General Information
Type of contract
Fixed-term contract which may be converted into a permanent contract after three years subject to individual performance and organisational needs
Who can apply?
EU nationals
Salary
H (bracket 1 - step 1) full time monthly net salary: €8,130 plus benefits, for further information see
what we offer.
Working time
Full time
Place of work
Frankfurt am Main, Germany
Closing date
16.07.2025
Your team
You will be part of the Non-Financial Risk Inspections Division in the Directorate General On-Site & Internal Model Inspections. The Directorate General is made up of approximately 300 supervisors dedicated to on-site supervision related to the Single Supervisory Mechanism (SSM). It performs on-site inspections and internal model investigations, including on banks’ premises. It also oversees the ECB’s new mandate and responsibilities associated with threat-led penetration testing (TLPT), in accordance with the Digital Operational Resilience Act (DORA). Most banks in the SSM are obliged to conduct an advanced cyber test periodically, in line with the TLPT model. The Directorate General is currently building a dedicated team of TLPT experts in the Non-Financial Risk Inspections Division to address this new mandate and its associated responsibilities. TLPT tests will be carried out in full partnership with national competent authorities.
In your role as TLPT Team Lead, you will be responsible for the coordination, monitoring and quality assurance of the SSM testing of relevant banks at all stages of the process. This means working in an exciting and challenging environment, offering a senior view and experience to a team of around ten colleagues. In doing so, you will contribute to ensuring the SIs conduct TLPT in a safe and comprehensive manner, while building experience of improving resilience to cyberattacks. You will also guide and train more junior test managers, including those involved in planning the tests and presenting their outcomes to other stakeholders.
The SSM is the system of banking supervision in Europe. It comprises the ECB and the national supervisory authorities of the participating countries.
The ECB is an inclusive employer and we strive to reflect the diversity of the population we serve. We encourage you to apply irrespective of age, disability, ethnicity, gender, gender identity, race, religious beliefs, sexual orientation or other characteristics.
Your role
As TLPT Team Lead, you will:
- assume responsibility for the coordination, monitoring and quality of the SSM testing of significant institutions (SIs) at all stages of the testing process, according to TLPT methodology developed in DORA;
- lead tests yourself and also reviewing and coaching test managers within the team. You will work in close contact with the tested financial entities, the “Red” Team and all other stakeholders involved;
- play an active role in the TLPT process of the SSM, identifying SIs to be tested, planning tests, liaising with the test control teams, assisting in any issues arising during testing and providing guidance to the general supervisors;
- have a role in the SSM TLPT community and threat and intelligence based ethical red-teaming (TIBER) community and in further developing TIBER-EU SSM. You may also represent the ECB on relevant national and European committees;
- help the SSM by sharing your expertise as a cybersecurity expert at training events.
The position offers you excellent opportunities. The new TLPT responsibilities will enable you to help build a team which focuses on results, constructively challenging banks’ senior management on complex issues in the increasingly important area of cyber/IT risk. You will also be able to take part in IT risk inspections, the other responsibility of the section. You will be part of a multicultural team that strives for continuous innovation to make a positive impact on the lives of European citizens.
Qualifications, experience and skills
Essential:
- a master's degree or equivalent in computer science, natural sciences or another relevant field (see How you can join us for details on degree equivalences);
- in addition to the above, at least five years of hands-on experience in IT security testing, including proven project management experience in IT;
- knowledge of regulatory frameworks and standards regarding the control and management of operational risks (DORA, NIS2, TIBER-EU, etc.);
- good understanding of the organisation and structure of banks, financial sector processes and service providers;
- coordination, communication and presentation skills gained in a multicultural environment and the ability to engage with a range of internal and external stakeholders;
- demonstrated ability to coach and mentor colleagues while effectively leading and inspiring high-performing teams of experts;
- an advanced (C1) command of English and an intermediate (B1) command of at least one other official language of the EU, according to the Common European Framework of Reference for Languages.
Desired:
- experience of penetration testing and/or red-teaming and/or threat intelligence;
- professional qualifications such as CISSP, CISM, CRISC or similar;
- ability to familiarise yourself quickly with new topics and a willingness to learn continuously.
You engage collaboratively with others. You pursue team goals and learn willingly from other people’s diverse perspectives. You signal any need for change by explaining it and proposing alternative solutions. You analyse complex information effectively and can evaluate different views to arrive at solutions. You know and anticipate stakeholder needs. You are skilled at encouraging people to develop their abilities and can build up high-performing teams.
You are motivated to be part of our team and to develop and use your skills and competencies to achieve the aims of this position. You are aware of your strengths and areas for development and know what motivates you to perform at your highest level.
Working modalities
Working for European banking supervision might involve spending limited periods of time at banks (e.g. meetings at the start and end of TLPT). Hybrid approaches including time spent on-site in banks and remotely are fully embedded in our on-site supervisory culture. This important part of our work is complemented by an environment in which well-being and a good work-life balance are fostered. Playing a role in European banking supervision also entails collaborating in multinational and multicultural teams and operating in the context of different national frameworks, for which a strong ability to use different EU languages for business purposes is an asset.
Further information
The formal title for this position will be Team Lead.
The contract offered will be fixed-term, the appointment being for at least 36 months as of the exact starting date of the selected person.
Temporary appointments may be extended or made permanent subject to organisational needs and budgetary constraints. This may result in a staff member with a non-convertible fixed-term contract being offered a convertible contract in accordance with the ECB Conditions of Employment.
For additional information on this specific vacancy, you can speak to the hiring manager, Michiel le Comte, on +49 (0)69 1344 25196, on 8 July from 10:00 to 12:00, and on 16 July from 11:00 to 12:00.
Application and selection process
The recruitment process for this position will be conducted remotely at the end of August 2025. It will include a written exercise, a presentation and an interview.
If you are not selected for this position but are still considered suitable, you will be placed on a reserve list (see step 4 of
How we hire), from which you might be considered for similar positions within the ECB.
