Chief Information Security Officer
L-1017 Luxembourg
il y a 3j

For its IT team, EFA is looking to recruit a :

Chief Information Security Officer

Your main tasks and responsibilities :

  • The Chief Information Security Officer (CISO) is responsible for organising and overseeing information security. His / her role is to provide advice, assistance, information, training and supervision with regard to the security of the information system (IS).
  • Core duties include executing IT risk assessments, defining and implementing the necessary organisational, technical, legal and human means, as well as designing and coordinating action plans to improve the IT security coverage.

  • The CISO is in charge of the IT risk assessment for all projects and proposes appropriate preventive measures to mitigate risks.
  • He / she coordinates IT security projects and ensures consistency and compliance with the base principles set out in the General Information Security Policy (GISP).

    He / she coordinates DRP / BCP tasks and manages a team of IT security officer(s).

  • The person appointed as CISO has to be approved by the CSSF (Commission de Surveillance du Secteur Financier- Luxembourg's Financial Sector Supervision Authority).
  • In this role, you will :

  • propose security objectives to the Executive Committee and maintain the GISP to reflect those objectives;
  • propose approaches to implement security technology and methods;
  • define security guidelines and standards, and establish oversight and data protection procedures;
  • oversee the coordination and manage IT security projects;
  • participate in other projects, notably by providing IT Security deliverables required to comply with the project management methodology;
  • provide a security assessment of IT systems in place and of ongoing projects;
  • monitor technological and legislative trends in your domain of expertise : tools, methods, circulars, etc.;
  • monitor and assess major IT security threats and provide proposals to mitigate risks;
  • coordinate the actions required for the proper functioning and maintenance of the DRP solution, and participate in the actions relating to the tests and development of the BCP;
  • serve as the main point of contact for internal and external auditors and the CSSF with regard to IT security;
  • carry out the necessary investigations in the event of an alert or security incident, including managing the relation with external IT security experts and firms;
  • manage and supervise the IT security officers in charge of the day-to-day management of security actions : managing users, investigating vulnerabilities in our systems, checking security logs, etc.
  • Your profile :

  • You have at least 5 years' experience in a similar role
  • You are aware of the standards and procedures in IT security, the IT security environment, and are familiar with IT security risk assessments and risk management
  • You are capable of anticipating and monitoring trends in IT technology and identifying the impacts they will have on our IS;
  • you can stay abreast of relevant legislation and circulars pertaining to information security and data protection

  • You have excellent knowledge of fund administration, and are able to understand and monitor regulations governing this domain
  • You have a strong command of both French and English, and are at ease in writing documents at executive management level in both languages
  • You are meticulous and methodical
  • You are able to effectively analyse and summarise situations, and have proven experience of project management
  • Your strengths include your interpersonal skills and your ability to communicate effectively
  • You are open-minded, pragmatic and flexible
  • You have experience in team management and in the coordination of cross-cutting projects involving many different departments across an organisation
  • We can offer you :

  • Varied work as part of a dynamic and ambitious company that has been established in the Grand Duchy of Luxembourg for 20 years,
  • An attractive remuneration scheme : Company Agreement, 33.5 days' leave, meal vouchers, life and disability insurance, supplementary pension, interest subsidies, a Sympass card, offices located close to the central railway station in Luxembourg, etc.
  • If you think you fit this profile, please send your application to recrutement with the reference CISO 2019.

    N.B. : In order to meet the worthiness criteria provided for in Article 45 of CSSF Regulation No. 12-02 of 14 December 2012 on anti-

    money laundering and the financing of terrorism, candidates concerned will be asked to produce a recent extract of their criminal record no later than their first day of employment.

    This document will be dealt with in accordance with the Law of 23 July 2016.

    As part of the recruitment process, EFA may collect and process candidates' personal data. This data will be stored for processing purposes for the period required by law.

    Candidates may assert their right to access, correct or delete their personal data in accordance with the applicable legal provisions, and in particular with the provisions of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016 / 679 of the European Parliament and of the Council of 27 April 2016) and in accordance with the Luxembourg Act of 2 August 2002 concerning the protection of individuals with regard to the processing of personal data.

    To do so, they must send an email to dpo


    Step 2
    Ajouter aux favoris
    Retirer des favoris
    Mon email
    En cliquant sur « Continuer », je consens au traitement de mes données et à recevoir des alertes email, tel que détaillé dans la Politique de confidentialité de neuvoo. Je peux retirer mon consentement ou me désinscrire à tout moment.
    Formulaire de candidature