Information Security Officer

Information Security Officer

Directorate General of Administration

Directorate of Information Technology

Reference: e043/2024
Location: Strasbourg

Publication: 02 September 2024

Deadline: 23 September 2024

Are you a talented and experienced Information Security Officer with a strong background in information security, risk management, and incident response, and interested in joining our dynamic and innovative Directorate of Information Technology (DIT)? Would you like to play an active and crucial role in enhancing the security posture, resilience, and reliability of our services by collaborating closely with the Chief Information Security Officer (CISO), and the DIT team? Your responsibilities would include managing daily security operations, leading crisis management efforts, providing security expertise for application and infrastructure projects, identifying and analyzing potential security risks, and conducting security audits.

Who we are

With over 2500 staff members coming from all its 46 member States, the Organisation strives towards protecting human rights, democracy and the rule of law. Our three core values - professionalism, integrity and respect - guide the way we work. Our Directorate of Information Technology is committed to implementing innovative and cost-effective systems that increase efficiency and productivity, digitally transforming the Organisation to focus on users and data. The Information Security team, a part of the Directorate of Information Technology, manages governance, risk, and crisis, encompassing all aspects of information security.

Your role

As an Information Security Officer, you will play a pivotal role in assisting the Chief Information Security Officer (CISO), helping coordinate security tasks (crisis management, critical situations, or service disruptions), implementing and overseeing information security strategies and action plans following audits.

You will:

1. Implement and monitor action plans following risk analyses, application audits, and internal audits to enhance security measures.
2. If the CISO is absent, ensure continuity of operations of information security in collaboration with internal teams.
3. Participate in crisis management, prioritizing actions, and ensuring effective communication and resolution of security incidents.
4. Provide security expertise and advice for application development and infrastructure projects, ensuring they meet security, compliance, and governance standards.
5. Participate in thorough security audits to identify vulnerabilities and recommend corrective actions.
6. Manage security requests (approximately 300 per year), maintain regular contact with users, and supervise adherence to the "six-eyes principle".
7. Ensure the respect and adherence of the rules regarding the use of the information system (instruction 47) and the security policy.
8. Oversee the use and maintenance of current security tools, ensuring they function effectively and are up to date.
9. Develop and maintain security policies in collaboration with the CISO, procedures, and guides to ensure comprehensive and up-to-date security practices.
10. Stay updated on emerging attack techniques and new security vulnerabilities, anticipating, mitigating, and preventing potential threats.

What we are looking for

You must:

1. Hold a completed full course of general secondary education and appropriate professional qualifications, such as a university diploma of technology (DUT) or equivalent. A higher diploma in the field of Information Technology would be an advantage.
2. Have a minimum of three years of relevant professional experience in Information Security.
3. Have a very good knowledge of one of the official languages (English/French).
4. Be a citizen of one of the member States.
5. Have discharged any obligation concerning national service (military, civil or comparable).
6. Not be the parent, child, stepchild or grandchild of a serving staff member of the Organisation.
7. Be under the age of 65 years.

Demonstrate to us that you have the following competencies:

• Confirmed knowledge of the information security methodology and experience in the field.
• Practical work experience in Information Security.
• Knowledge of security tools, SIEM technology and specifically ELK.
• Knowledge of the Information Security norms: ISO27000, EBIOS, MEHARI, etc.
• Good knowledge of Web technology and desktop environments, software and networks.
• Good knowledge of Windows, Unix, and Apple systems, as well as computer networks.
• Strong IT knowledge, mainly application and programming languages used in Information Security (python, Json, Rapid7, ELK, Varonis, etc.).
• Competence in project management and monitoring.

What we offer

If successful, you may be offered employment based on an initial fixed-term period of at least one year, corresponding to the probationary period, at grade B4. After successful completion of a one-year probationary period, which may be extended if needed, the initial contract may be renewed one or several times for a total duration of service not exceeding four years. A fixed-term appointment shall be converted into an open-ended appointment at the end of four years’ continuous service subject to the fulfilment of the conditions established by the Secretary General.

In Strasbourg, you will receive a basic monthly gross salary of €4,687 which is exempt from national income tax. Different salary scales are applied at our external offices according to the cost-of-living conditions. This salary may be supplemented by other allowances depending on your personal situation. You will benefit from private medical insurance, annual leave and other advantages (including flexible working hours, training and development, possibility of teleworking, etc.).

This competition is carried out in accordance with Article 490 of the Staff Rules. You can consult the conditions of employment (salaries, allowances, pension scheme, social insurance, etc.) on our recruitment website. Any changes to these conditions during the recruitment process are updated on this site and will apply at the time of the job offer.

Applications and selection procedure

The deadline for applications is 23 September 2024 (midnight Central European Time). Applications must be made in English or French using the online application form on our website (www.coe.int/jobs). Please fill out the online application form providing all requested details and explain how your competencies make your profile the best for this role. It usually takes a few hours to fill in an application form, so please take this information into consideration while applying.

Only applications that best meet the criteria set out in the Staff Rules and in this vacancy notice, and that demonstrate the best profile in terms of qualifications, experience, and motivation, shall be considered for the next stages of the recruitment evaluation process, which may consist of different types of assessment. The tentative dates for each stage of the recruitment process will be published on our website.

People who perform best in the evaluation process shall be placed on a pre-selection list, valid for four years. Being on a pre-selection list does not give a right to appointment. People on the pre-selection list with the most suitable profile may be invited to an interview to assess their suitability for a specific job and may, if successful, be recommended for the appointment.

As an equal opportunity employer, the Organisation ensures no discrimination irrespective of sex, gender, sexual orientation, ethnic or social origin, disability, religion or belief. Under its equal opportunities policy, preference between suitable candidates shall be given to the person of the gender which is under-represented in the relevant grades within the category to which the vacancy belongs. During the different stages of the recruitment procedure, specific measures shall be taken to facilitate access for people with disabilities.

R ejoignez-nous
p our renforcer

les droits humains en Europe !