This position is based at our Luxembourg headquarters and requires regular office presence. This position is based at our Luxembourg headquarters and requires regular office presence. The EIB offers you the opportunity to live and work in a truly international and multi-cultural environment. We also offer relocation support.
The EIB, the European Union's bank, is seeking to recruit for its Group Corporate Services Directorate (GCS), Group Digital Office (GDO), Cybersecurity Division (CD), IT Security Unit (SEC) at its headquarters in Luxembourg, a (Senior) Cyber Security and Resilience Engineer*. This is a full-time position at grade 5/6 for which the EIB offers a permanent contract.
*internal benchmark (Senior) Engineer IT Technology & Infrastructure
Panel interviews are anticipated for August 2024.
Purpose
This role is in the first line of the three lines of defence model, aiming to strengthen the EIBโs Cyber Resilience Management program. As a first line of defence function, you will be responsible for developing and implementing Cyber Resiliency measures at the EIB as well as partnering with assurance functions within the EIB on its Cyber Resilience management program.
In this role you will be expected to demonstrate your deep technical knowledge in deploying and managing state-of-the-art cyber resilience controls to protect the EIB network from insider and external attacks.
Operating Network
You will directly report to Head of IT Security Unit. The IT Security Unit is responsible for technical security matters for on premise hosted systems. However, cloud aspects will be considered to address cyber resilience related risks.
In this role, you will have regular contact with colleagues in other Directorates, notably with the IT Security Unit, IT internal and external staff and Internal Audit. You will also work with the EIBโs second line of defence team members in the EIBโs Risk Management Directorate and the internal control assessment teams in the EIBโs Financial Control Directorate. In addition, you will work closely with the business continuity team and have contact with external vendors and/or partners providing security equipment, software or security services to the EIB and with IT Security Engineers & Officers from peer institutions as well as with the CERT-EU and local security authorities.
Accountabilities
Contribute to the definition of the EIBโs IT Security strategy and policies for IT cyber resilience Participate in strategic and tactical planning to mature the EIBโs Cyber Resiliency posture program Develop EIBโs Cyber Resiliency program elements in order to ensure that IT security policies, procedures and initiatives are properly designed and implementedPartner with the first line of defence technology teams as well as 2nd line of defence partners to ensure sufficient alignment exists between program elements and drive improvements within the control environment with other risk oversight functionsDevelop Cyber Resiliency controls within the EIBโs Internal Control Framework by ensuring technology owners are properly assessing cyber resilience risk in their environments, identifying breaks in the effectiveness of their Cyber Resiliency controls, and mitigating discovered gapsLead development of detailed high availability and disaster recovery architectures for applications and systems in environments with multiple data centres, cloud-based solutions, and technology platforms.Partner with other risk oversight functions to drive improvements within the control environmentProvide regularly-scheduled and ad-hoc reports for management and risk committees regarding status of risk treatment activities including producing risk appetite metrics and key risk indicatorsProvide specific advice and recommendations on IT Security โcyber resilienceโ topicsParticipate in special initiatives that can go beyond the strict boundaries of own domain and that have a specific scope and timing, in order to ensure the realisation of the initiative within the set scope, time and budget When an incident occurs, help the Bank recover effectively from business continuity incidents, in liaison with Business Continuity correspondents and the Crisis Management TeamQualifications
University degree (minimum an equivalent to a Bachelor) preferably in in computer science, audit, finance or accounting. Relevant post-graduate studies in field of IT risk management, IT or information management would be considered as a strong advantageProfessional qualifications as an IT risk and control professional or IT auditor (e.g. CISA, CISM, CISSP) would be an advantageMinimum 5 years of relevant professional experience such as an operational security engineer with practical experience in key technical areas as outlined below. At least 2 years of practical experience in cyber resilience operations Good knowledge of best industry practices (e.g. ISO 27000 series of standards, knowledge of the NIST Cybersecurity Framework is considered an asset) and regulatory requirements in the area of cyber resilience (e.g. ECB CROE, EBA Guidelines)Good knowledge of data protection and recovery methods in the context of cyber resilienceGood knowledge of general IT security topics and controls (security architecture and standards, vulnerabilities management and mitigation technics in particular those associated to Internet exposed systems and applications)Advanced knowledge and interest in cyber threat landscape, malware and hacking techniquesExperience with project management techniques, progress tracking tools and reporting Excellent knowledge of English and/or French (**), with a good command of the other. Knowledge of other EU languages would be an advantage.Competencies
Find out more about EIB core competencies here
(**) Unless stated explicitly as a required qualification, a good command of French is not a pre-requisite for hire. As both English and French are however official working languages of the EIB, proficiency in both languages is a pre-requisite for your future career development. Any language clause in your contract must be fulfilled in order for you to be eligible for a promotion (either via the annual appraisal cycle or via an internal selection process). Proficiency is understood to mean the attainment of level 5 of the Inter Institutional language courses, corresponding to B1.2 of the Common European Framework of Reference for Languages (CEFRL). The Bank offers appropriate training support.
We are an equal opportunities employer, who believes that diversity is good for our people and our business. We encourage all suitably qualified and eligible candidates to apply regardless of their gender identity/expression, age, racial, ethnic and cultural background, religion and beliefs, sexual orientation/identity, disability or neurodiversity.
Applicants with specific needs are encouraged to request reasonable accommodations at any stage during the recruitment process. Please contact the EIB Recruitment team Jobs@eib.org who will ensure that your request is handled.
By applying for this position, you acknowledge the importance of maintaining the security and integrity of the Information of the EIB Group. In case of selection for the position you agree to comply with all measures (policies, controls, document classification and management) implemented by the EIB Group to prevent unauthorised disclosure of any information or any damage to the EIB Group reputation.
Deadline for applications: This is an open campaign to consecutively fill open positions. The campaign will remain open until the position is filled. Applications will be reviewed in order of receipt.
#LI-POST