This position is based at our Luxembourg headquarters and requires regular office presence. This position is based at our Luxembourg headquarters and requires regular office presence. The EIB offers you the opportunity to live and work in a truly international and multi-cultural environment. We also offer relocation support.

The EIB, the European Union’s bank, is seeking to recruit for its Group Corporate Services Directorate (GCS), Group Digital Office (GDO), Cybersecurity Division (CD), IT Security Unit (SEC) at its headquarters in Luxembourg, a (Senior) Cyber Security and Resilience Engineer*. This is a full-time position at grade 5/6 for which the EIB offers a permanent contract.

*internal benchmark (Senior) Engineer IT Technology & Infrastructure

Panel interviews are anticipated for August 2024.

Purpose

This role is in the first line of the three lines of defence model, aiming to strengthen the EIB’s Cyber Resilience Management program. As a first line of defence function, you will be responsible for developing and implementing Cyber Resiliency measures at the EIB as well as partnering with assurance functions within the EIB on its Cyber Resilience management program.

In this role you will be expected to demonstrate your deep technical knowledge in deploying and managing state-of-the-art cyber resilience controls to protect the EIB network from insider and external attacks.

Operating Network

You will directly report to Head of IT Security Unit. The IT Security Unit is responsible for technical security matters for on premise hosted systems. However, cloud aspects will be considered to address cyber resilience related risks.

In this role, you will have regular contact with colleagues in other Directorates, notably with the IT Security Unit, IT internal and external staff and Internal Audit. You will also work with the EIB’s second line of defence team members in the EIB’s Risk Management Directorate and the internal control assessment teams in the EIB’s Financial Control Directorate. In addition, you will work closely with the business continuity team and have contact with external vendors and/or partners providing security equipment, software or security services to the EIB and with IT Security Engineers & Officers from peer institutions as well as with the CERT-EU and local security authorities.

Accountabilities

• Contribute to the definition of the EIB’s IT Security strategy and policies for IT cyber resilience
• Participate in strategic and tactical planning to mature the EIB’s Cyber Resiliency posture program
• Develop EIB’s Cyber Resiliency program elements in order to ensure that IT security policies, procedures and initiatives are properly designed and implemented
• Partner with the first line of defence technology teams as well as 2nd line of defence partners to ensure sufficient alignment exists between program elements and drive improvements within the control environment with other risk oversight functions
• Develop Cyber Resiliency controls within the EIB’s Internal Control Framework by ensuring technology owners are properly assessing cyber resilience risk in their environments, identifying breaks in the effectiveness of their Cyber Resiliency controls, and mitigating discovered gaps
• Lead development of detailed high availability and disaster recovery architectures for applications and systems in environments with multiple data centres, cloud-based solutions, and technology platforms.
• Partner with other risk oversight functions to drive improvements within the control environment
• Provide regularly-scheduled and ad-hoc reports for management and risk committees regarding status of risk treatment activities including producing risk appetite metrics and key risk indicators
• Provide specific advice and recommendations on IT Security “cyber resilience” topics
• Participate in special initiatives that can go beyond the strict boundaries of own domain and that have a specific scope and timing, in order to ensure the realisation of the initiative within the set scope, time and budget
• When an incident occurs, help the Bank recover effectively from business continuity incidents, in liaison with Business Continuity correspondents and the Crisis Management Team

Qualifications

• University degree (minimum an equivalent to a Bachelor) preferably in in computer science, audit, finance or accounting. Relevant post-graduate studies in field of IT risk management, IT or information management would be considered as a strong advantage
• Professional qualifications as an IT risk and control professional or IT auditor (e.g. CISA, CISM, CISSP) would be an advantage
• Minimum 5 years of relevant professional experience such as an operational security engineer with practical experience in key technical areas as outlined below. At least 2 years of practical experience in cyber resilience operations
• Good knowledge of best industry practices (e.g. ISO 27000 series of standards, knowledge of the NIST Cybersecurity Framework is considered an asset) and regulatory requirements in the area of cyber resilience (e.g. ECB CROE, EBA Guidelines)
• Good knowledge of data protection and recovery methods in the context of cyber resilience
• Good knowledge of general IT security topics and controls (security architecture and standards, vulnerabilities management and mitigation technics in particular those associated to Internet exposed systems and applications)
• Advanced knowledge and interest in cyber threat landscape, malware and hacking techniques
• Experience with project management techniques, progress tracking tools and reporting
• Excellent knowledge of English and/or French (**), with a good command of the other. Knowledge of other EU languages would be an advantage.

Competencies

Find out more about EIB core competencies here

(**) Unless stated explicitly as a required qualification, a good command of French is not a pre-requisite for hire. As both English and French are however official working languages of the EIB, proficiency in both languages is a pre-requisite for your future career development. Any language clause in your contract must be fulfilled in order for you to be eligible for a promotion (either via the annual appraisal cycle or via an internal selection process). Proficiency is understood to mean the attainment of level 5 of the Inter Institutional language courses, corresponding to B1.2 of the Common European Framework of Reference for Languages (CEFRL). The Bank offers appropriate training support.

We are an equal opportunities employer, who believes that diversity is good for our people and our business. We encourage all suitably qualified and eligible candidates to apply regardless of their gender identity/expression, age, racial, ethnic and cultural background, religion and beliefs, sexual orientation/identity, disability or neurodiversity.

Applicants with specific needs are encouraged to request reasonable accommodations at any stage during the recruitment process. Please contact the EIB Recruitment team [email protected] who will ensure that your request is handled.

By applying for this position, you acknowledge the importance of maintaining the security and integrity of the Information of the EIB Group. In case of selection for the position you agree to comply with all measures (policies, controls, document classification and management) implemented by the EIB Group to prevent unauthorised disclosure of any information or any damage to the EIB Group reputation.

Deadline for applications: This is an open campaign to consecutively fill open positions. The campaign will remain open until the position is filled. Applications will be reviewed in order of receipt.

#LI-POST