Task Responsibilities :
Information Security Management System (ISMS) :
- Develop and maintain the ISMS at Cargolux,
- Define and continuously improve relevant processes and procedures related to Governance, Risk and Compliance,
- Measure the ISMS efficiency and effectiveness as well as its implementation and report on any deviations,
- Maintain the security awareness program and trainings contents,
- Manage the GRC solution.
Risk management :
Perform the Information Security risk assessment,Ensure the risk management process is implemented and SLAs are respected,Challenge and identify control implementation gaps and missing controls,Define risk treatment plans and track their implementations.Compliance :
Track compliance requirements and define strategies to achieve compliance,Monitor status of compliance and report gaps / risks,Prepare and maintain regulatory deliverables,Support different audit activities : internal to CV and external (third parties or authorities)Lead and manage ISO27001 certification process and track and implement ISO27002 controls.Essential Requirements For The Position :
Qualifications :
Minimum 5 years of experience in similar position.Master degree in Information Security management, Cybersecurity, or any related field,Information Security relevant degrees or certifications (e.g., ISO27001 Lead Implementer, CISSP, CISA, CRISC, ...).Technical skills :
Experience with GRC tools and technologies, and familiarity with cloud security best practices and risk management,Proven experience with Risk assessment and a good understanding of controls' relevance and sufficiency,Experience with the entire controls monitoring life cycle, including identifying, assessing, monitoring, and re-mediating controls,Proven experience in building Information Security related processes (e.g. Risk management process),Proven experience in developing policies, standards and procedures,In-depth knowledge of security frameworks, standards and regulations : ISO27001, SOC2, NIST CSF, NIS / NIS2.Soft skills :
Detail-oriented,Strong verbal and written communication skills,Leadership and influence : manage and drive complex projects, and manage multiple high-priority tasks, and collaborate with diverse teams,Innovation and problem solving : develop solutions to overcome faced challenges (internal : organization, processes,.. and external : regulatory or contractual...).Working Conditions :
Full-time, permanent position based in our HQ in LuxembourgA Certificate of good conduct (Casier judiciaire, Polizeiliches Führungszeugnis) will be required in case of positive selectionThe internal title for this position will be "Engineer Information Security"Benefits we offer
Flexible working hours and a work from home policyCompany carAdditional health insurance27 vacation days and additional 4 special paid-off days (incl. annual vacation allowance)Numerous discounts in the wider region as well as selected travel discountsTrainings and career mobility opportunities within the various departmentsOn-site parking and canteen (with subsidized meal vouchers)