BANK - Information Security Officer (m/f/d)

We are looking for an

Information Security Manager (m/f/d)

(unlimited, full-time) Join our team at our location in Luxembourg – flexible working conditions available

to build the next generation fintech.

We are looking for an Information Security Manager for a regulated institution that is subject to the Digital Operational Resilience Act (DORA). This role will strengthen our 2nd Line of Defense within the entity and ensure sound coordination of our consulting and assurance teams, advise internal stakeholders on resilience-related domains like information security, ICT and security risk management, operational resilience and business continuity.

Key Responsibilities:

• Requirement Management: Stay up to date with new laws, regulations, and standards within the ICT Risk domain, and assess their business impact. Act as point of contact with the CSSF.
• Engagement with stakeholders: Engage with stakeholders, including senior management, project team members, and external partners, to assign responsibilities and ensure pre-defined quality objectives are met.
• Process Governance: Own and manage the process map, ensuring governance over more than 100 processes to track and execute according to quality objectives. Provide internal reports on the activities, covering consulting, assurance, and overarching functions.
• ICT Risk Management: Managing the ICT Risk Management Roadmap as a strategic change
  • Managing response to change in regulatory requirements relevant to ICT Risk Management
• Resilience Testing: Plan, manage and ensure proper execution of the entity’s resilience testing programme. Manage results and organize additional testing activities as required by utilizing internal/external consulting and assurance teams. 
• Awareness & Outreach: Develop and implement comprehensive awareness campaigns to promote information security practices and embed a culture of security and resilience within the organization. Utilize effective communication strategies to ensure all employees are informed and engaged with the initiatives.

Qualifications:

• A bachelor's or master’s degree in Business Administration, Computer Science, or a related discipline is required. Advanced degrees or relevant certifications, such as CISSP, CISM, CCNP Security, etc. are a strong plus. 
• Minimum of 7 years in information security management, ideally in large-scale security organizations, with strong organizational and multitasking skills.
• Strong knowledge of risk assessment methodologies (e.g. risk framework 27005), security frameworks (e.g., NIST, ISO 27001) and ICT Compliance regulations (EBA Guidelines on ICT & Security Risk Management, DORA, CSSF Circulars etc.) 
• Excellent verbal and written communication skills in English and preferably in German, with the ability to convey intricate security concepts to non-technical stakeholders effectively.
• Strong analytical and problem-solving skills, with a proven ability to assess project management issues and formulate effective response strategies.