The European Investment Fund (EIF), is seeking to recruit for its Risk Management Department - Corporate Risk Division - Regulation, Data Processing and Risk Reporting Unit (RDR), at its headquarters in Luxembourg, a
(Senior) Information Security Officer
Appointment will be made on the basis of a fixed term contract of three (3) years.
The successful candidate will fulfil the requirement for the EIF to introduce the role of Information Security Officer, staying abreast of best market practices, including applicable ISO standards and possibly EU guidelines relevant for the EIF, operating at EIB Group level according to the EIB Group’s IT Security Policy, Information Security Policy (ISP) and within the Cyber Security strategy defined. The selected candidate is expected to actively contribute to the set-up of a second line of defence in IT security matters within EIF under the EIF Risk Management’s responsibility.
The (Senior) Information Security Officer reports to the Head of Corporate Risk Division and works under the guidance of the Head of the RDR Unit. S/he will collaborate closely with RM colleagues, EIF services, other relevant services at the EIB and external counterparts. S/he will need to establish, in particular, a close and systematic cooperation with the EIF DPO and the Operational Risk Management at EIF.
- Manage EIF’s integration into the EIB Group’s IT Security Policy, Information Security Policy (ISP) and the Cyber Security strategy defined at EIB Group level. Assess any EIF decisions on IT matters against applicable Best Market Practices, including applicable regulatory recommendations on outsourcing to cloud service providers;
- Initiate and coordinate internal activities for the purpose of assessment of new or updated Information Security and/or IT rules, standards, best market practices which might be relevant to EIF business activities;
- Take an active part in the tasks linked to EIF‘s participation in the EIB Group’s Information Security Committee (ISEC), contributing to any areas relevant for the EIF for new or updated rules, standards, best market practices;
- Initiate and coordinate internal activities, in the context of a second line of defence for the purpose of assessment of new or updated IT rules, standards, best market practices which might be relevant to EIF business activities;
- Follow-up with Internal Audit on Agreed Action Points within her/his role as second line of defence;
- In close collaboration with other EIB/EIF services, ensure that accepted new rules, Best Market Practices in the field of Information Security / IT Security are included in the relevant internal documentation;
- Establish, maintain and manage adequate second line of defence controls on the on-going implementation of relevant Group policies and/or regulatory requirements. This involves the development of models and the management of regular testing including on the basis of applicable industry standards and practices;
- Provide specific advice and recommendations on Information and/or IT Security in the context of a second line of defence control;
- Co-ordinate an awareness program on Information and IT Security throughout the organisation;
- Contribute to the development of a data governance and data management framework for the EIF, including drafting any relevant internal guidelines, policies and procedures.
- University degree, preferably at post-graduate level, in Information Security, Information Technology or related disciplines. Additional professional qualifications would be considered an asset;
- At least seven (7) years’ relevant professional experience in Information Security and/or IT Security and/or in Network and Telecommunications preferably in a financial institution and/or international organisation;
- A thorough understanding of banking/insurance and financial products – among which those used in typical EIF business areas, would be a considerable asset;
- Well-developed IT skills with specific knowledge of new technologies, including cloud technologies, artificial intelligence and encryption;
- In-depth knowledge of IT related risk Management and control processes and the required technologies and tools;
- In-depth knowledge of regulatory requirements in the field of information technologies and, specifically, with regard to the financial sector;
- Experience in the management of projects;
- Excellent English, both oral and written. Knowledge of other EU languages would be desirable.
- Co-operative approach within the organisation, and accountable for own responsibilities;
- Work autonomously while being a good team player;
- Strong commitment in achieving results and objectives ensuring a prompt personal contribution;
- Very good communication skills both verbal and written as well as proficiency in drafting, summarising and presenting information;
- Capacity to plan and organise his/her own work with strong problem solving attitude;
- Ethical standards of honesty and trustworthiness;
- Sense of initiative and creativity;
- Stress resistance, ability to deliver quality work under tight deadlines;
- Good analytical skills with the capacity to provide sound judgment concerning his/her area of responsibility.
Deadline for applications: 26th July 2018
* Due to high volume of applications, only candidates selected for interviews will be contacted.