Principal Security Engineer, IT Security

The Principal leads the strategy, design, implementation, support and maintenance of the Bank's platforms and software solutions.

The Principal acts as technical lead to one or more multi-disciplinary platform or software delivery squads, with direct responsibility for setting the overall technical direction and design approaches for one or more squads, ensuring adherence to best practices, EBRD standards, and technical requirements.

The role involves ensuring technical approaches are well-defined and prioritised in collaboration with Product Owners, Solution Architects, Delivery Managers, Capability Leads, and other engineering teams, with a focus on ensuring product robustness and facilitating efficient and effective delivery.

Accountabilities & Responsibilities

Engineering Excellence: The Principal will develop and lead a culture of technical and engineering excellence within their team(s) and in line with IT standards and best practice. The Principal will lead by example, sharing knowledge and helping all team members to develop and embed continuous learning and improvement practices, to ensure work is done to the highest standards, whilst prioritising value and adaptability.

Agile Ways of Working: The Principal will be a leading member of the agile community of practice, and will act as champion for agile ways of working across each squad. The role takes an active part in the continuous improvement of the agile playbook and actively seeks feedback using data on velocity, cycle times and other key metrics, to encourage improvements in the flow of value and agility of the teams and department. The role works to further embed agile ways of working across the Business, as part of our goal to embed organisational agility.

Managing cost and budget: The Principal, whilst not directly managing a cost centre, is responsible for demonstrating that the work in their area is being carried out in the most cost effective ways, with a continuous improvement approach to cost management.

Quality at our core: The Principal takes accountability to ensure that team members deliver work to expected levels of quality and deadlines. The role will work closely with the Quality community of practice to ensure that the bank's quality assurance standards are fully understood and embedded in each team's ways of working.

Secure First: The Principal works with their team(s) to embed a shift-left approach to security, to ensure that each team member understands and considers the implications of 'secure by design' from the initiation of an idea through to the testing and implementation. Working closely with peers and cyber and IT security consultants, the Principal supports all team members to adopt and upskill to fully embed a DevSecOps and Security-First culture.

Drives User Experience: The Principal ensures that all work done by their respective teams puts the user at the centre, in close partnership with the business Product Owners and SME. The role works to build and sustain continuous feedback loops to ensure that services are optimised for user experience, are user friendly, and align with business requirements.

Security Capability Lead

• Lead security engagement across a defined portfolio of IT capabilities, providing end-to-end oversight across the full service and delivery lifecycle.

• Define and apply a consistent, capability-agnostic security approach, ensuring security principles, standards, patterns and risk management practices are adopted uniformly across teams and technology domains.

• Advise on security considerations for capability roadmaps, investment decisions, architectural designs and major initiatives, ensuring security is addressed early and proportionately.

• Assess and manage security risks impacting supported capabilities, working collaboratively to agree pragmatic mitigation strategies aligned to business priorities.

• Act as a senior escalation point for security-related design issues, control gaps, incidents and material risks affecting multiple capabilities.

• Collaborate with Enterprise Architecture, IT Risk, Security Operations and other central functions to ensure alignment between security strategy, operational delivery and organisational objectives.

• Creation measurement metrics to monitor Capability security posture and ensure the remediation plans and actions are communicated and addressed within capability backlogs

• Lead any vendor-provided security resources supporting multiple capabilities and manage capacity and demand, ensuring security services scale appropriately and represent value for money.

• Set clear objectives, priorities and ways of working for vendor resources, ensuring effective, timely and high-quality security support.

• Ensure appropriate documentation, knowledge transfer and continuity arrangements are in place to reduce dependency on individuals and improve overall security maturity.

• Proficient in communicating complex technical issues to diverse audiences, ensuring information is delivered in a clear, authoritative, and actionable manner, both orally and in writing.
• Extensive Security Technology and Engineering experience with deep insight into the latest security technology trends
• Extensive experience in senior security engineering or security leadership roles within complex, multi-geographical IT environments.
• Demonstrable experience providing security leadership across multiple technology capabilities or domains, rather than operating solely within a single embedded team.
• Deep knowledge of enterprise security principles, frameworks, including secure-by-design, defence-in-depth, identity and access management, cloud and platform security, endpoint security and data protection.
• Extensive experience in managing distributed teams including vendor-provided resources, including setting priorities, managing performance and ensuring value for money.

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in. The EBRD environment provides you with: * Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in; * A working culture that embraces inclusion and celebrates diversity; * An environment that places sustainability, equality and digital transformation at the heart of what we do. Diversity is one of the Bank's core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.