IT Risk and Threat Led Penetration Testing Supervision Analysts

Frankfurt

Organization: ECB - European Central Bank
Location: Frankfurt
Grade:
Occupational Groups:
- Information Technology and Computer Science
Closing Date: 2025-11-11

General Information

Type of contract Fixed-term contract which may be converted into a permanent contract after three years subject to individual performance and organisational needs

Who can apply? EU nationals

Salary E/F (bracket 1 - step 1) full time monthly net salary: €4,869 plus benefits, for further information see what we offer.

Working time Full time

Place of work Frankfurt am Main, Germany

Closing date 11.11.2025

Your team

The ECB supervises significant banks in Europe as part of the Single Supervisory Mechanism (SSM), which comprises the ECB and the 21 national supervisory authorities of the participating countries.

First-line banking supervision under the SSM is composed of three main activities, which are organised under several directorates general at the ECB: (i) the vertical line, the joint supervisory teams responsible for ongoing off-site supervision of dedicated portfolios of banks; (ii) the horizontal line, which provides transversal assessments and benchmarks for the banking sector; and (iii) on-site inspections and internal model investigations, carried out by the Directorate General On-Site and Internal Model Inspections (DG/OMI), which provides in-depth and focused assessments of specific risks or issues at individual banks.

DG/OMI has approximately 300 supervisory colleagues dedicated to on-site SSM supervision, performing on-site inspections and internal model investigations, partly at the premises of supervised banks. The Directorate General coordinates the planning and execution of the on-site supervisory programme. It develops and maintains comprehensive methodologies for the different on-site activities and ensures harmonised on-site approaches to the assessment of banks under the SSM. It also contributes to the identification of risks and supervisory priorities.

For IT Risk Analysts, the work within DG/OMI falls into two main categories.

IT risk inspections: the ECB has been conducting IT risk and cybersecurity inspections since 2014 for banks designated as significant institutions. DG/OMI has an existing team of 17 IT Risk On-site Inspectors within its Non-Financial Risk Inspections Division.
Threat Led Penetration Testing (TLPT): the Digital Operational Resilience Act (DORA) requires the ECB to ensure that identified banks under direct ECB supervision conduct an advanced cybersecurity test using the TLPT model. DG/OMI is building a team of TLPT experts within its Non-Financial Risk Inspections Division to manage these tests alongside teams from national supervisory authorities and national central banks.

We are looking for enthusiastic new colleagues at analyst level who are keen to contribute to our team.

The SSM is the system of banking supervision in Europe. It comprises the ECB and the national supervisory authorities of the participating countries.

The ECB is an inclusive employer and we strive to reflect the diversity of the population we serve. We encourage you to apply irrespective of age, disability, ethnicity, gender, gender identity, race, religious beliefs, sexual orientation or other characteristics.

Your role

As an Analyst working on IT risk inspections, you will:

contribute to IT risk on-site inspections (OSI), primarily at the premises of the significant institutions;
add to the technical knowledge within the team, building upon your current expertise and staying up to date with a wide range of new developments, in close contact with national supervisory authorities, joint supervisory teams and ECB horizontal functions;
provide deliverables, implement standards and contribute to the assessment of the risks faced by significant institutions and their adherence to regulatory requirements;
carry out activities to optimise, manage and integrate processes and tools to support the efficiency and effectiveness of OSIs in the SSM.

As an Analyst in the TLPT team, you will:

take an active part in overseeing the TLPT as Test Manager, working closely with the banks undergoing testing, the threat intelligence provider, the red team and all other stakeholders;
contribute to the internal TLPT processes of the SSM, such as identifying banks to be tested, planning the tests, liaising with the TLPT Cyber Teams, assisting in attestations and providing guidance to the joint supervisory teams for specific tests;
play an active role in the SSM TLPT community and the overall community implementing the European framework for threat intelligence-based ethical red-teaming (TIBER-EU).

These positions in DG/OMI offer excellent opportunities. Both the IT risk inspector and TLPT profile will allow you to contribute to a team which is results-focused and engages with others in a collaborative and constructive manner. They will require you to anticipate stakeholders’ needs within the increasingly important field of IT risk and cybersecurity. Moreover, the organisational combination of TLPT and on-site supervision within DG/OMI provides the potential to switch between these roles in the future.

The Directorate General fosters a supportive environment which prioritises employee well-being and a healthy work-life balance.

Qualifications, experience and skills

Essential:

a bachelor’s degree or equivalent in computer science, information systems, or another relevant field (see How you can join us for details on degree equivalences);
in addition to the above, a minimum of two years of relevant professional experience (including traineeships and internships) in the field of IT operations, IT audit, IT risk management or cybersecurity;
a high level of commitment and flexibility as well as the ability to work efficiently and effectively under pressure;
good drafting and presentation skills and the ability to prepare briefings in a clear and concise way for diverse audiences;
the ability to familiarise yourself quickly with new topics and willingness to continue learning;
very good IT skills and experience of using MS Office;
an advanced (C1) command of English and an intermediate (B1) command of at least one other official language of the EU, according to the Common European Framework of Reference for Languages.

Desired for the IT risk inspection profile:

a master’s degree, preferably in computer science, information systems, or another relevant field;
professional experience with IT system operations, management, IT audit and inspections;relevant professional qualifications such as Certified Information Systems Auditor;
a strong ability to use other EU languages for business purposes.

Desired for the TLPT profile:

a master’s degree, preferably in computer science, information systems, or another relevant field;
professional experience with IT security testing and/or red teaming and/or threat intelligence ;
relevant professional qualifications, such as Certified Information Systems Security Professional, Certified Information Security Manager or Certified in Risk and Information Systems Control;
a strong ability to use other EU languages for business purposes.

You engage collaboratively with others. You pursue team goals and learn willingly from other people’s diverse perspectives. You signal any need for change by explaining it and proposing alternative solutions. You analyse complex information effectively and can evaluate different views to arrive at solutions. You know and anticipate stakeholder needs. You are skilled at encouraging people to develop their abilities and can build up high-performing teams.

You are motivated to be part of our team and to develop and use your skills and competencies to achieve the aims of this position. You are aware of your strengths and areas for development and know what motivates you to perform at your highest level.

Working modalities

For the IT risk inspection profile, much of your time will be spent on-site at the premises of supervised banks. This requires a willingness and ability to travel for prolonged periods.

For the TLPT profile most of the work will be performed at the ECB’s premises, but this role requires a willingness to work on-site at the premises of supervised banks for limited periods of time (e.g. for meetings at the start and end of TLPT).

Hybrid approaches, alternating between working on-site at banks and remotely, are an integral part of our supervisory culture and compatible with the needs of the on-site activities.

A role in European banking supervision means working in multinational and multicultural teams and operating within different national frameworks.

Further information

These contracts may be converted into permanent contracts after three years subject to individual performance and organisational needs.

For additional information on this specific vacancy, you can speak to the hiring manager, Normunds Timbars, on +49 (0)69 1344 4989 between 10:00 and 12:00 on Thursday, 30 October.

Application and selection process

The recruitment process for this position will be conducted remotely. It will include a written exercise, a presentation and an interview.

If you are not selected for this position but are still considered suitable, you will be placed on a reserve list (see step 4 of How we hire), from which you might be considered for similar positions within the ECB.

Find out how to apply for a position at the ECB.