Temporary employment: PROJECT-BASED CONTRACT
Your role: Review, propose changes, and approve Requests for Changes (RFCs) for classified Communication and Information Systems (CCISs). Conduct IT security inspections to ensure compliance with the defined security posture. Actively participate in change management and serve on the Change Control Board for CCISs. Validate entitlement management for CCISs in support of the Security Operations Center (SOC). Collaborate with system administrators on security-sensitive tasks using the ‘four-eyes’ principle. Participate in security investigations during declared incidents. Monitor the implementation and application of Security Operating Procedures (SecOPs). Supervise security features of CCISs, analyze events, and produce reports with SOC support. Follow up on IT security incidents and assess their impact on CCIS security status. Support the accreditation lifecycle for existing and new CCISs. Advise on and help develop System-specific Accreditation Strategies (SAS). Assist the Information Assurance Operational Authority (IAOA) in drafting and supervising security documentation. Draft and revise SecOPs in collaboration with other divisions. Create and review System-specific Security Requirement Statements (SSRS). Provide input for crypto plans managed by the crypto team. Define and oversee system security testing, evaluation, and inspection plans. Assess the quality of Security Testing, Evaluation, and Inspection reports. Co-create security verification reports with sector members. Participate in risk assessments and develop Residual Vulnerability Statements. Conduct risk analysis and propose mitigation actions or acceptance criteria for decision-making by the Security Accreditation Authority (SAA). Participate in third-party accreditation exercises with external organizations. Conduct security studies on conceptual cases and hypothetical cybersecurity scenarios. Stay updated on cybersecurity incidents and emerging disruptive technologies. Your profile: A sound background/experience on IT security, IT systems and networks; At least
3 years of experience
in IT security; Knowledge of
risks analysis frameworks and tools
(e.g. EAR / PILAR) would be an asset; Knowledge of
information security standards
(e.g. ISO/IEC 27002:2022, ENS 2022, etc.); Strong drafting and communication skills and the ability to establish and maintain a network of contacts both within/outside the
EEAS ; Ability to work autonomously and precise, and to deliver results in a timely manner; Knowledge of
English and French
would be considered an asset; Knowledge of external relations, internal policies and functioning of the Union, in particular on
CSDP
missions and operations; Experience with regulatory bodies such as Security Accreditation Boards and associated approval processes is considered as an asset; Experience of working in a team in multi-disciplinary and multi-cultural environment; Experience in working with or within other EU institutions; Ability to communicate clearly on complex issues and the capacity to perform with accuracy and in a flexible manner a diversity of tasks in a complex institutional environment; EU SECRET clearance needed. If you’re interested in this role, apply via e-mail:
jobs@gemmaone.com
to forward an up-to-date copy of your CV. Please, attach your
CV in English. Advertisement published by Gemma Invest Sp. z o.o., an employment agency registered in KRAZ under no. 27681. Please include the following clause in your CV or in your e-mail message: „I consent to the processing of my personal data provided in this document for the purposes of the recruitment process by Gemma Invest Sp. z o. o. with its registered office at 40 Warszawska Street, apt. 2A, 40-008 Katowice, in accordance with the Personal Data Protection Act of May 10, 2018 (Journal of Laws 2018, item 1000) and in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and I have read the attached Information on the processing of my personal data in the course of recruitment.”
#J-18808-Ljbffr