Jump to content

(Senior) Information Security Officer

Recommended Posts



The EIB, the European Union's bank, is seeking to recruit for its Corporate Services (CS) - Information Management and Procurement Department (IMP), at its headquarters in Luxembourg, a:


(Senior) Information Security Officer

This is a full time position at grade 5/6

The term of this contract will be 4 years


The EIB offers fixed-term contracts of up to a maximum of 6 years, according to business needs, with a possibility to convert to a permanent contract, subject to organisational requirements and individual performance.


Specific Post Environment and Purpose:

In the context of the development of an EIB Group Information Security Policy, aiming at preventing and mitigating the impact of Information Security incidents, the Senior Information Security Officer is responsible for the day-to-day oversight of Information Security at the EIB and coordination with the EIF.

The post holder will work in close collaboration with the relevant Services of the Bank for the integration of information security into the governance structures and policies, procedures and processes of the Bank as well as formulate and coordinate Information Security related risk assessments and other measures. 

Operating Network

The post holder will report to the Head of Information Management and Procurement Department and work in internally in collaboration with the Office of the Chief Compliance Officer (OCCO), Inspector General’s Office (IG) and other relevant services as required for the investigation and escalation of events arising from non-compliance with the information security policies. S/he will also work with IT, Facilities Management, Business Continuity and all Directorates of the Bank for the implementation of agreed information security measures. Externally, s/he will interact with security related professions and experts.


The Senior Information Security Officer will be responsible for:

  • Contributing to the definition of an Information Security Management System consistent with the requirements of ISO/IEC 27001:2013; this will include:
    • Developing and maintaining the Bank’s information security-related policies, standards and procedures, in close cooperation with the IT Security Officer, the Document Management Office, Facilities Management Security Officer, Data Protection Officer and other EIB staff whenever required;
    • Maintaining, updating and reviewing implementation of inter-alia the Bank’s Information Security Policy, Information Classification Policy and Acceptable Use Policy  
    • Proactively formulating proposals for the integration of information management security into the Bank’s governance structures and policies
    • Gathering information on industry developments through external contacts with security-related professional bodies and experts.
  • Overseeing and/or co-ordinating the undertaking of information management risk assessments and the implementation of consequent information security measures in collaboration with other relevant services of the Bank
  • Coordinating, supervising and/or executing key processes related to Information Security, in order to ensure successful implementation, maintenance and continuous improvement of an Information Security Management System; this may include:
  • Ensuring that information security risk assessments are undertaken at organisation wide level
  • Overseeing the implementation of agreed information security controls in the Bank
  • Managing external staff resources for the successful delivery of information security risk assessments and projects on time and according to business requirements
  • Working in close collaboration with various departments within EIB, such as IT and Buildings & Logistics, developing a work plan and agreed actions for the protection of EIB information assets and the confidentiality, integrity and availability of EIB documents and data
  • Providing clear Information Security Incident Management response, reporting and escalation procedures to the relevant management or governing authority
  • Raising awareness of Information Security responsibilities and actions amongst Bank personnel (both permanent staff and consultants/contractors) through training and communication programmes
  • Providing or ensuring the availability of specific advice and recommendation to CS Management and/or relevant governing authority


  • University level education, complemented with relevant post-graduate studies in field of risk management, IT or information management
  • Minimum 5 years relevant experience with proven track record of success in information security implementation, information security audit, preferably in a financial services domain.
  • At least 3 years’ experience in coordinating cross functional teams and proven track record of success.
  • Proven ability to report to senior management teams.

Key technical/professional knowledge and skills

  • Experience of Information Security Policy development and implementation
  • Knowledge of ISO/IEC27001/2013 standards
  • Knowledge principles and techniques of information security risk analysis and assessment
  • Programme and project management skills
  • Experience of incident management and/or crisis management response procedures
  • Experience of investigation and response management
  • Experience of developing and implementing monitoring, performance and reporting metrics
  • Knowledge sharing skills, including presentation and conducting workshops, drafting of documentation
  • Excellent knowledge of standard Microsoft desktop tools (particularly Windows, MS Office, Web browsers, Adobe, etc.)
  • Excellent verbal and written English and/or French language skills and a good command of the other(*)


  • Excellent communication and interpersonal skills; works effectively with all levels of management and has the ability to influence others and move toward a common vision or goal
  • Ability to innovate, adapt to rapidly evolving needs and to manage and implement change
  • Ability to provide direction by translating organisational objectives into team and individual actions
  • Ability to delegate responsibility and to guide, develop, coach and motivate team members
  • Sound judgement and ability to make critical decisions within time constraints
  • Strong customer service and solutions focus
  • Excellent organisational skills with ability to manage multiple priorities simultaneously
  • Excellent written and verbal communications skills with ability to clearly articulate messages to a variety of audiences

(*) There may be certain flexibility on this requirement, but limited to particularly suitable candidates who may not yet be proficient in one of the two languages. If selected, such candidates will be hired on the condition that they build up rapidly knowledge of the relevant language and accept that their future career in the EIB may be subject to the attainment of sufficient proficiency in both of the Bank’s working languages

Deadline for applications: 13th of November 2016

We believe that Diversity is good for our people and our business. We promote and value diversity and inclusion among our staff and candidates; irrespective of their gender, age, nationality, race, culture, education and experience, religious beliefs, sexual orientation or disability

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...