Information Security Management Expert is needed at eu-LISA in Strasbourg, France.

About this IT position

eu-LISA is the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice​, an EU Agency established to provide a long-term solution for the operational management of large-scale IT systems, which are essential instruments in the implementation of the asylum, border management and migration policies of the EU.

The IT challenge

• Supports the Agency's Information Security Officers in the management of information security and business continuity across organizational business processes and information systems;
• Develop security controls in the context of the agency's information security framework.

Expected also to perform the following tasks:
• Perform risk assessments;
• Develop Information Security Management System (ISMS) procedures;
• Develop conceptual, logical and physical security models as appropriate;
• Draft security policies, standards, procedures and guidelines in accordance with ISO27001;
• Development of security plans and documentation (e.g. risk treatment plans, security test plans);
• Development of business continuity and disaster recovery plans;
• Perform security assessments and audits;
• Perform ISMS control audits;
• Perform ISMS gap assessments;
• Design security controls in accordance with agency information security policies and standards;
• Provide assistance in formal accreditation process for information systems handling EU sensitive and classified information.

Skills required

Minimum 6 years of general IT professional experience, of which Minimum 3 years of relevant professional experience in Information Security Management.

Good knowledge of/in:
• ISO27001 implementation and management;
• Relevant standards and good practice in information security management;
• Information risk management (in particular E-BIOS);
• Governance, Risk & Compliance (GRC) practices and controls;
• ISO27001 security control audits and assessments;
• Developing security policies, standards and guidelines in accordance with ISO27001 and EU security policies and standards
• Design, implementation and assessments of good practice security control frameworks such as SANS Top 20 Critical Controls, OWASP Application Security Verification Standard,
• Secure development processes (Security and Privacy design) Implementation of EU data protection principles in information system design and processes.
• This profile is expected to possess one or more of the following qualifications:
• Certified Information Systems Security Professional (CISSP);
• Certified Information Security Manager (CISM);
• Certified Information Systems Auditor (CISA);
• ITIL/ITIL V3;
• BSI ISO27001 Lead Auditor Qualification.

Salary and Conditions

Location: Strasbourg, FR

Salary up to: 800€/not relevant

Worksite type: On-site and Remote

Contract type: Freelancer or Employee

Contract duration: +12 Months

Requires EU nationality: Yes

Job type: Outsourcing

Other points of the offer

Currently, due to Covid, all staff is working 100% remote and it will remain like that till the end of the pandemic. After, or even during COVID depending on the requirements of the local team, candidates must be ok to relocate to Strasbourg.
France permanent employment contract is also one option, with salaries around 4000-5000€ net, when meeting all criteria.
Feel free to send us a message to know how much could you get precisely.
You will be hired by an IT consulting company that has a direct contract with the Eu-LISA, you won't have any contract with the Eu-LISA

About us

Sprint CV

At Sprint CV, our mission is to help IT consultants to improve and automate their CV. Our vision is to create an ecosystem between consultants, companies, and recruiters, where CVs are fully automated and applying for a job will be super fast.

We also launched a free service where we help IT consultants to apply for open positions at the European Commission by helping them with the application and introducing them to hiring companies, direct providers of the European Commission.