Auditors/analysts – “off-site” ICT risk supervision (m/f)


As part of a specialised team, you will be in charge of analysing risk management measures related to information and communication technology (ICT) as part of the review of application files and of the supervision of financial entities. You may participate to transversal thematic analyses and/or to working groups dedicated to technical or regulatory aspects in this area.

Role & responsibilities

  • Analyse the sections relating to ICT organisation and ICT risk management in application files for authorisation of future professionals of the financial sector
  • Analyse the outsourcing/use of ICT third party service provider notifications or authorisation requests of entities supervised by the CSSF
  • Provide expertise and support to other supervisory departments in assessing the compliance of supervised entities with the Digital Operational Resilience Act (DORA)
  • Provide various types of advice to other supervisory departments (advice on supervised entities’ IT strategy, their digital transformation, findings raised by their internal or external IT auditors, etc.)
  • Contribute to technological and regulatory watch in relation with new technologies and digitalization
  • Participate in transversal analyses on topics related to ICT risk management
  • Participate to national and international working groups dedicated to ICT and ICT risk supervision

Your profile

  • University degree (at least BAC+3/Bachelor) in information systems audit, or in IT security with a specialization in finance, or in economics, finance or business management with an ICT specialization
  • Proven professional experience of at least 3 years in either the field of information systems auditing or in ICT risk management
  • Perfect command of written and spoken English. Fluency in French and/or German. Knowledge of Luxembourgish will be considered as an advantage
  • Commitment to be available for business trips abroad
  • Excellent knowledge of the CSSF circulars notably relating to ICT risk management and to ICT outsourcing
  • Knowledge of European regulation in this area (i.e. DORA, PSD2, eIDAS, NIS, etc.) and interest in new technologies and digital solutions (cloud computing, DLT, AI, virtual currencies/crypto assets, open banking/finance, etc.) constitute an advantage
  • CISA, CISM, CISSP or equivalent certifications are an asset
  • Writing, analytical, synthesis skills and thoroughness
  • Proactivity and flexibility; ability to work independently as well as good team spirit
  • Communication skills
  • Confidentiality

The successful candidate (m/f) will be hired as public employee (“employé de l’Etat”) under a permanent contract. If the candidate meets the required conditions, s/he will be asked to apply for admission to the status of civil servant (“fonctionnaire de l’Etat”).

Prior to the conclusion of the contract, the candidate must submit an extract from the criminal record (bulletin n°3), dated less than 2 months, in order to prove their conduct and integrity.

Apply now

* Required fields