Information Security Manager

Under the supervision of the CISO, contribute to the effective implementation, operation, and continuous improvement of EASA’s Information Security Management System (ISMS). Provide subject-matter expertise in information security, cybersecurity, risk management, and regulatory compliance by supporting directorates, business and domain owners, and application managers. This includes promoting the consistent application of cybersecurity principles, conducting risk and compliance assessments, and advising on appropriate security controls. Ensure that information security practices are efficient, coherent, and performance-oriented, in line with the Agency’s Cybersecurity and Information Security Policies and the applicable internal and external regulations. 

• Maintain and evolve the Information Security Management System (ISMS) by supporting the CISO in implementing and maintaining security policies, standards and procedures aligned with industry best practices.
• Support incident management activities.
• Monitor emerging threats and vulnerabilities, providing insights to mitigate them. Contribute to the evaluation and implementation of security tools and technologies.
• Collaborate with cross-functional teams to ensure security is integrated in to business processes.
• Design, develop and deliver the EASA Information Security training programs, tailored to employees at all levels, including role-specific training.
• Create educational materials, such as presentations, e-learning modules and phishing campaigns, to promote a culture of security awareness.
• Perform technical assessments and evaluations, including cybersecurity risk assessments, maturity assessments, gap analysis and coordinate penetration tests on EASA Information Systems.
• Analyze findings and collaborate with the the risk owners and the technical teams to remediate vulnerabilities.
• Document and present assessment results to stakeholders and provide actionable recommendations.
• Follow up on action plans to drive remediation activities and close gaps.

The following constitute eligibility and essential criteria for the role and to be admitted to the selection process. Candidates not fulfilling these criteria by the deadline for applications, will be excluded from the selection: 

• Have a thorough knowledge of one of the languages of the European Union (at least level C1) and a satisfactory knowledge of another language of the EU to the extent necessary for the performance of the duties (at least level B2). One of the required languages shall be English[1]
• Be a national of a Member State of the European Union, Iceland, Liechtenstein, Norway or Switzerland.
• A level of education which corresponds to completed university studies attested by a diploma with a normal period of university studies of 3 years or more in Cybersecurity, Information Technology or other studies in the scope of the role. [2].
• At least 2 years of professional experience in information security, cybersecurity or IT security.
• Practical knowledge of ISO 27001, NIST CSF or similar.
• Practical knowledge of security or risk assessment tools and techniques.

[1] English oral and written skills will be assessed throughout the assessment phase. Mother tongue English speakers will be expected to demonstrate knowledge of a second EU language. 

[2] This vacancy is open as well to Temporary Agents (2f) employed at EASA, in the grade bracket AD 5 - AD 9. 

The following constitute advantageous criteria for the role. Candidates not fulfilling these requirements will not be excluded from the selection: 

• National or international certification in the field of cybersecurity or information security.

Discover our full range of relocation jobs with comprehensive support packages to help you relocate and settle in your new location.

• Experience in the design and/or delivery of cybersecurity awareness campaigns.

The selection process is based on the assessment of the professional skills and competences listed below. While these are considered essential for performing the role effectively, candidates who do not meet all criteria may still be considered. 

Prior to recruitment, you will be requested to demonstrate that you:  

• Are entitled to the full rights as a citizen.
• Have fulfilled any obligations imposed by the applicable laws on military service.
• Meet the character requirements for the duties involved (you will be asked to provide a police certificate confirming the absence of any criminal record).
• Are physically fit to perform the duties linked to the post (you will be asked to undergo a medical examination in a centre indicated by EASA).

Contract: 5 years contract as Temporary Agent (2f) with possibility of extension.

Working hours: 40 hrs per week (on a full-time working pattern). Flexible working arrangements.

Salary: Depending on work experience. Additional allowances depending on personal situation.

Location: Cologne, Germany (relocation is required).