Internal control – Domain Information Security (m/f)
The Information Security Office (second line of defence and CISO) wishes to reinforce its staff and skills in domain of internal control as well as information security processes engineering.
Role & responsibilities
- Preparation of and participation to the internal control plans to assess the effectiveness of the security measures in place and their compliance with information security policies and foreseen action plans
- Carry out risk analysis relating to information security and contributing to the resolution of issues addressed to the Information Security Office (e.g.: "Security by design", risks into projects, risk management, incident management, etc.)
- Implementation and development of the existing internal tools used by the Information Security Office following a GRC approach (Risk, Control, etc.) as well as Information security process engineering
- Contribution to the continuous improvement cycle of the information security strategy and processes as a second line of defence, particularly through internal controls, personal auditing, writing and communication skills
- Assisting the CISO with all information security processes, including management reporting
- Direct interaction with the Business Units and internal and external experts, particularly IT, Risk Management, Internal Audit, etc.
- BAC+4 /+5 (Master) General engineer or IT engineer, with a major in information security, internal control, IT audit or other training/experience that combines the skills required for these roles and tasks
- At least 5 years of effective professional experiences in technical and expert positions in the fields of information, IT and information security like Auditor, Internal Controller, GRC expert, etc.
- Knowledge and experience in audit, internal control, IT and ISO/IEC standards are essential. Engineering skills remain important for this position
- Very good written and spoken skills with French and English are expected (working languages); knowledge of Luxembourgish and/or German will be considered as strong assets
- Good ability to think, analyse, organise, phrase, summarize and communicate
- Rigorous, methodical, consistent, ability to work independently and in large as well as very small teams
The successful candidate (m/f) will be hired as public employee (“employé de l’Etat”) under a permanent contract. If the candidate meets the required conditions, s/he will be asked to apply for admission to the status of civil servant (“fonctionnaire de l’Etat”).
Prior to the conclusion of the contract, the candidate must submit an extract from the criminal record (bulletin n°3), dated less than 2 months, in order to prove their conduct and integrity.
* Required fields