Chief Information Security Officer

The **University of Luxembourg** is an **international research university** with a distinctly **multilingual** and **interdisciplinary** character. The University was founded in 2003 and counts more than 6,700 students and more than 2,000 employees from around the world. The University’s faculties and interdisciplinary centres ;focus on research in the areas of Computer Science and ICT Security, Materials Science, European and International Law, Finance and Financial Innovation, Education, Contemporary and Digital History. In addition, the University focuses on cross-disciplinary research in the areas of Data Modelling and Simulation as well as Health and System Biomedicine. Times Higher Education ranks the University of Luxembourg #3 worldwide for its “international outlook,” #20 in the Young University Ranking 2021 and among the top 250 universities worldwide.

To support this ambition, excellence and talent are critical in the University’ services. The CISO is supported by a security analyst and colleagues from other IT teams within an IT Department of ~70 people.

Taking this role now comes at a pivotal moment: the digitalization is spreading across every cell of the University. A ZT modern approach to security, adapted to the innovative environment of a University, must be developed further. You will work in close collaboration and alongside four other IT team leaders. Should you be interested in the position, be prepared to some brain stretching: the job is for polyvalent profile, who can deep-dive when required.

We’re looking for people driven by excellence, excited about innovation, and looking to make a difference. If this sounds like you, you’ve come to the right place

**Your Role...**:
Leading the IT department’s (SIU) Security Team, the CISO works closely with the other SIU Team Leaders, the data protection officer and the academic community to recommend the strategic direction and technology solutions to meet the security needs of the University.

The CISO’s expertise is used to propose, implement and monitor a global strategic, comprehensive enterprise information security and risk management program to ensure that the integrity, confidentiality and availability of information that is owned, controlled or processed by the University:

- Executes research and analysis on business, information and IT processes, requirements and
relevant legislation
- Formulates, recommends and implements guidelines and standards which affect the IT organisation and the University as a whole
- Gives advice to management and colleagues on relevant developments, threats, improvement opportunities, business cases and alternative solutions
- Monitors and reports upon quantitative and qualitative performance of systems, IT service delivery and processes in relation to security aspects
- Analyses possibilities for sourcing of IT products, services and activities and advice management on and/or outsourcing
- Gathers, uses, documents and spreads knowledge concerning relevant developments in the market and new or changing insights in the profession
- (Co-)develops project proposals, including budgets, deadlines and planning, and ensure realisation of projects
- Coordinates and assists in the handling of incidents, changes and service requests related to information security
- Runs, monitors and reports on the Information Security Awareness program
- Coordinates and exchanges on trends and threads with experts on a national

**What we expect from you**:

- Ability to interact and collaborate with Uni.lu's personnel at all levels and across all business units and organizations, and to comprehend business imperatives
- Ability to develop nuanced discussion and assessment of risk to support management decisions
- Capability to lead and develop a team
- Capability to manage resources (people, budget and time (i.e. activity planning))
- In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
- Knowledge of and experience in developing, executing and documenting security architecture and plans
- In-depth knowledge of risk assessment methods and technologies
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls while keeping a strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships
- Experience in developing, documenting and maintaining security policies, processes, procedures and standards
- Knowledge of information security related technologies
- Master’s degree or equivalent by work experience
- More than 5+ years of relevant work experience
- Strong written and verbal communication skill in English; knowledge of French, German or Luxembourgish is a strong asset

**In Short...**:

- Contract Type: Permanent
- Work Hours: Full Time 40.0 Hours per Week
- Start