Personal Data Management and Information Security Officer

<!–

Description

–>

The European Bank for Reconstruction and Development (EBRD) is seeking a Personal Data Management and Information Security Officer to support the Head of Information Security in managing the Bank’s information security and personal data protection landscape.

You will play a dual role—leading on the Bank’s Personal Data Protection efforts and supporting the InfoSec agenda. Your work will ensure that the Bank maintains high standards of security, privacy, and compliance, contributing to our mission of promoting sustainable development across our regions of operation.

About the Department

Operational Risk Management (ORM) is part of the Bank’s Risk Management group and forms the second line of defence. ORM is responsible for independently identifying, assessing, and supporting the mitigation of key operational risks, including those related to information security and personal data protection. ORM works in close collaboration with the IT Department and business units across the Bank

You will act as the Bank’s:

• Primary Personal Data Protection Officer (PDPO) and contact point.
• Key advisor on privacy and information security risks.
• Manager of critical programmes, including the Bank’s InfoSec and Personal Data Protection Frameworks and Training & Awareness initiatives.
• Coordinator for internal/external reviews related to InfoSec and privacy compliance.
• You will work closely with IT and business functions to identify risks, manage incidents, and advise on good practices aligned with ISO 27001 and/or NIST.

Responsibilities:

• Develop, review, and update the Bank’s Information Security and Personal Data Protection (PDP) Frameworks (policies, directives, guidance, and procedures).
• Manage and implement internal training for staff and Bank users, including writing training materials and managing the Bank’s eLearning platform.
• Conduct compliance assessments to evaluate adherence to InfoSec and privacy policies and procedures.
• Advise the Bank and data subjects on implementing, applying, and complying with the PDP Framework.
• Provide support on incident remediation, especially in cases involving personal data breaches.
• Respond to data subject requests and support the Personal Data Review Panel on personal data-related complaints.
• Advise on IT and business projects with respect to InfoSec and privacy risks.
• Maintain risk registers, provide ongoing risk analysis, and contribute to risk mitigation plans.
• Support completion and review of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).

Manage BAU activities, including:

Social engineering exercises.

• Supplier assurance assessments.
• Risk assessments for business processes and technologies.
• Research emerging threats and evaluate applicability to the Bank’s operations.
• Monitor changes in regulations and best practices, document and propose updates, agree on changes with the Head of Information Security, and implement project plans.
• Work extensively with IT, particularly the IT Security team, to address technical security and risk issues with a sound understanding of underlying technologies.

Required Qualifications & Experience:

Education:

• Bachelor’s or Master’s degree, ideally in IT, Security, Risk Management, or a related field (other fields will also be considered).

Technical and Professional Skills:

• Excellent written and verbal communication and presentation skills in English.
• Ability to present technical information in business and risk language.
• Strong project management and problem-solving skills.
• High attention to detail and accuracy.
• Ability to work independently and handle multiple priorities.
• Strong relationship management and influencing skills across all levels.

Source: https://jobs.ebrd.com/job/London-Personal-Data-Management-and-Information-Security-Officer/1203871501/

<!—

<!–

–>