Search the Community

https://vacanciesnew.eda.europa.eu/vacanciesnotice/580 Directorate: Management Team Vacancy title: Chief Information Security Officer (CISO) Contract type: Temporary agent Group: N.A. Grade: AD10 Indicative starting date: 01/04/2020 Level of Security Clearance: SECRET UE/EU SECRET Management of staff: N.A. Location: Brussels Closing date for applications 17/12/2019 1. BACKGROUND The European Defence Agency was established on 12 July 2004, and is governed by Council Decision (CFSP) 2015/1835 defining the statute, seat and operational rules of the European Defence Agency. The Agency has its headquarters in Brussels. The main task of EDA is to support the Council and the Member States in their effort to improve the Union's defence capabilities in the field of crisis management and to sustain the Common Security and Defence Policy (CSDP) as it currently stands and as it develops in the future. The Agency is structured into four directorates. Three operational directorates: Industry, Synergies and Enablers (ISE); Capability, Armament & Planning (CAP); Research, Technology and Innovation (RTI) and the Corporate Services Directorate (CSD). 2. THE AGENCY'S WAY OF WORKING The Agency is an “outward-facing” organisation, constantly interacting with its shareholders, the participating Member States, as well as with a wide range of stakeholders. It works in an integrated way, with multi-disciplinary teams representing all of the Agency’s functional areas, to realise its objectives. Its business processes are flexible and oriented towards achieving results. Staff at all levels need to demonstrate the corresponding qualities of commitment, flexibility, innovation, and team-working; to work effectively with shareholders and stakeholder groups, formal and informal; and to operate without the need for detailed direction. 3. THE MANAGEMENT TEAM The Management Team consists of the Chief Executive (CE), the Deputy Chief Executive (DCE) and the four Directors and is supported by the Policy and Planning Unit and the Media and Communication Unit. 4. DUTIES The European Defence Agency (EDA) is preparing to build and deploy Communication and Information systems (CIS) for the processing of EU unclassified and classified information (EUCI). These systems will be operated and used by EDA in Brussels but will have connections with other unclassified and classified networks operated by EU institutions and by government organisations in EU member states. The project covers all aspects of the implementation, ranging from IT-related activities (such as procurement process, architecture design, vendor management, quality management) to formal accreditation processes, physical security arrangements, document security measures, organisational adjustments, training and awareness activities etc. In order to modernize its handling of information not only from a technical perspective, but also from a policy and process angle, EDA is selecting a Chief Information security Officer to lead the transformation of the organization in all areas related to information security. Reporting directly to the Chief Executive/Deputy Chief Executive, but largely on his own initiative and in close cooperation with the Head of IT and the Head of Security, the CISO will have the following responsibilities: Refine, update and lead the implementation of EDA’s information security policy, considering existing policies and procedures in place for the following layers: personnel security, physical security, security of information, industrial security, exchange of information with third states or international organisations; Define and lead the implementation of EDA’s information security policy, in accordance with other EU-wide policies; Implement and lead appropriate processes to ensure a continuous risk assessment / risk evaluation for information security as mandated by EU Policy for EUCI handling; Oversee classification / declassification of information between security domains, following appropriate policies; Define and lead the implementation of EUCI security management instructions, and establish appropriate monitoring processes, in accordance with the risk management process; EUCI Security lifecycle management; Refine and lead the implementation of effective business continuity / disaster recovery procedures following appropriate EUCI policies; Refine and lead the implementation of effective information security incident management procedures following appropriate EUCI policies; Oversee and lead project management activities on EUCI-related CIS projects; Act as the Agency reference point for all activities related to EUCI handling both internally and externally, i.e. liaise with counterparts in other EU institutions (in particular the EU Council, identified as the Security Accreditation Authority for any information security system in EDA) and member states. Duties may evolve according to development of the EDA’s structure and activities, and the decisions of EDA management. 5. QUALIFICATIONS AND EXPERIENCE REQUIRED a. Conditions for eligibility General be a national of a Member State participating in the Agency; be entitled to his/her full rights as a citizen; have fulfilled any obligations imposed on him/her by the laws concerning military service; produce the appropriate character references as to his/her suitability for the performance of his/her duties; be physically fit to perform his/her duties; have a thorough knowledge of one of the languages of the participating Member States and a satisfactory knowledge of another of these languages to the extent necessary to discharge his/her duties; have no personal interest (financial, family relationship, or other) which could be in conflict with disinterested discharge of his/her duties within the Agency; hold, or be in a position to obtain, a valid Personnel Security Clearance Certificate (national or EU PSC at SECRET UE/EU SECRET level). Personnel Security Clearance Certificate (PSCC) means a certificate issued by a competent authority establishing that an individual is security cleared and holds a valid national or EU PSC, and which shows the level of EUCI to which that individual may be granted access (SECRET UE/EU SECRET), the date of validity of the relevant PSC and the date of expiry of the certificate itself; have a level of education which corresponds to completed university studies attested by a diploma when the normal period of university education is four years or more, or a level of education which corresponds to completed university studies attested by a diploma and appropriate professional experience of at least one year when the normal period of university education is at least three years or be a graduate of a national or international Defence College. Only diplomas that have been awarded in EU Member States or that are the subject of equivalence certificates issued by the authorities in the said Member States shall be taken into consideration. In the latter case, the authority authorised to conclude contracts of employment reserves the right to request proof of such equivalence. b. Essential selection criteria (1) Professional The candidate will be required to demonstrate that he/she has: a consistent track record of successful project delivery in a military or civilian organisation handling classified and unclassified information on a daily basis; a minimum of 10 years of experience in Information Security, in roles of growing responsibility; a minimum of 5 years of experience leading information security teams in medium to large organisations dealing with responsibilities similar to the ones detailed above; a deep understanding of the role of Information Security policy in large organisations; one or more formal certifications in Information Security, such as CISSP (Certified Information Systems Security Professional); detailed knowledge of a formal project management methodology (PMI or PM2 are preferred); detailed knowledge or certified knowledge of information systems governance frameworks (such as COBIT5/COBIT2019, CGEIT) and functions; extensive experience with organisational change management and business transformation in large organisations or military organisations; very good knowledge of ICT and Cyber-security markets structure, challenges, players and state-of-the-art; good understanding of IT systems architectures, security implications, classified systems accreditation process; a very good knowledge of written and spoken English. (2) Personal All staff must be able to fit into the Agency's way of working (see para. 2). Other attributes important for this post include: excellent people networking skills, capable of identifying and establishing successful relationships with key stakeholders and decision-makers; proven ability to establish effective relations at CxO level with senior decision-makers, from both civilian and military environments; excellent communication and presentational skills, both written and oral; ability to work independently and collaboratively; ability to work effectively in a multicultural environment; proven ability to present complex information in an easily understandable way, communicating in plain English and avoiding unnecessary jargon; flexibility and innovativeness; a genuine commitment to the Agency's objectives. c. Desirable The following will be considered an advantage: experience with EUCI handling environments in an international/defence environment; experience with defining, implementing and monitoring Information Security policies in large organisations; experience with managing large Projects with strong impact on the core mission of the organisation; experience with implementation of ICT systems for classified information handling, either at national or international scale; experience with multicultural, multinational environments; experience with ICT systems lifecycle management; hold a valid Personnel Security Clearance Certificate (national or EU PSC at SECRET UE/EU SECRET level). 6. INDEPENDENCE AND DECLARATION OF INTEREST The Chief Information Security Officer (CISO) will be required to make a declaration of commitment to act independently in the Agency’s interest and to make a declaration in relation to interests that might be considered prejudicial to his/her independence. 7. APPOINTMENT AND CONDITIONS OF EMPLOYMENT Recruitment will be subject to approval of the 2020 staff establishment plan by the Agency's Steering Board. The Chief Information Security Officer (CISO) will be appointed by the Chief Executive. Recruitment will be as a member of the temporary staff of the Agency for a four-year period. Renewal is possible within the limits set out in the EDA Staff Regulations. The successful candidate will be recruited as Temporary Agent, grade AD10. The pay for this position consists of a basic salary of 8.876,57€ supplemented with various allowances, including as applicable expatriation or family allowances. The successful candidate will be graded on entry into service according to the length of his/her professional experience. Salaries are exempted from national tax, instead an Agency tax at source is paid. For further information on working conditions please refer to: https://eda.europa.eu/jobs/what-we-offer Failure to obtain the requisite security clearance certificate before the expiration of the probationary period may be cause for termination of the contract. Candidates are advised that part of the recruitment process includes medical analyses and physical check-up with the Agency’s Medical Adviser. Applications are invited with a view to establishing a reserve list for the post of Chief Information Security Officer (CISO) at the EDA. This list is valid until 31/12/2021, and may be extended by decision of the Chief Executive. During the validity of the reserve list, successful candidates may be offered a post in the EDA according to their competences in relation to the specific requirements of the vacant post. Inclusion on the reserve list does not imply any entitlement of employment in the Agency. 8. EQUAL OPPORTUNITIES The EDA is an equal opportunities employer and accepts applications without distinction on the grounds of age, race, political, philosophical or religious conviction, sex or sexual orientation and regardless of disabilities, marital status or family situation. 9. APPLICATION PROCEDURE Candidates must submit their application electronically solely via the EDA website. Applications by any other means (hard copy or ordinary e-mail) will not be accepted. Applications must be submitted no later than midnight. Candidates are reminded that the on-line application system will not accept applications after midnight (Brussels time, GMT+1) on the date of the deadline. When applying, candidates from Ministries of Defence or other governmental entities are encouraged to inform their national administration. A selection panel will be appointed. Please note that the selection panel's internal proceedings are strictly confidential and that any contact with its members is forbidden. Each application will be screened based on the requirements of the job profile stated in the vacancy notice. The most suitable applicants will be called for an interview and a written test. If recruited, you will be requested to supply documentary evidence in support of the statements that you make for this application. Do not send any supporting or supplementary information until you have been asked to do so by the Agency. Please note that once you have created your EDA profile, any correspondence regarding your application must be sent or received via your EDA profile. For any prior enquiry, please refer to the FAQ (Frequently asked questions) section, or send an e-mail to [email protected]. 10. DATA PROTECTION Please note that EDA will not return applications to candidates. The personal information EDA requests from candidates will be processed in line with Regulation (EU) N° 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) 45/2001 and Decision No. 1247/2002/EC. The purpose of processing personal data which candidates submit is to manage applications in view of possible pre-selection and recruitment at EDA. More information on personal data protection in relation to selection and recruitment can be found on the EDA website: http://www.eda.europa.eu/jobs/dataprotection

https://vacancies.eda.europa.eu/Notice.aspx?IDVano=377 Closing date for applications 3 June 2016

https://vacancies.eda.europa.eu/Notice.aspx?IDVano=377 Closing date for applications 3 June 2016

https://vacancies.eda.europa.eu/Notice.aspx?IDVano=373 Closing date for applications 13 May 2016