DORA IT EXPERT (202605CAFGIV)

Essential Skills and Knowledge

• Qualification:

a.    a level of education which corresponds to completed university studies, preferably in ICT or related fields (such as computer science, information security, computer engineering, telecommunications engineering, software engineering, electronic engineering, data analytics), audit, control and compliance, attested by a diploma, when the normal period of university education is four years or more; or

b.    a level of education which corresponds to completed university studies, preferably in ICT or related fields (such as computer science, information security, computer engineering, telecommunications engineering, software engineering, electronic engineering, data analytics), audit, control and compliance, attested by a diploma and appropriate professional experience of at least one year, when the normal period of university education is at least three years;

• At least three years of proven full time professional experience in the following areas: technology domains (cloud computing data centres and hosting services, information security), IT operations, IT risk management, IT audit, IT risk supervision or oversight, acquired after the qualification required under a) or b) above.

Note: Your professional experience will be counted from the time you obtained the certificate or diploma required for admission to the selection procedure. Part-time work will be taken into account in proportion to the stated percentage in relation to full-time work. In case of internship, only paid internship is considered. In case of a doctorate/PhD 50% of the actual duration of the studies will be taken into account as professional experience, subject to an upper limit of three years, on the condition that the candidate was paid during the period of his/her PhD studies, the PhD studies have been completed and a diploma was awarded.

• Proven experience gained in at least one of the following areas:
  • IT security operations;
  • Data centres environments (network architecture, server and virtualisation platforms, storage and backup technologies, ICT security controls);
  • Cloud computing (cloud architectures, virtualisation and container platforms, identity and access management, encryption, logging and monitoring, and resilience mechanisms).
• Proven experience working with international standards, leading practices, frameworks and regulations in the area of information security, ICT or operational risks, such as ISO, NIST, DORA, NIS2, TIA.
• Excellent English written and oral communication skills;
• Working knowledge of MS Office, in particular Word, Excel and PowerPoint.

Desirable Skills and Knowledge

• Proven work experience in a multicultural environment;
• Professional certifications and/or qualifications in the field of the vacancy notice (such as ICT security, operations, audit and/or internal control) e.g. CISA, CRISC, CISM, CISSP, CompTIA Security+/Network+, CCSP, CEH, CCNA/CCNP) or comparable.
• Knowledge and/or experience in auditing or supporting audits of critical third-party ICT services.
• Knowledge of a third EU language.

Behavioural Competencies required

For the above position, the following behavioural competencies have to be fulfilled:

• Flexibility in terms of openness to taking over other tasks within EIOPA in view of the dynamic and evolving institutional environment;
• Excellent team player sharing relevant information and supporting team members without taking over responsibility for their work, able to work in different teams with different levels of stakeholders in a multicultural environment;
• Being able to have and express a critical view towards own performance and open to learn from experience;
• Being able to quickly familiarize oneself with new topics and issues, even under time pressure, and to present them in a media-appropriate and audience-focused manner;
• Being able to manage multiple assignments and track progress on numerous processes simultaneously; deliver results within tight time frames and respect deadlines; prioritise tasks and pay attention to detail; proactively anticipate what needs to be done within own area of responsibility, informing others and taking action as required.
• Curiosity: Being able to promote open discourse and engage through challenging dialogue; challenge the status quo and exercise professional scepticism; use questions strategically, as a tool to advance insight, understanding and deepen awareness.
• Influencing: Being able to demonstrate resilience in difficult situations; push through resistance and continue to work with others in a constructive manner; identify and respond constructively to underlying attitudes or behaviour patterns.
• Communication: Being able to frame clear communication messages in line with audience experience, background and expectations, in an engaging manner; stand ground when needed; adopt appropriate influencing styles; Being able to establish and maintain cooperative relationships with staff and management at all levels, both inside and outside the organisation; understand who the internal and external stakeholders are as well as their needs and expectations.
• Show a positive mindset: See obstacles as challenges and approach them with a can-do attitude; set high levels of quality and productivity for yourself; and demonstrate self-motivation.