Associate Director, Head of IT Security (London, GB)

Requisition ID 35051 Office Country United Kingdom Office City London Division Information Technology Contract Type Regular Contract Length Posting End Date 14/10/2024

Purpose of Job

The Associate Director – IT will be responsible for leading and overseeing all aspects of information security strategy, implementation, and governance across our organization's worldwide operations. The role is responsible for the effective and efficient functioning of their security and Identity and Access management areas, ensuring adherence to the principles of autonomy, self-management, a product led mind set, iterative delivery, adequate resourcing, and high technical standards and always operating within the practices and procedures of the department. This individual will have outstanding hands-on technology leadership and communication skills, a desire to help others learn and develop a calm and pragmatic manner, excellent vendor management skills, plus a superior, risk-oriented approach to processes and operations.

The role is also responsible for both implementation and operational processes to ensure quality, efficiency and agility goals are achieved. This role is a key member of the Technology leadership team and will be highly visible within the organisation.

Accountabilities & Responsibilities

Responsibility

Description

Technology Function

This role is expected to be highly specialised in following Technology areas at

Security Operations centre Identity AM Security Configuration Security Awareness & Training Account management Vulnerability management Data recovery Application Security Security Policy Application and Infrastructure Project Security

Cyber Security

Develop and execute a comprehensive global information security strategy aligned with business objectives and regulatory requirements. Lead the information security governance framework, ensuring effective risk management, compliance, and assurance processes are in place. Provide strategic direction and leadership to the global information security team, fostering a culture of collaboration, innovation, and continuous improvement. Establish and maintain strong relationships with key stakeholders, including executive leadership, board members, regulators, and industry partners. Drive the development and implementation of robust security policies, standards, and procedures to safeguard the organization's assets and data. Oversee the management of security operations, including incident response, threat intelligence, vulnerability management, and security awareness programs. Monitor emerging threats and industry trends to proactively identify and mitigate potential risks to the organization's information assets. Collaborate with cross-functional teams to integrate security best practices into business processes, projects, and technologies. Provide regular reporting and updates to executive management and the board on the organization's security posture, risk profile, and compliance status. Stay current with evolving regulatory requirements, industry standards, and best practices in information security management.

CLG Relationship

Develop and improve relationships with CLG (Corporate Leadership Group) members, identifying priorities, issues and strategic challenges and preparing them for discussion. Work is focused on a technology function that has scale and global reach, or a Hub. Acts as a trusted advisor and builds and maintains relationships with other IT leaders and CLG level executives to develop a clear understanding of business needs and relevant capability development and leads teams to be able to respond with agility to changing business priorities.

Budgeting & Cost Management

Take overall responsibility for setting and approving budgets that achieve organizational strategy within a technology function or a Hub in accordance to the delegated powers of authority when applicable. Develops and steers the annual operating and capital & Operating expenditure budget for the respective Capabilities to ensure it is consistent with overall strategic objectives of IT and in line with MD ITs set targets and directions and is properly resourced within plan while appropriately being on budget.

Business Roadmap Planning

Lead the development of annual and longer-term business plans for a Technology function or a Hub ensuring alignment with strategy; quantify business outcomes (i.e. Objective and key results or other key performance indicators) and resource budgets (financial and headcount); and ensure integration of key activities or projects across the organization.

Corporate Representation

Represent the organization in external relations with Board, the vendors on behalf of a Technology function or a local Hub on behalf of MD IT

Technology Strategy and Corporate Alignment

Together with Technology Leadership Team, co-Lead in the development of technology strategy, providing functional leadership and challenge to test the viability of the strategy and contributing creative ideas and insights to support the strategy formation process. Leads the development of the assigned part of the IT blueprint reporting to the MD IT and ensures its integration with the overall IT and enterprise strategic plans. Ensures that their Capability areas align to the organizations and department’s vision and strategy. Uses communication, measurement, evidence, and feedback to ensure that the IT organization fosters a business-oriented culture and mindset driven by a desire to learn and improve across Head Office and the ROs.

Transformation

Facilitate the creation of the digital strategy in the assigned portfolio, working with both internal and external stakeholders to build and communicate the strategic importance of digital and transformation and support to drive organizational transformation in the technology functions scope

Technology Oversight

Leverages influencing and negotiation skills across IT and the enterprise to enable cost-effective and innovative shared technology solutions in achievement of business goals aligned to the Target Architecture while minimizing deviations. Maintains currency on new technologies and platforms and provides advice and direction on what emerging technologies should be assimilated, integrated, and introduced within their Capabilities. Provides strategic direction and oversight for the design, development, operation, and support of IT systems that fulfil the needs of the business, including the full life cycle of technical architecture, infrastructure engineering, infrastructure operations and IT service support.

Execution Excellence

Lead execution of transformation roadmap, establishing and managing programs, and projects, resource allocation, KPIs, and governance activities effectively, efficiently and in line with portfolio roadmap. Works with the IT senior leadership team, Chief Architect, CIO Office, Transformation Office and Product Owners to prioritize allocation of resources to different priorities within the owned portfolio and if needed to the overall portfolio.

Leading Change

Take responsibility for developing and delivering change management plans within the allocated technology portfolio and achieving outcomes that support the organization's overall strategy.

Enterprise Infrastructure

Modernization

Contribute significantly to strategic direction for enterprise architecture, championing an enterprise architecture that is scalable, adaptable, and synchronized with ever-changing business needs and the complexity of digital transformation. Drive alignment and governance across the various domains to align to the target architecture and enable oversight of solution architecture with direct accountability of solution level designs within the scope of the function.

Infrastructure and Network

Development and

Maintenance

Set the global strategic direction for infrastructure and network resources, ensuring it meets long-term business needs and implementation in line with the Target Architecture under the scope of the Technology Function when the allocated portfolio has ownership of these technologies.

Stakeholder Relationship

Management

Lead the development of partnering relationships with stakeholders throughout the global organization, building high levels of professional credibility and mutual trust, and ensuring that internal clients have access to high-quality advice and guidance to support in delivering business strategy and plans for partners in scope of the portfolio.

Leadership and Direction

Communicate the organization's mission, vision and values, and its strategy and broad action plan for delivering these within a Technology function; inspire a diverse global workforce to commit to these and executing appropriate actions to achieve the organization's business goals.

Operational Compliance

Lead the implementation of the organization's policies and procedures within a Technology function to minimize business risk and protect the organization's reputation. Create a business culture that places value on the principles that underlie the creation of voluntary codes of practice, and on adherence to these to mitigate the Technology and Cyber risk.

Workforce Strategy and Execution

Execute the defined Technology blueprint within the scope of influence in line with the detailed design of the organization, to enable the achievement of the organization's mission and business objectives. Directs the execution of sourcing strategy and provides executive oversight for relevant strategic vendor and partner relationship management in addition to the internal roles.

Performance Management

Lead the development of policies, procedures, and related guidelines within the allocated portfolio, ensuring coherence across national boundaries and integration with the broader international corporate policy framework.

IT Implementation and

integration

Leads the implementation, configuration and optimization of IT systems and services, while ensuring smooth integration with IT/cloud infrastructure.

Coaching and Talent

Development

Motivating all employees within the allocated portfolio to learn, grow and develop so that they can obtain the knowledge and experience they need to help the organization reach its goals. Provides leadership, coaching and direction to the Capability teams and IT staff, maintaining high levels of engagement and morale amongst their teams reflected through engagement scores in line with targets. Forecasts future skill needs to acquire and develop a workforce / vendor mix with the appropriate level of business knowledge, technical skills and competencies that balance between growing the agility required to achieve digital business objectives and ensuring the core IT functions are reliable, stable and efficient.

Culture Development

Making sure the workforce within the allocated portfolio develops and maintains the culture, values and design it needs to reach its objectives while managing structural change.

Knowledge, Skills, Experience & Qualifications

Education

• Bachelor's degree in Computer Science, Information Security, or related field; advanced degree preferred.

Experience

Minimum of 10 years of experience in information security management, with at least 3 years in a senior leadership role reporting to CIO level. Proven track record of designing and implementing global information security programs in complex, regulated environments, preferably within the financial services industry. Strong understanding of cybersecurity risk management principles, frameworks (e.g., NIST, ISO 27001), and regulatory requirements (e.g., GDPR, PCI DSS, SOX). Excellent leadership and communication skills, with the ability to effectively engage and influence stakeholders at all levels of the organization. Experience developing and managing IT Risk Frameworks Demonstrated experience in building and leading high-performing teams, including recruiting, mentoring, and developing talent. Strategic thinker with the ability to translate business needs and regulatory requirements into actionable security initiatives. Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or equivalent certifications preferred. Strong analytical and problem-solving skills, with the ability to prioritize and manage multiple projects in a fast-paced environment. Experience working at a senior level with multiple stakeholders across the organization both at a governance Expertise in IT Risk Frameworks. Demonstrable knowledge and experience leading development of major cloud-based platforms, legacy systems, agile implementation, microservices approach and CI / CD practices. Comprehensive knowledge of hardware, software, application, infrastructure, and systems engineering Banking domain experience preferred.

Knowledge/Skills

Exceptional leadership and coaching skills with the ability to develop cross functional teams and communicate a vision that inspires and motivates staff and aligns them to the IT and business strategy. Ability to instill confidence in the business and demonstrate the business value of cybersecurity effectively. Internal and external stakeholder management skills Strong vendor management and partner relation skills to identify and leverage resources internal and external to the enterprise to enhance capabilities that support business objectives Negotiation skills : Capable of negotiating with high expertise to help the organization by obtaining consensus between two or more internal or external parties who may have different interests in an environment where resources may or may not be not be in direct control of this role. Shows all-around competence in the Security architecture and Risk Framework and is seen as a thought leader in the industry, not just the organization, maintaining close links with external organizations and industry leaders. Action Planning: Applies expertise on developing appropriate plans or performing necessary actions based on recommendations and requirements. Data Preparation and Exploration: Combines data from obvious and non-obvious source to solve complex problems. Builds frameworks to check data quality that can be reused by others. Can identify more than one solution to many problems. Often brings a new perspective to a problem or identifies items others have overlooked. Excellent written and verbal communication skills with the ability to explain complex technical concepts and plans in simple and easily understood ways and to promote the mission and values of the IT organization in an engaging and collaborative way. Excellent leadership skill to contribute and support and ambitious change program in a challenging environment. Excellent analytical, strategic conceptual thinking, strategic planning, and execution skills. Expertise in budget planning and financial management. Deep understanding of current and emerging technologies and how other enterprises are employing them. Success in evolving traditional practices into contemporary approaches such as DevSecOps so that operations can be delivered with security, quality, agility and flexibility using Agile ways of working.

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.

The EBRD environment provides you with:

Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in; A working culture that embraces inclusion and celebrates diversity; An environment that places sustainability, equality and digital transformation at the heart of what we do.

Diversity is one of the Bank’s core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.

Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).