Information Security Management Expert

Background:

eu-LISA is the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) manages large-scale IT systems to support the implementation of asylum, border management and migration policies in the European Union (EU). The Agency is also a front-runner for the digitalisation efforts of the EU's Justice and Home Affairs domain, building a new information architecture and contributing to the development of a new security ecosystem. Since the Agency's beginnings in 2012, eu-LISA has become the digital engine of the Schengen Area. With its activities and tasks, the Agency adds value to the EU Member States by supporting their efforts towards justice, security and freedom.

Task description:         

• Supports the Agency's Information Security Officers in the management of information security and business continuity across organizational business processes and information systems
• Develop security controls in the context of the agency's information security framework.
• Expected also to perform the following tasks:
• Perform risk assessments
• Develop Information Security Management System (ISMS) procedures
• Develop conceptual, logical and physical security models as appropriate.
• Draft security policies, standards, procedures and guidelines in accordance with ISO27001
• Development of security plans and documentation (e.g. risk treatment plans, security test plans)
• Development of business continuity and disaster recovery plans.
• Perform security assessments and audits
• Perform ISMS control audits
• Perform ISMS gap assessments
• Design security controls in accordance with agency information security policies and standards
• Provide assistance in formal accreditation process for information systems handling EU sensitive and classified information.

Education:      

• Minimum 4 years of relevant education (master or equivalent) after the secondary school

Minimum Experience:

• Minimum 6 years of general IT professional experience, of which
• Minimum 3 years of relevant professional experience in Information Security Management

Additional needed qualification, knowledge and skills:         

• Good knowledge of/in:
• ISO27001 implementation and management.
• Relevant standards and good practice in information security management
• Information risk management (in particular E-BIOS)
• Governance, Risk & Compliance (GRC) practices and controls
• ISO27001 security control audits and assessments
• Developing security policies, standards and guidelines in accordance with ISO27001 and EU security policies and standards
• Design, implementation and assessments of good practice security control frameworks such as SANS Top 20 Critical Controls, OWASP Application Security Verification Standard,
• Secure development processes (Security and Privacy design)
• Implementation of EU data protection principles in information system design and processes.
• This profile is expected to possess one or more of the following qualifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• ITIL/ITIL V3
• BSI ISO27001 Lead Auditor Qualification