Pubblicato il Pubblicato 8h fa
Mansioni della posizione
This is a
Cybersecurity Architect / Security Assessment expert
role supporting the European Commission’s Joint Research Centre (JRC), specifically within its Digital Transformation, AI and Data directorate. The focus is on ensuring information systems are securely designed, correctly implemented, and compliant with Commission security standards (notably Decision 2017/46). To help the JRC Local Informatics Security Officer (LISO) verify and improve the
security posture of JRC information systems and infrastructure
, including cloud and on-prem environments.
The external service provider will perform the following
tasks
:
Definition of compliance requirements for JRC information‑system controls, in close collaboration with the System owners and System managers Preparation of templates covering security processes, controls and technical solutions across all JRC digital services Support System Owners and IT service providers with the elaboration of their: Business Impact Assessment and Scope of Security Risk Assessment exercise Coordination and review of risk‑assessments, ensuring that identified risks are evaluated against the defined compliance criteria and that mitigation measures are documented Reporting of compliance status to the JRC LISO, highlighting gaps and progress on remediation Interaction with system owners and IT service providers and other relevant Commission services to ensure consistent interpretation and application of security policies
Good knowledge of ISO 27000 family of standards, the EC Security Policies, the European Commission Risk‑management methodology and related risk‑assessment techniques Good experience in the security domain, including the development and review of security methodologies, Business Impact Assessments, Risk Assessments and Secure System Architecture Design Ability to review draft Security Plans and related security‑plan material efficiently and fast Ability to give business and technical presentations to system owners, IT service providers Ability to apply high quality standards in documentation, template creation and guidance material for security planning Ability to cope with fast changing technologies used in cloud services, AI‑driven applications and other digital services within the JRC environment Analysis and problem solving skills Capability to write clear and structured technical documents Relevant certifications in Governance, Risk and Compliance or Risk Management and Audit or broad Cybersecurity are an advantageous asset (CGRC, CRISC, CISA, CISSP, CISM, etc..)
