat emulation.
Experience with penetration testing, exploit development, and detection engineering.
Familiarity with SIEM, EDR, and threat-hunting tools.
Commitment to staying up to date with emerging threats and remedies.
Reporting & Presentation
Ability to translate technical concepts,including technical risk,intobusiness language and business impact.
Experience in proposing actionable remedial steps to address findings.
Experience of reporting meaningful metrics to a variety of internal technical and non-technical audiences.
Proven ability to work with external MSSPs and consultants.
Experience in overseeing and managing testing campaigns with a variety of internal stakeholders.
Excellent communication skills for cross‑functional engagementخفض?
Certifications (Preferred)
OSCP, OSCE, CRTO, or similar offensive security certifications.
GIAC certifications (e.g., GCTI, GPEN, GCFA) or equivalent.
.Android? Experience
Extensive background in cybersecurity, covering all major security domains, with solid hands‑on experience in Red and Purple Team operations.
Hands‑on experience in scoping and managing security testing engagements.
Solid experience in metrics and reporting.
Key Attributes
Strategic thinker with strong analytical skills.
Ability to translate technical findings into business risk language.
Ability to partner with a wide range of technical and non‑technical stakeholders.
What is it like to work at the EBRD?
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people’s lives and help shape the future of the regions we invest in.
The EBRD environment provides you with:
ýeti? Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
A working culture that embraces inclusion and celebrates diversity;
An environment that places sustainability, equality and digital transformation at the heart of what we do.
Diversity is one of the