Information Security and Supplier Assurance Consultant

We are looking for a highly skilled Information Security and Supplier Assurance Consultant to join our Operational Risk Management (ORM) team at the European Bank for Reconstruction and Development (EBRD). This is a unique opportunity to play a vital role in protecting the EBRD’s Information Assets and IT Facilities, supporting the delivery of critical projects, and shaping our security and risk governance across the Bank.

Your Role and Purpose

As an Information Security and Supplier Assurance Consultant, you will support the Head of Information Security in managing Information Security (IS) risks across the Bank. You will be responsible for:

• Delivering key IS projects and driving supplier and project security assurance activities.
• Reviewing and updating IS policies, procedures, and the broader Information Security Framework.
• Providing technical security consultancy and managing risk assessments, including third-party and cybersecurity risks.
• Ensuring regulatory compliance and supporting internal/external reviews.

Key Responsibilities

• Act as the Bank’s IS technical consultant on Supplier and Project Assurance activities.
• Oversee the administration of the SureCloud platform and baseline control set maintenance.
• Lead security triaging and approvals of new projects and suppliers.
• Conduct security assessments and technical risk evaluations.
• Liaise with IT and MSSP teams to identify and remediate security risks/incidents.
• Draft reports, risk register updates, and maintain documentation aligned with best practice (ISO 27001, NIST CSF).
• Track and advise on industry security trends and their implications.
• Contribute to social engineering assessments, BAU risk mitigation, and business process evaluations.
• Influence and support change by aligning policy updates with new regulations and business needs.

What We’re Looking For

• A Bachelor’s or Master’s degree (preferably in IT, Security, or Risk).
• At least one recognised IS qualification (CISM, CISA, CISSM, ISO 27001 Lead Auditor/Implementer, CIPP/E).
• Proven experience in delivering project and supplier assurance activities in the IS domain.
• Strong written and verbal communication skills, especially the ability to translate technical details into business-friendly language.
• Effective project management and stakeholder engagement abilities.
• Ability to work independently, manage multiple priorities, and maintain high attention to detail.
• A collaborative mindset with strong influencing and problem-solving capabilities.

Why Join EBRD?

Working with us means contributing to projects that promote economic transition and sustainable growth. You'll be part of a diverse, mission-driven team with a real-world impact across the EBRD’s regions. In this role, you’ll be at the heart of strengthening our cybersecurity and information resilience in a dynamic, international environment.

The EBRD Environment Provides You With

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
• A working culture that embraces inclusion and celebrates diversity;
• An environment that places sustainability, equality and digital transformation at the heart of what we do.

Diversity is one of the Bank’s core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expect our employees to attend the office 50% of their working time.