The EIB, the European Union's bank, is seeking to recruit for its Risk Management Directorate – Coordination Risk Division – Operational Risk Unit – at its headquarters in Luxembourg, a (Senior) Information Security Officer (*). This is a full time position at grade 5/6.

The term of the contract will be 4 years

Panel interviews are anticipated for mid-May 2021

The EIB offers fixed-term contracts of up to a maximum of 6 years, according to business needs, with a possibility to convert to a permanent contract, subject to organisational requirements and individual performance. 

 (*) internal benchmark: (Senior) Officer

Purpose 

Coordinate Information Security-related risk assessments, and other relevant measures, in order to prevent and mitigate the impact of Information Security incidents. Work in close collaboration with the relevant Services of the Bank for the integration of Information Security into the policies, procedures and processes of the Bank

Operating Network

Responsibility for relevant 2nd Line of Defence matters has been centralised within the Risk Management Directorate in an Information Security Office.

Reporting to the Head of Operational Risk Unit (OPR), you will work in close cooperation with the wider Operational Risk team and in collaboration with Compliance, the EIB Inspector General's Office (IG) and other relevant services as required for the investigation and escalation of events arising from non-compliance with relevant Information Security policies. You will also work with IT, Facilities Management, Business Continuity and all Directorates of the Bank for the implementation of agreed Information Security measures. Externally, you will interacts with other (IT) security related professionals.

Accountabilities

• Drive the implementation of an Information Security Management System (ISMS) consistent with the imposed requirements and/or regulations. Your tasks will include: 
  • Develop and implement the Bank's Information Security-related policies, update and prepare gap analysis of standards and procedures, according to BBP (Best Banking Practice) and in close cooperation with IT Security, the Document Management Office, Facilities Management, Data Protection and other EIB Group services, whenever required
  • Develop, improve and review the implementation of, inter-alia, the Bank's Information Security Policy, Information Classification Policy, Cloud Security Policy, Logical Access Control Policy and Acceptable Use Policy 
  • Proactively formulate proposals for the integration of information management security into the Bank's policies
  • Gather information on industry developments through external contacts with security-related professional bodies and experts
  • Ensure close collaboration with your peers at the European Investment Fund (EIF)
  • Undertake risk assessments, on an ad-hoc basis, on the business
• Lead the implementation and monitoring of the risk assessment process of the Bank. Provide key risk indicators and associated dashboard on information management risk assessments and the implementation of consequent Information Security measures and controls, in collaboration with other relevant Services of the Bank
• Coordinate, supervise and/or execute key processes related to Information Security policies, in order to ensure successful implementation, maintenance and continuous improvement of an Information Security Management System; this may include: 
  • Provide expert advice on Information Security Risk matters to the Business Owners 
  • Oversee the implementation of agreed information security controls in the Bank
  • Work in close collaboration with IT, Buildings & Logistics, Corporate Information and Processes, and Information Management for the development of a work plan and agreed actions for the protection of EIB information assets and the confidentiality, integrity and availability of EIB documents and data
• Provide clear Information Security Incident Management response, reporting and escalation procedures to the relevant management or governing authority
• Raise awareness of Information Security responsibilities and actions amongst Bank personnel (both permanent staff and consultants/contractors) through training and communication programmes
• Support Operational Risk activities related to ICT Risks

Qualifications

• University level education, preferably complemented with relevant post-graduate studies in field of Risk Management, IT or Information Management/Security, The CISA certification would be considered an asset
• Significant experience in a relevant field, with a minimum of 5 years in Information Security (policy) implementation and/or Information Security audit, preferably in a financial services domain. Relevant experience would include:
  • Information Security Policy implementation and maintenance 
  • Incident and/or crisis management response procedures
  • Investigation and response management 
  • Development and implementation of monitoring, performance and reporting metrics 
• Demonstrable ability to report to senior management teams. Knowledge sharing skills, including presentation, drafting of documentation
• Knowledge of ISO/IEC27001/2013, BBP standards, and of the principles and techniques of Information Security risk analysis and assessment
• Programme and project management skills would be an asset
• IT Audit experience would be preferred
• Excellent knowledge of standard Microsoft desktop tools (particularly Windows, MS Office, Web browsers, Adobe, etc.)
• Excellent knowledge of English and/or French (*), with a good command of the other. Knowledge of other European Union languages would be an advantage

Interested?

Apply via the "apply" button!

Competencies

Find out more about EIB core competencies here

(*) There may be certain flexibility on this requirement, but limited to particularly suitable candidates who may not yet be proficient in French. If selected, such candidates will be hired on the condition that they build up rapidly knowledge of French and accept that their future career in the EIB may be subject to the attainment of sufficient proficiency in both of the Bank's working languages

We are an equal opportunity employer, who believes that diversity is good for our people and our business. As such, we promote the inclusion of suitably qualified and experienced staff without regard to their gender, age, racial or ethnic origin, religion or beliefs, sexual orientation/identity, or disability (**).

(**) We particularly welcome applications from women and persons with disabilities.

By applying for this position, you acknowledge the importance of maintaining the security and integrity of the Information of the EIB Group. In case of selection for the position you agree to comply with all measures (policies, controls, document classification and management) implemented by the EIB Group to prevent unauthorised disclosure of any information or any damage to the EIB Group reputation.

Deadline for applications: 24th April 2021 

#LI-POST