(Senior) Information Security Risk

The **EIB**, the European Union's bank, is seeking to recruit for its Office of the Group Chief Compliance Officer (GR&C - OCCO) - Group Non-Financial Risk Department (GNFR), Project Management and Information Security Division (PMI), Information Security Risk Unit (InfoSec) at its headquarters in Luxembourg, a **(Senior) Information Security Risk & Business Continuity Officer*.**

**This is a full time position at grade 5/6 for which the EIB offers a permanent contract.**
- _internal benchmark: (Senior) Officer_
- Panel interviews are anticipated from March onwards._

**Purpose**:
The Office of the Group Chief Compliance Officer is responsible acts as second line of defence, identifying, assessing and following-up on compliance risk issues relating to the Bank’s activities in line with EIB’s policies and procedures in order to meet policy/institutional and regulatory requirements.

The Information Security Risk Unit is responsible for 2nd Line of Defence of Information Security Risk and is accountable for the oversight of processes and controls put in place by the 1 LoD. The 2nd Line of Defence has been centralized within the GR&C-OCCO Directorate in an Information Security Risk Unit.

(Senior) Information Security Risk & Business Continuity Officer you will develop, maintain, and implement a control and monitoring framework for the EIB Group’s business continuity (BC), crisis management (CM) and disaster recovery activities, in order to ensure the adequacy of EIBG’s prevention, preparedness and response mechanisms to crises as well as disruption and destruction of critical business activities. Knowledge of best banking practices would be an advantage.

The EIB operates in a complex and dynamic environment, with a diverse range of risks to manage, both from a security and continuity perspective. This provides a challenging and stimulating working environment for Information Security & BCM officer.

This role is ideal for those that enjoy diversity and variety in their day-day role, while working as part of a dynamic and knowledgeable team focused on continuous learning, development and knowledge sharing through collaboration with other IFIs. This is an excellent career opportunity to join the largest global multilateral lender and make a real difference in a position offering high level of exposure across all departments of the Bank.

The ability to be agile, pragmatic and resilient while working in a collaborative manner is key to being successful in this role.

**Operating Network**:
You will report to the Head of the Information Security Risk Unit and work in close collaboration with the relevant services of the Bank as required for the investigation and escalation of events arising from non-compliance with the information security policies, such as Inspectorate General (IG). You will also work with our Group Corporate Services (IT, Physical Security, Business Continuity) and all Directorates of the Bank for the implementation of the agreed business continuity measures.

This position demands a high level of interaction with all EIB Group staff, including senior stakeholders, and external partners.

You will be required to be available beyond the regular office hours such as at night, on weekends and/or bank holidays, in particular in the event of an incident or a crisis and will carry out on-call services on a regular basis.

**Accountabilities**:

- Develop, maintain and implement a control and monitoring framework to ensure a reliable functioning of the organisation’s crisis and business continuity programmes with a focus on the required levels of resiliency in the cyber space; ensure roles and responsibilities are defined;
- Oversee the effective implementation of the crisis and business continuity management strategy across the Group, ensuring that it complies with the best practice and regulations in force; validate the final strategy report issued by 1 LoD;
- In collaboration with 1 LoD, develop and continuously improve the crisis and business continuity management services of the EIB Group;
- Provide input to, review and validate strategic deliverables and reporting lead by 1 LoD (e.g. policies, plans, BC risk assessment report, business impact analysis report, exercise report, ICT recovery plan, etc.); ensure that the business impact analysis results are reflected in the disaster recovery plans and business continuity plans;
- Contribute to the identification of the EIBG critical business activities and their BC requirements, review key business continuity processes, key deliverables and report on the status of initiatives within business continuity strategy and roadmap;
- Oversee the accuracy and adequacy of BC-related metrics (KRIs and KPIs), reporting, methodologies and/ or organisational regulations; ensure policy, procedures, processes and other organisational regulations in the BC domain are complete and accurate;
- Advise and support the 1 LoD in the execution of the yearly BC