Main duties:

• Work with the company executives to prioritize company security initiatives and spending based on appropriate risk management and/or financial methodology.
• Endorse all company information security related issues including the planning and development of information security strategy in support of the company's strategic plan
• Ensure that Information Technology complies with existing laws and regulations while assuring that the company's IT environment is secure
• Create and implement an information system risk management framework (risk based approach) in order to ensure the appropriate application of controls based on risk.
• Create, implement and test IT controls
• Develop information classification standards and procedures to appropriately manage information
• Participate to the risk assessment and related design for establishment of the disaster recovery and business continuity management plans
• Monitor the incident response planning (computer emergency response, computer incident response) in coordination with IS&O as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
• Establish security awareness and training standards and oversees company-wide participation

Required profile:

• Be holder of master degree in IT (Bac +5) or equivalent
• Demonstrate strong knowledge of technologies and how it supports the day to day business, to including: Software Development Life Cycle (SDLC), Information Technology Operations, data Center Operations, vendors management, Information Technology auditing and compliance.
• Provide a proven track of practical experience designing and implementing enterprise information technology security environment: physical and/or software.
• Show strong leadership skills in managing cross functional teams of administrative and policy focused professionals, as well as technical security operations staff.
• Have excellent knowledge of standard project management practices
• Have excellent knowledge of standard office applications
• Show excellent communication skills in English as well as skills in French or German (spoken and written)
• Accept Duty Travel

Desired or to be acquired criteria:

• Demonstrate the ability to communicate at all levels, both inside and outside the company
• Must provide an effort in the languages you are less comfortable in as well as in Luxemburgish
• Show strong organizational and analytical skills
• Show ability for clear expression in writing
• Be capable of working independently as well as in a team
• Be driven to deliver quality results on time with a high degree of integrity and in a highly ethical and professional manner
• Maintain the strict confidentiality of the data
• Must be able to learn, understand, and apply new regulations

The ideal candidate:

Is holder of Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cisco's certified network associate security certifications or Certified Information Systems Auditor (CISA)
Has knowledge of the following compliance frameworks (each of them is exclusive): PCI-DSS, COBIT, ISO 2700X or HIPAA
Is holder of project management certification such as PRINCE 2 or PMBOK #1340154