Skip to main content
Logo
English
  • Consultation
  • Open

Information Security & Secure Communication Officer

Details

Status
Open
Opening date
Deadline
Department
European Defence Agency
Agency
  • EDA - European Defence Agency
Vacancy Type
  • Public
Type of Contract
  • Contract Staff
Grade
  • FG IV
Location(s)
  • Brussels, Belgium

Target audience

We are looking for a Information Security & Secure Communication Officer.

Under the supervision of the Business Information Security Officer, the jobholder will be responsible for/contribute to the following activities:

A. Information Security Management System (ISMS)

  • maintain EDA ISMS in accordance with EU applicable legislation (e.g. Regulation (EU) 2023/2841, EU GDPR, etc.) as it changes and evolves;
     
  • perform gap analysis activities against Regulations and standards as needed and draft mitigation plans;
     
  • assist in preparing compliance reports for internal and external stakeholders;
     
  • draft, update, and maintain information security and cybersecurity policies, procedures, and operational plans;
     
  • develop, implement and maintain processes to monitor compliance with security regulations and internal policies;
     
  • assist in audits and assessments to evaluate adherence to security rules, regulations, standards and best practices;
     
  • collaborate with stakeholders throughout EDA to design and implement improvement plans.

B. Cyber Risk Management

  • assist in all the Cybersecurity Risk Management activities, including identification and mitigation of risks related to non-compliance with security requirements;
     
  • maintain the Cybersecurity Risk Registry for classified and unclassified systems and services;
     
  • support the development of cyber risk registers and contribute to the creation of mitigation strategies.

C. EUCI governance

  • assist in the regular EDA EUCI Business Requirements update, review and analysis cycle;
     
  • support EDA EUCI Communication and Information Systems (CIS) and Services and their formal security accreditation processes;
     
  • support TEMPEST compliance activities in accordance with CD 2013/488 and relevant rules and regulations.

D. Business Continuity and Disaster Recovery

  • assist in Business Continuity and Disaster Recovery processes and activities.

E. Other Information Security activities

  • organize and provide training and guidance to staff, in close coordination with the Security Unit and IT Unit, on Information Security awareness, EUCI CIS handling, regulatory compliance requirements and best practices.

The jobholder may take on additional tasks as required in the interest of the service.

Duties may evolve according to the development of EDA’s structure and activities, and the decisions of EDA management.

Respond to the consultation

APPLY NOW!