Cyber Governance Specialist

**Cyber Governance Specialist (Luxembourg, onsite) - EU Public Institutions (FREIA)**

**Project**:FREIA Security Management

**Location**:Luxembourg (onsite)

**Language**:English (C1, C2)

**Security level**:EU-Security Clearance **(REQUIRED)**

**Initial contract on offer, duration**:110 working days, contract extensions available after initial contract

**DESCRIPTION OF THE TASKS**

The external service provider will perform the following tasks:

- Definition of cybersecurity governance frameworks and strategic risk mitigation measures to protect digital systems, services, and assets.
- Preparation of comprehensive risk assessment methodologies and threat landscape analyses with focus on continuous improvement.
- Management of cybersecurity policy alignment, ensuring practices conform to the European Commission's overall strategy and compliance requirements.
- Development and maintenance of audit trails, compliance documentation, and cybersecurity governance processes.
- Coordination and review of risk management strategies and regulatory compliance assessments.
- Reporting of risk and compliance status to governance bodies, regulatory authorities, and cybersecurity leadership (LISO/SSO).
- Assistance with mentoring and coaching of E2 team members.
- Interaction with cybersecurity leadership (LISO/SSO), operational IT teams, auditors, regulatory bodies, and governance stakeholders.

**LEVEL OF EDUCATION**

As stated in section 5.1 of FREIA Specifications for the technical profiles for operational services (Lot1, Lot 2), the minimum educational qualification is a Level of education corresponding to Level 5 of the European Qualification Framework, which typically corresponds to 2 years of post-secondary education or higher, for the Junior and Confirmed seniority levels, and a Level of education corresponding to Level 6 of the European Qualification Framework, which typically corresponds to a **Bachelor degree or higher, for the Senior seniority levels.**

**SPECIFIC KNOWLEDGE, SKILLS AND EXPERTISE**

The following specific knowledge, skills and expertise are required for the performance of the above listed tasks:

- Very good knowledge of cybersecurity governance frameworks, risk management methodologies, and regulatory compliance requirements.
- Strong experience in threat landscape assessment, risk mitigation strategy development, and cybersecurity policy implementation.
- Ability to identify, assess, and recommend cybersecurity solutions efficiently and effectively across complex digital environments.
- Ability to give business and technical presentations on cybersecurity governance, risk management, and compliance matters.
- Ability to cope with fast changing technologies and evolving regulatory requirements.
- Very good communication skills with technical teams, governance bodies, and regulatory stakeholders.
- Analysis and problem-solving skills for complex cybersecurity risk scenarios and compliance challenges.
- Capability to write clear and structured cybersecurity governance documents, risk assessments, and compliance reports.
- Ability to participate in cybersecurity governance meetings, audit sessions, and regulatory coordination activities.
- Certification in cybersecurity governance, risk management, and relevant compliance frameworks.
- Ability to integrate in an international/multicultural environment, rapid self-starting capability and experience in working in team.
- Ability to participate in multilingual meetings.
- Ability to work in multi-cultural environment, on multiple large projects.
- Ability to establish trusting relationships with counterparts in partnering organisations.
- Excellent team player.
- Ability to understand, speak and write English (B2/C1), French (B2/C1) will be an advantage.
- High degree of discretion and integrity.

**Service delivery**
- The services shall be performed on Commission premises in Luxembourg, EUFO. Remote provision of services, working either from home or at the Contractor’s premises, allowing in both cases to reach the Commission premises within 2 hours, may be authorised for tasks that do not require on-site presence. The necessary IT equipment to work in the Commission’s environments (laptop) will be provided by the Commission.

**Applicable security procedures: EU-Security clearance (required)