(Senior) Information Security Officer

The **EIB**, the European Union's bank, is seeking to recruit for its **Group Risk & Compliance Directorate (GR&C) - Office of the Group Chief Compliance Officer (GR&C-OCCO) - Group Non-Financial Risk Department (GNFR), Project Management and Information Security Division (PMI), Information Security Risk Unit (InfoSec)** at its headquarters in Luxembourg, a **(Senior) Information Security Officer.**

**This is a full time position at grade 5/6 for which the EIB offers a permanent contract.**
- Panel interviews are anticipated from mid-March onwards._

**Purpose**:
The Office of the Group Chief Compliance Officer is responsible acts as second line of defence, identifying, assessing and following-up on compliance risk issues relating to the Bank’s activities in line with EIB’s policies and procedures in order to meet policy/institutional and regulatory requirements.

The Information Security Risk Unit has a responsibility for 2nd Line of Defence. The 2nd Line of Defence has been centralized within the GR&C-OCCO Directorate in an Information Security Risk Unit.

As **(Senior) Information Security Officer** (internally referred to as (Senior) Officer) you will coordinate information security-related risk activities and other relevant measures in order to identify, prevent and mitigate the impact of Information Security threats. You will work in close collaboration with the relevant Services of the Bank for the integration of information security into policies, procedures and processes of the Bank as well as implementation of agreed information security measures.

This role is ideal for those that enjoy diversity and variety in their day-day role, while working as part of a dynamic and knowledgeable team focused on continuous learning, development and knowledge sharing through collaboration with other IFIs. This is an excellent career opportunity to join the largest global multilateral lender and make a real difference in a position offering high level of exposure across all departments of the Bank.

The ability to be agile, share knowledge and work in a collaborative manner is key in being successful in this role.

**Operating Network**:
You will report to the Head of Information Security Risk Unit working in collaboration with the Office of the Group Chief Compliance Officer (GR&C-OCCO), Inspector General’s Office (IG) and other relevant services as required for the investigation and escalation of events arising from non-compliance with the information security policies.

**Accountabilities**:

- Coordinates the implementation of an Information Security Management System (ISMS) consistent with the imposed requirements and/or regulations; this will include:

- Developing and maintaining the Bank’s information security-related policies, standards and procedures, in close cooperation with IT Security, IPAQ (Information Protection, Access Control and Quality), Physical Security, Data Protection Office and other EIB Group services whenever required;
- Overseeing and coordinating the implementation, the review and the update of inter-alia the Bank’s Information Security Policies framework
- Proactively formulating proposals for the integration of information security into the Bank’s policies
- Ensuring close collaboration with his/her peer in European Investment Fund (EIF).
- Ensure the undertaking, the lead implementation and the monitoring of the risk assessment process of the Bank.
- Coordinate the development of relevant key risk indicators and associated reporting dashboards and the implementation of consequent information security controls in collaboration with other relevant services of the Bank
- Coordinate, supervise and/or execute key processes related to Information Security policies, in order to ensure successful implementation, maintenance and continuous improvement of an Information Security Management System; this may include:

- Supporting Business Owners in carrying out information security risk assessments
- Monitoring the implementation of agreed information security controls in the Bank
- Managing external staff resources for the successful delivery of information security risk assessments and projects on time and according to business requirements
- Identify and perform due diligence in line with EIB Group processes for the implementation of adequate tooling
- Working in close collaboration with GCS (Group Corporate Services) for the development of a work plan and agreed actions for the protection of EIB information assets and the confidentiality, integrity and availability of EIB documents and data
- Being a key interlocutor with Internal and external auditors
- Involved in Information Security Incident Management response
- Coordinate Information Security Awareness Program actions amongst Bank personnel (both permanent staff and consultants/contractors) through training and communication programmes
- Assess relevant best banking practices on information security, define compliance