Application closing date: 25 April 2018
The European Banking Authority is seeking a suitable candidate for the position of Security Expert reporting to the Director of Operations Department, collaborating with and supporting all other units in ensuring the organization’s personnel, assets and premises are adequately protected against security threats. In particular, the Security Expert will ensure that all data, information systems and assets are protected against cyber risks in the digital ecosystem in which EBA operates. The Security Expert will also contribute to the advancement of the EBA’s objectives in the EU and other international fora and will represent the EBA externally at a technical level in his/her area of expertise.
Establish and maintain the information security program to ensure that information assets and associated technology, applications, systems, equipment, infrastructure and processes are adequately protected against threats. Define and own the security processes and controls embedded in the operational processes and controls. Define and execute the appropriate second line assurance activities to monitor, control, report and manage all information security related activities and events. Lead the Information Security practice, driving awareness, providing training, collaborating with colleagues and units at all levels to support cyber-safe advancement of Business Objectives.
- Develop, implement and maintain EBA’s Information Security Framework in accordance with the European Commission Security Framework and information security best practices;
- Facilitate an Information Security Governance structure that enables the EBA Senior Stakeholders to be informed on key Enterprise Information Security Risks, approve and review Information Security Book of Work;
- Perform IS risk assessments, inspections and audits on technology assets, solutions, systems and processes holding, storing or processing EBA data, including Vendors and Partners and their interfaces and contracts. Own and lead the Information Security Incident Response for the Agency;
- Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences;
- Advise management and staff on IS-related matters;
- Contribute, maintain and lead the execution of the Business Continuity Plan of EBA;
- Contribute and lead the development and execution of Policies and Systems for Records and Documents Management;
- Liaise with relevant national and EU security authorities and services on matters related to the security of the Agency;
- Perform any other tasks as required.
To be considered eligible, candidates must satisfy all the criteria listed below, by the deadline for submitting applications.
- Be a national of a Member State of the European Union, or a national of the European Economic Area (Iceland, Liechtenstein, Norway);
- Be entitled to his/her full rights as a citizen;
- Have fulfilled any obligations imposed by the applicable laws on military service;
- Have a thorough knowledge of one of the official languages of the European Union5 and a satisfactory knowledge of another language of the European Union;
- Be physically fit to perform the duties linked to the post.
To be eligible, a candidate must have
a) A level of education, which corresponds to completed university studies attested by a diploma when the normal period of university education is at least three years,
b) A level of education, which corresponds to completed university studies attested by a diploma when the normal period of university education is four years or more.
1.2.2 Professional experience
To qualify for the position a candidate must have at least 7 years (on the basis of 1.2.1 a)), or at least 6 years (on the basis of 1.2.1 b)) of relevant proven fulltime professional experience after completing the education as mentioned above of which at least 5 years of experience in Information Security in a banking environment or in an European, National or Governmental institution.
1.2.3 Knowledge of languages
For working purposes, as English is the working language of the EBA, an excellent knowledge of the English language, both written and spoken, is required.