Requirements: English
Company: Cargolux Airlines International SA
Task Responsibilities:
Information Security Management System (ISMS):
- Develop and maintain the ISMS at Cargolux,
- Define and continuously improve relevant processes and procedures related to Governance, Risk and Compliance,
- Measure the ISMS efficiency and effectiveness as well as its implementation and report on any deviations,
- Maintain the security awareness program and trainings contents,
- Manage the GRC solution.
Risk management:
- Perform the Information Security risk assessment,
- Ensure the risk management process is implemented and SLAs are respected,
- Challenge and identify control implementation gaps and missing controls,
- Define risk treatment plans and track their implementations.
Compliance:
- Track compliance requirements and define strategies to achieve compliance,
- Monitor status of compliance and report gaps/ risks,
- Prepare and maintain regulatory deliverables,
- Support different audit activities: internal to CV and external (third parties or authorities)
- Lead and manage ISO27001 certification process and track and implement ISO27002 controls.
Essential Requirements For The Position:
Qualifications:
- Minimum 5 years of experience in similar position.
- Master degree in Information Security management, Cybersecurity, or any related field,
- Information Security relevant degrees or certifications (e.g., ISO27001 Lead Implementer, CISSP, CISA, CRISC, ...).
Technical skills:
- Experience with GRC tools and technologies, and familiarity with cloud security best practices and risk management,
- Proven experience with Risk assessment and a good understanding of controls'' relevance and sufficiency,
- Experience with the entire controls monitoring life cycle, including identifying, assessing, monitoring, and re-mediating controls,
- Proven experience in building Information Security related processes (e.g. Risk management process),
- Proven experience in developing policies, standards and procedures,
- In-depth knowledge of security frameworks, standards and regulations: ISO27001, SOC2, NIST CSF, NIS/ NIS2.
Soft skills:
- Detail-oriented,
- Strong verbal and written communication skills,
- Leadership and influence: manage and drive complex projects, and manage multiple high-priority tasks, and collaborate with diverse teams,
- Innovation and problem solving: develop solutions to overcome faced challenges (internal: organization, processes,.. and external: regulatory or contractual...).
Working Conditions:
- Full-time, permanent position based in our HQ in Luxembourg
- A Certificate of good conduct (Casier judiciaire, Polizeiliches Fhrungszeugnis) will be required in case of positive selection
- The internal title for this position will be "Engineer Information Security"
Benefits we offer
- Flexible working hours and a work from home policy
- Company car
- Additional health insurance
- 27 vacation days and additional 4 special paid-off days (incl. annual vacation allowance)
- Numerous discounts in the wider region as well as selected travel discounts
- Trainings and career mobility opportunities within the various departments
- On-site parking and canteen (with subsidized meal vouchers)