Eu - Workplace Security Specialist - Luxembourg

The main objectives of the project are:

- Unit A.1 IT Security team is in charge to verify and ensure the coherence of the security plans with the actual Information Systems implementation in the present Commission’s IT security framework following the IT Security Risk Management Methodology
- Additionally, adoption of the Commission’s legal basis for data protection might require an alignment of implementations an security plans combined with Data Protection Impact Assessment (DPIA)
- Eurostat is regularly audited on controls based on the ISO 27000 framework (ISO 27002 more specifically) in the context of ESS IT Security Framework
- Provide technical support in the general context of IT Security.
- The expected benefits are:

- Comply with requirements from the Commission Decision (EU, Euratom) 2017/46 as well as with the data protection Regulation (EU) 2018/1725
- Unit A.1 IT Security team will increase its operational technical capabilities to handle the increased workload to support continuous improvement on Security aspects within Eurostat
- The solution assignment may change over time, according to the portfolio/project/service needs

**DESCRIPTION OF THE TASKS**

Generally, this contract will support some of the multiple Security aspects of IT in Eurostat, by:

- Providing support in conducting security risk assessments according to the IT Security Risk methodology used within the European Commission
- Providing support to the different stakeholders during the preparation or update of their Information Systems security plans
- Providing security studies associated with present or future Information System projects, and the integration of different security technologies in the Eurostat IT environment
- Providing technical expertise for the implementation of the necessary technical measures required to implement effective solutions for mitigating security risks e.g. integration of security-related technologies, identity and access management
- Providing support the training & awareness activities on the IT Security topics
- Supporting security assessments on Eurostat Information Systems for compliance reporting in the context of specific audits or EC mandatory IT Security attestation exercises
- Providing generic support on IT security aspects as required

Some task examples to be covered by this contract are:
TASK 1: IT SECURITY RISK ASSESSMENT FOR EUROSTAT INFORMATION SYSTEMS

TASK 2: IT SECURITY PLANS FOR EUROSTAT INFORMATION SYSTEMS PRODUCTION/UPDATE

TASK 3: SUPPORT IT SECURITY COMPLIANCE REPORTING AND EVOLUTION IN THE CONTEXT OF ESS IT SECURITY FRAMEWORK

TASK 4: SUPPORT IT SECURITY COMPLIANCE MONITORING AND REPORTING IN THE CONTEXT OF EC CORPORATE SECURITY

TASK 5: SPECIFIC ADVICE AND SUPPORT IN TERMS OF IT SECURITY AWARENESS

TASK 7: SUPPORT FOR THE ASSOCIATED ADMINISTRATIVE PROCESS RELATED TO IT SECURITY

TASK 8: GENERAL ADVICE IN TERMS OF IT SECURITY

TASK 9: PROJECT MANAGEMENT ACTIVITIES WITHIN THE CONTEXT OF THE CONTRACT

**LEVEL OF EDUCATION**

Bachelor's degree of 3 years.

**Job requirements**

**KNOWLEDGE AND SKILLS**

The following skills and knowledge are required for the performance of the above-listed tasks:
Very good knowledge of the following frameworks:

- European Commission IT Security Policy, Standards, Guidelines, and Technical Specifications
- ITSRM Methodology
- ISO 27000 framework standards
- Project Management with PM2, including PM2 Agile
- ITIL
- Eurostat IT strategy and other applicable guidelines
- Ability to provide feedback on IT Security related topics and draft content and training material efficiently and fast
- Ability to give business and technical presentations
- Ability to cope with fast-changing technologies used in the EC Digital Workplace environment
- Very good communication skills with technical and non-technical audiences
- Demonstrated analysis and problem-solving skills
- Capability to write clear and structured technical documents
- Ability to participate in technical meetings and good communication skills
- Capability of integration in an international/multicultural environment, rapid self-starting capability and experience in working in team
- Ability to participate in multilingual meetings
- Ability to work in a multicultural environment, on multiple large projects
- Excellent Team Player, yet with the ability to work autonomously when necessary
- Ability to understand, speak and write English C2 and French B1
- Knowledge of other EU languages will be an advantage

High degree of discretion and integrity is required as the processes managed and maintained may contain personal, confidential data and statistical confidential data

**SPECIFIC EXPERTISE**

The following specific expertise is mandatory for the performance of tasks:

- at least 5 years of specific expertise in IT Security (min. competence level 5)
- at least 3 years of specific expertise in Project Management (min. competence level 5)
- at least 3 years of specific expertise in Ser