Workplace Security Specialist - Luxembourg - AlmavivA de Belgique

Description

The main objectives of the project are:

• Unit A.1 IT Security team is in charge to verify and ensure the coherence of the security plans with the actual Information Systems implementation in the present Commission's IT security framework following the IT Security Risk Management Methodology
• Additionally, adoption of the Commission's legal basis for data protection might require an alignment of implementations an security plans combined with Data Protection Impact Assessment (DPIA)
• Eurostat is regularly audited on controls based on the ISO 27000 framework (ISO 27002 more specifically) in the context of ESS IT Security Framework
• Provide technical support in the general context of IT Security.

The expected benefits are:

• Comply with requirements from the Commission Decision (EU, Euratom) 2017/46 as well as with the data protection Regulation (EU) 2018/172
• Unit A.1 IT Security team will increase its operational technical capabilities to handle the increased workload to support continuous improvement on Security aspects within Eurostat

The solution assignment may change over time, according to the portfolio/project/service needs


DESCRIPTION OF THE TASKS
Generally, this contract will support some of the multiple Security aspects of IT in Eurostat, by:

• Providing support in conducting security risk assessments according to the IT Security Risk methodology used within the European Commission
• Providing support to the different stakeholders during the preparation or update of their Information Systems security plans
• Providing security studies associated with present or future Information System projects, and the integration of different security technologies in the Eurostat IT environment
• Providing technical expertise for the implementation of the necessary technical measures required to implement effective solutions for mitigating security risks e.g. integration of securityrelated technologies, identity and access management
• Providing support the training & awareness activities on the IT Security topics
• Supporting security assessments on Eurostat Information Systems for compliance reporting in the context of specific audits or EC mandatory IT Security attestation exercises
• Providing generic support on IT security aspects as required

Some task examples to be covered by this contract are:

• TASK 1: IT SECURITY RISK ASSESSMENT FOR EUROSTAT INFORMATION SYSTEMS
• TASK 2: IT SECURITY PLANS FOR EUROSTAT INFORMATION SYSTEMS PRODUCTION/UPDATE
• TASK 3: SUPPORT IT SECURITY COMPLIANCE REPORTING AND EVOLUTION IN THE CONTEXT OF ESS IT SECURITY FRAMEWORK
• TASK 4: SUPPORT IT SECURITY COMPLIANCE MONITORING AND REPORTING IN THE CONTEXT OF EC CORPORATE SECURITY
• TASK 5: SPECIFIC ADVICE AND SUPPORT IN TERMS OF IT SECURITY AWARENESS
• TASK 7: SUPPORT FOR THE ASSOCIATED ADMINISTRATIVE PROCESS RELATED TO IT SECURITY
• TASK 8: GENERAL ADVICE IN TERMS OF IT SECURITY
• TASK 9: PROJECT MANAGEMENT ACTIVITIES WITHIN THE CONTEXT OF THE CONTRACT

LEVEL OF EDUCATION

The minimum educational qualification corresponds to Level 6 of the European Qualification Framework which typically corresponds to a
bachelor's degree of 3 years.

KNOWLEDGE AND SKILLS
The following skills and knowledge are required for the performance of the above-listed tasks:

• Very good knowledge of the following frameworks:

-
European Commission IT Security Policy, Standards, Guidelines, and Technical Specifications:

• ITSRM Methodology
• ISO 27000 framework standards
• Project Management with PM2, including PM2 Agile
• ITIL

-
Eurostat IT strategy and other applicable guidelines

• Ability to provide feedback on IT Security related topics and draft content and training material efficiently and fast
• Ability to give business and technical presentations
• Ability to cope with fastchanging technologies used in the
  EC Digital Workplace environment:
• Very good communication skills with technical and non-technical audiences
• Demonstrated analysis and problemsolving skills
• Capability to write clear and structured technical documents
• Ability to participate in technical meetings and good communication skills
• Capability of integration in an international/multicultural environment, rapid selfstarting capability and experience in working in team
• Ability to participate in multilingual meetings
• Ability to work in a multicultural environment, on multiple large projects
• Excellent Team Player, yet with the ability to work autonomously when necessary
• Ability to understand, speak and write English C2 and French B
• Knowledge of other EU languages will be an advantage
• High degree of discretion and integrity is required as the processes managed and maintained may contain personal, confidential data and statistical confidential data

SPECIFIC EXPERTISE

• The following specific expertise is mandatory for the performance of tasks:
• at least 5 years of specific expertise in
  IT Security (min. competence level 5)