The EIB, the European Union's bank, is seeking to recruit for its Risk Management Directorate (RM) – Operational Risk Unit (OPR), at its headquarters inLuxembourg, an:
Information Security Analyst
This is a full time position at EIB grade 4/5
The term of the contract will be 4 years
Panel interviews are anticipated during the first half of July 2019
The EIB has centralised its 2nd Line of Defence within the Risk Management Directorate, in an Information Security Office, with joint responsibility of the 1st and 2ndLines of Defence.
You will contribute to the coordination of Information Security-related risk assessments and other relevant measures in order to prevent and mitigate the impact of Information Security incidents.
You will work in close collaboration with the relevant Services of the Bank to integrate information security into our policies, procedures and processes. Reporting to the Head of OPR Unit, you will work in collaboration with the Office of the Chief Compliance Officer (OCCO), our Inspector General’s Office (IG) and other relevant services as required for the investigation and escalation of events arising from non-compliance with the information security policies. You will also enjoy close interaction with IT, Facilities Management, and Business Continuity, as well as all concerned Directorates of the Bank for the implementation of agreed information security measures. Externally, you will interact with security related professionals.
- Contribute to the implementation of an Information Security Management System (ISMS) consistent with the imposed requirements and/or regulations; this will include:
- Maintaining the Bank’s information security-related policies, standards and procedures, in close cooperation with IT Security, the Document Management Office, Facilities Management, Data Protection and other EIB services whenever required;
- Maintaining, updating and reviewing the implementation of, inter-alia, the Bank’s Information Security Policy, Information Classification Policy and Acceptable Use Policy
- Indicating possibilities for the integration of information management security into the Bank’s policies
- Gathering information on industry developments through external contacts with security-related professional bodies and experts
- Ensuring close collaboration with your peer at the European Investment Fund (EIF).
- Contribute to the implementation and monitoring of the risk assessment process of the Bank. Provide key risk indicators and associated dashboard on the information management risk assessments and the implementation of consequent information security measures and controls in collaboration with other relevant services of the Bank
- Execute key processes related to Information Security policies, in order to ensure successful implementation, maintenance and continuous improvement of an Information Security Management System; this may include:
- Supporting Business Owners in carrying out information security risk assessments
- Monitoring the implementation of agreed information security controls in the Bank
- Working in close collaboration with other services for the development of a work plan and agreed actions for the protection of EIB information assets and the confidentiality, integrity and availability of EIB documents and data
- Acting as a key interlocutor with Internal and external auditors
- Providing clear Information Security Incident/Crisis Management response, reporting and escalation procedures to the relevant management or governing authority
- Coordinating, developing and monitoring of cybersecurity incident response plan
- Supporting awareness-raising of Information Security responsibilities and actions amongst Bank personnel (both permanent staff and consultants/contractors) through training and communication programmes
- University level education, preferably in a relevant subject and complemented with post-graduate studies in field of risk management, IT or information management
- Minimum 3 years relevant experience in information security implementation and/or information security audit, preferably in a financial services domain. Relevant experience would include:
- Information Security Policy implementation and maintenance
- Incident management and/or crisis management response procedures
- Investigation and response management
- Implementation of monitoring, performance and reporting metric
- .Knowledge of ISO/IEC27001/2013 standards and principles and techniques of information security risk analysis and assessment
- Programme and project management skills would be an asset
- Knowledge sharing skills, including for presentations and the drafting of documentation. Ability to report to senior management teams
- Excellent knowledge of standard Microsoft desktop tools (particularly Windows, MS Office, Web browsers, Adobe, etc.)
- Excellent knowledge of English and/or French, with a good command of the other (*). Knowledge of other EU languages would be an asset.
- Achievement Drive: Continually keeps an eye on performance, focusing on improving it, showing drive and determination to meet short and long-term goals.
- Change Orientation: Adapts to differences and changes in the environment; takes a flexible approach to reach outcomes.
- Collaboration: Works cooperatively as part of a team; works collaboratively with peers across organisational boundaries based on a genuine interest in and an accurate understanding of others and their individual perspectives and concerns.
- Organisational Commitment: Is willing to commit to an organisation whose mission is to support Europe and is open to diversity, and to align her/his own behaviour with the organisation’s needs and intrinsic values, acting with integrity in ways that promote the organisation’s mission, policies and rules.
(*) There may be certain flexibility on this requirement, but limited to particularly suitable candidates who may not yet be proficient in French. If selected, such candidates will be hired on the condition that they build up rapidly knowledge of French and accept that their future career in the EIB may be subject to the attainment of sufficient proficiency in both of the Bank's working languages
We are an equal opportunity employer, who believes that diversity is good for our people and our business. As such, we promote the inclusion of suitably qualified and experienced staff without regard to their gender, age, racial or ethnic origin, religion or beliefs, sexual orientation/identity, or disability (*).
The level of functions in the job vacancy is only indicative and will be adjusted taking into account, among other things, the business need, as well as the selected candidate’s experience and expertise
Deadline for applications: 15th June 2019
(*). We particularly welcome applications from women and persons with disabilities.