Contract Agent FGIV – Job title: IT Service Officer – Information System Security Officer (ISSO)
We are
The European External Action Service (EEAS) supports the work of the High Representative in defining and implementing an effective and coherent EU foreign policy. The EEAS supports his tasks of conducting the EU's Common Foreign and Security Policy and chairing the Foreign Affairs Council. It also supports the High Representative in his capacity as Vice President of the Commission with regard to his responsibilities within the Commission in the external relations field including the coordination of other aspects of the EU's external action. The EEAS works in close cooperation with Member States, the Council and relevant services of the European Commission.
EEAS Digital Solutions Division contributes to EEAS business process effectiveness and efficiency in terms of implementing ICT services, tools, and infrastructure by:
- Making available a high-level secure ICT end-user environment that support EEAS end-users in fulfilling their operational targets in both Headquarters and EU Delegations.
- Delivering and maintaining Information Systems in support to EEAS’s activities: construction and maintenance of rich interface applications for desktops and mobile devices, applying high quality standards and development methodology supported by state of the art life development cycle tools.
- Maintaining and developing information and Communication technology infrastructures, tools and services with the appropriate levels of training and security.
A dedicated IT Security Team exists with various responsibilities in the IT Security domain such as:
- Providing and managing the Security Operation Centre,
- Security incident handling,
- Dealing with endpoint security, network security, information system security
- Defining security requirements and reviewing the implementation details of IT Projects,
- User awareness, policy development,
- Designing, implementing and managing the EU Restricted communication system of the EEAS
We propose
The position of IT Service Officer – Information System Security Officer (ISSO), contract agent FGIV as per article 3b of the Conditions of Employment of Other Servants of the European Union (CEOS).
As an ISSO the main responsibilities are as follows:
- Rationalizing existing IS Security Processes, Standards and Documentation for the several technologies used at EEAS (J2E7, PhP, CF, .Net).
- Review and complement the documentation of the Development process, Test process and Maintenance process to make sure that IS Security considerations are implemented and formally verified (introduce SSDLC principles).
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan in the information system development domain.
- Design a "Light" Vulnerability Assessment Process, which objective is to permit rapid & systematic vulnerability assessment of IS during the development process.
- As part of the IS development lifecycle, perform quality checks on the artefacts delivered by the development team, to ensure conformity with the IS Security standards.
- Take the lead to produce the Security Plan of existing systems and systems under development with the active involvement of the project teams.
- Participate in all IS development projects to guarantee information security principles and requirements are well respected and implemented throughout the development lifecycle.
- On ad-hoc or on-demand basis, perform vulnerability assessments on release candidate IS to limit or eliminate the risk of common vulnerability issues in the deployed system.
- Design and implement automated controls – where applicable – to facilitate & speed-up compliance checks.
- Periodically review the various IS security standards and processes and ensure that they are kept up to date.
- Ensure awareness and information of the development team members.
- Assist TSSO in the planning and execution of the definition of new security realted standards & processes (i.e.: the Password management policy, the Secured Web Service standard, etc.).
- Follow-up the security patching of the software used by the development team and on EEAS development servers (follow-up of the weekly security reports; initiate and drive "upgrade campaigns" performed by the ICT section).
- Documenting any security breaches and assessing their damage in collaboration with the EEAS SOC.
We look for
We are looking for a dynamic and service-oriented colleague with a very strong IT Security technical background with proven experiences in information system security (especially focusing on software development). In addition to demonstrating very good analytical and organisational skills, the successful candidate will have to be pro-active and be able to follow the procedures on an autonomous basis.
The ability to build and maintain good human relations within the teams and with our internal customers is essential. The selected candidate should demonstrate significant relevant experience.
Legal basis
The vacancy is to be filled in accordance with the conditions stipulated under the Conditions of Employment of Other Servants of the European Union (CEOS).1
The successful candidate will be offered a contract agent position (Function group IV); renewable contract for a maximum duration of 6 years (with a valid CAST exam).
Eligibility criteria
Candidates for this contract agent IV post should:
- (i) have passed a valid EPSO CAST in FG IV;
- or (ii) be registered in the EPSO Permanent CAST in FG IV https://epso.europa.eu/en/job-opportunities/open-for-application
- have completed university studies of at least three years attested by a diploma;
- have the capacity to work in languages of CFSP and external relations necessary for the performance of their duties. Knowledge of other EU languages would be an asset;
- be a national of one of the Member States of the European Union and enjoy full rights as a citizen.
SELECTION CRITERIA
Candidates should:
- have a proven experience in information system security (focusing on application development);
- be familiar with secure software development lifecycle;
- be familiar with corresponding international information security standards and best practices;
- be familiar with vulnerability assessment methodologies and tools;
- have excellent drafting skills to produce technical documentations, reports, policies and standards;
- be able to actively contribute to the risk management processes;
- have strong drafting and analytical skills combined with sound judgement;
- have excellent communication skills and the ability to establish and maintain a network of contacts both within and outside the EEAS;
- have the ability to communicate clearly on complex issues and the capacity to perform with accuracy and in a flexible manner a diversity of tasks in a complex institutional environment;
- have strong service attitude;
- be fluent in English (orally and in writing);
- be a flexible team player.
Furthermore:
- experience of working in a team in multi-disciplinary and multi-cultural environment;
- experience in working with or within other EU institutions
- knowledge of French or other EU language
would be considered as strong assets.
Specific conditions of employment
The signature of the contract will be subject to prior favourable opinion of the Medical Service.
The successful candidate might be required to undergo security vetting if she or he does not hold already a Personal Security Clearance to an appropriate level, in accordance with relevant security provisions.
Equal Opportunities
The EEAS is committed to an equal opportunities policy for all its employees and applicants for employment. As an employer, the EEAS is committed to promoting gender equality and to preventing discrimination on any grounds. It actively welcomes applications from all qualified candidates from diverse backgrounds and from the broadest possible geographical basis amongst the EU Member States. We aim at a service which is truly representative of society, where each staff member feels respected, is able to give their best and can develop their full potential.
Candidates with disabilities are invited to contact [email protected] in order to accommodate any special needs and provide assistance to ensure the possibility to pass the selection procedure in equality of opportunities with other candidates. If a candidate with a disability is selected for a vacant post, the EEAS is committed to providing reasonable accommodation in accordance with Art 1d.4 of the Staff Regulations.
Application and selection procedure2
Please send your CV and cover letter (with your EPSO CAST number) via email to [email protected]
Deadline for sending application: 30/09/2022 at 18.00 (CET).
Candidates shall draft their CV following the European CV form which can be found at the following internet address: http://europass.cedefop.europa.eu/en/documents/curriculum-vitae.
Late applications will not be accepted.
The selection panel will make a pre-selection on the basis of the qualifications and professional experience described in the CV and motivational letter, and will produce a shortlist of eligible candidates who best meet the selection criteria for the post. Please note that only shortlisted candidates will be informed about the outcome of the pre-selection phase.
The candidates who have been preselected will be invited for an interview by a selection panel. The panel will recommend a shortlist of candidates for a final decision by the Authority Empowered to Conclude Contracts of Employment. The Authority may decide to interview the candidates on the final shortlist before taking this decision.
It is recalled, that if the interest of the service so requires, the selection procedures can be terminated at any stage in the interest of the service.
Place of employment: EEAS Headquarters, Brussels, Belgium
Post available: 01/09/2022
1. Staff Regulations of Officials (SR) and the Conditions of Employment of Other Servants of the European Union (CEOS). For reference, see https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1570023902133&uri=CELEX:01962R0031-20190101
2. Your personal data will be processed in accordance with Regulation (EU) 2018/1725, as implemented by ADMIN(2019)8 Decision of the High Representative of the Union for Foreign Affairs and Security Policy. The privacy statement is available on the Europa website: (https://www.eeas.europa.eu/eeas/eeas-privacy-statement-data-protection-notice-purpose-processing-personal-data-related-public_en) and on the EEAS Intranet: (https://intranet.eeas.europa.eu/page/eeas-work/data-protection/privacy-statements).