Head of the Cyber Internal Auditor (CIA) Unit

 

Location
ESTEC, Noordwijk, Netherlands  

Description

Head of the Cyber Internal Auditor Unit in the Navigation Security Office, Directorate of Navigation.

Reporting to the Head of the Navigation Security Office, you will be in charge of the Cyber Internal Auditor team who are responsible for the evaluation of the level of compliance of the information security management system and implemented security measures with defined requirements, security policies in place and the appropriate safety standards, within the navigation projects. It includes the planning and implementation of the cybersecurity audits and the provision of independent feedback.

Duties

Your tasks and responsibilities will include:

 

• developing and implementing a risk-based cyber security audit strategy for ESA within the navigation programmes in compliance with the policies and requirements established by the European Commission, the Information Security on audit standards, guidelines and best practices; 
• planning the next year cyber security audits with industry for which European Commission cyber requirements apply, submitting the proposed cyber internal audit plans to the Head of the Navigation Security Office and the Director of Navigation for approval;
• executing the agreed cyber audit plans for the current year, preparing the yearly cyber audit reports, submitting them for approval to the Head of the Navigation Security Office and the Director of Navigation;
• conducting the cyber security audits in accordance with the audit standards, guidelines and best practices to meet planned cyber security audits; 
• performing cyber security awareness across the ESA Directorate of Navigation, the ESA Security Office, the European Union Agency for the Space Programme (EUSPA) and the European Commission, including the communication of emerging issues, potential risks and audit results;
• being the main point of contact for the EUSPA Cyber Internal Auditor Team for the appropriated alignment of the cybersecurity audits; 
• advising on the implementation of risk management and control practices within the ESA Directorate of Navigation, while maintaining independence and providing independent feedback on the effectiveness and efficiency of the information security management system and security measures;
• following the evolution of cyber security policy standards, regulations and norms, in particular in Europe;
• coordinating the development, operations, training and maintenance of the necessary Computer Assisted Audit Technics (CAATS) to perform the cyber security audits with industry; 
• attending on boards established within the programmes for dealing with non-conformances (requests for waivers); participating in Cyber Boards and relevant programme reviews with internal and external stakeholders (ESA, EUSPA and the Commission).

 

You will also be responsible for identifying, assessing, managing and reporting the health and safety risks in your area of responsibility.

Technical competencies

Knowledge of cyber security (policy, detection, reaction and correction) Knowledge of cyber vulnerability management and associated standards Knowledge of and experience in auditing of complex secure systems Knowledge of security auditing standards and regulations

Behavioural competencies

Result Orientation
Operational Efficiency
Fostering Cooperation
Relationship Management
Continuous Improvement
Forward Thinking

For more information, please refer to the ESA Core Behavioural Competencies guidebook.

Education

A master’s degree in engineering or law is required for this post.

Additional requirements

• You should have substantial security or audit experience
• You are expected to have a very good background in cyber security, policy, and associated standards and regulations
• You must possess good judgment, integrity, and good communications skills, and be willing to travel
• The potential to manage individuals or a team of experts in a project
• The ability to organise their activities and ensure a motivating work environment
• Strong leadership capabilities, with proven relationship management and communication skills
• The ability to drive your team’s performance, developing your people by encouraging learning, delegating responsibility and giving regular and constructive feedback
• Strong problem-solving skills to deal with day-to-day operational challenges, together with demonstrated planning and organisational skills
• Strong results orientation with the ability to set priorities and present practical solutions both orally and in writing
• The ability to manage challenging situations proactively and constructively and to be customer focused.

 

People management experience is an asset, as is international experience, i.e. outside your home country, as well as experience in diverse functional areas relevant to ESA activities.

Diversity, Equity and Inclusiveness 
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged.

At the Agency we value diversity, and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further, please contact us via email at contact.human.resources@esa.int.
 
Important Information and Disclaimer
In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.

Applicants must be eligible to access technology and hardware which is subject to European and US export control regulations and for security clearance by their national security administrations.

During the recruitment process, the Agency may request applicants to undergo selection tests. Additionally, successful candidates will need to undergo basic screening before appointment, which will be conducted by an external background screening service, in compliance with the European Space Agency's security procedures.

Note that ESA is in the process of transitioning to a Matrix setup, which could lead to organisational changes affecting this position.

The information published on ESA’s careers website regarding working conditions is correct at the time of publication. It is not intended to be exhaustive and may not address all questions you would have. 

 

Nationality and Languages 
Please note that applications can only be considered from nationals of one of the following States: Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia, Lithuania, Slovakia and Slovenia. 

According to the ESA Convention, the recruitment of staff must take into account an adequate distribution of posts among nationals of the ESA Member States*. When short-listing for an interview, priority will first be given to internal candidates and secondly to external candidates from under-represented Member States*. 

The working languages of the Agency are English and French. A good knowledge of one of these is required. Knowledge of another Member State language would be an asset.  

*Member States, Associate Members or Cooperating States.