Associate Information Security Officer – based in Luxembourg
Join to apply for the Associate Information Security Officer – based in Luxembourg role at European Investment Bank (EIB)
Associate Information Security Officer – based in Luxembourg
1 day ago Be among the first 25 applicants
Join to apply for the Associate Information Security Officer – based in Luxembourg role at European Investment Bank (EIB)
Get AI-powered advice on this job and more exclusive features.
This position is based at our Luxembourg headquarters and requires regular office presence. The EIB offers you the opportunity to live and work in a truly international and multi-cultural environment. We also offer relocation support.
The EIB, the European Union's bank, is seeking to recruit for its Group Risk & Compliance Directorate (GR&C), Office of the Group Chief Compliance Officer (GR&C-OCCO), Group Non-Financial Risk Department (GNFR), Project Management and Information Security Division (PMI), Information Security Risk Unit (InfoSec) at its headquarters in Luxembourg, an Associate Information Security Officer.
This is a full-time position at grade 4 for which the EIB offers a permanent contract.
Purpose
We are seeking a skilled Associate Information Security Officer to join our team, focusing on the 2nd Line of Defence. In this role, you will be instrumental in safeguarding the bank’s assets by combining technical expertise with governance, risk management, and policy enforcement.
This position offers a unique opportunity to work in a complex and dynamic environment, where every day brings new challenges – from risk assessments and policy reviews to testing the resilience of our IT defences. You will coordinate and oversee Information Security risk management activities, driving a proactive approach to identifying, preventing, and mitigating security threats that could impact the organization.
Join us if you want to work at the intersection of cybersecurity, risk, and governance, while being part of a collaborative and driven team at the #EU_ClimateBank.
Operating Network
The 2nd Line of Defence has been centralized within the GR&C Directorate in an Information Security Risk Unit.
You will work in close collaboration with other colleagues in the Bank for the integration of information security into policies, procedures and processes. You will report to the Head of Information Security Risk Unit. Internally, you will work in collaboration with the Office of the Group Chief Compliance Officer (GR&C-OCCO), Inspector General’s Office (IG), and other relevant services as required for the investigation and escalation of events arising from non-compliance with the information security policies. You will also work with Group Corporate Services (GCS) and all Directorates of the Bank for the implementation of agreed information security measures. Externally, you will interact with security-related professions.
Accountabilities
Coordinate the implementation of an Information Security Management System (ISMS) consistent with the imposed requirements and/or regulations. This will include:
* Developing and maintaining the Bank’s information security-related policies, standards, and procedures, in close cooperation with IT Security, IPAQ (Information Protection, Access Control and Quality), Physical Security, Data Protection Office, and other EIB Group services whenever required.
* Overseeing and coordinating the implementation, review, and update of the Bank’s Information Security Policies framework.
* Proactively formulating proposals for the integration of information security into the Bank’s policies.
Ensure the undertaking, the lead implementation, and the monitoring of the risk assessment process of the Bank.
Coordinate the development of relevant key risk indicators and associated reporting dashboards and the implementation of consequent information security controls in collaboration with other relevant services of the Bank.
Coordinate, supervise, and/or execute key processes related to information security policies to ensure successful implementation, maintenance, and continuous improvement of an Information Security Management System. This may include:
* Supporting Business Owners in carrying out information security risk assessments.
* Monitoring the implementation of agreed information security controls in the Bank.
* Managing external staff resources for the successful delivery of information security risk assessments and projects on time and according to business requirements.
* Identifying and performing due diligence in line with EIB Group processes for the implementation of adequate tooling.
* Being a key interlocutor with Internal and external auditors.
* Being involved in Information Security Incident Management response.
* Coordinating Information Security Awareness Program actions amongst Bank personnel (both permanent staff and consultants/contractors) through training and communication programmes.
* Assessing relevant best banking practices on information security, defining compliance roadmaps, and reporting dashboards on compliance.
* Acting as 2nd Line of Defence for the information security processes in the 1st Line of Defence area by overseeing the risks and advising on measures to be taken to ensure compliance.
Qualifications
* University degree (minimum an equivalent to a Bachelor) ideally complemented with relevant post-graduate studies in risk management, IT, or information management.
* Minimum 3 years relevant experience in the area of information security, preferably in the financial sector.
* Experience supporting information security implementation, information security audits, preferably in a financial services domain.
* Ability to balance governance with a technical mindset, blending both to effectively challenge and support 1st line functions.
* Relevant certifications e.g., CISA, CISSP, CISM, GCIH would be an advantage.
* Experience with Cloud Service Providers would be an advantage.
* Proven understanding of the financial services sector and interdependencies linked to cybersecurity.
* Knowledge sharing skills, including presentation, drafting of documentation.
* Knowledge of ethical hacking techniques and understanding of how to test and validate defenses (hands-on experience or oversight) would be an asset.
* Excellent knowledge of English and/or French (**), with a good command of the other. Knowledge of other EU languages would be an advantage.
Competencies
Find out more about EIB core competencies here.
To find out more about our eligibility criteria, click here.
(**) Unless stated explicitly as a required qualification, a good command of French is not a pre-requisite for hire. As both English and French are official working languages of the EIB, proficiency in both languages is a pre-requisite for your future career development. Any language clause in your contract must be fulfilled to be eligible for a promotion (via the annual appraisal cycle or internal selection). Proficiency is understood as attaining level 5 of the Inter Institutional language courses, corresponding to B1.2 of the CEFRL. The Bank offers appropriate training support.
We hire and value talent with unique characteristics, creating a work environment where they can be themselves. We believe that Diversity, Equity, and Inclusion make us a performing and innovative organization. We encourage all suitably qualified and eligible candidates to apply regardless of gender identity/expression, age, racial, ethnic and cultural background, religion and beliefs, sexual orientation, disability, or neurodiversity.
We strongly invite applicants with a disability, neurodivergent profile, or chronic condition to request reasonable accommodations at any stage of the recruitment process. Please contact the EIB Recruitment team at Jobs@eib.org for assistance.
By applying for this position, you acknowledge the importance of maintaining the security and integrity of the EIB Group's information. In case of selection, you agree to comply with all policies, controls, and document management measures to prevent unauthorized disclosure or damage to the EIB Group’s reputation.
This is an open campaign to fill open positions. The campaign remains open until the position is filled. Applications will be reviewed in order of receipt.
#J-18808-Ljbffr