Information Security Risk Officer

Job description

The Information Security Officer supports the CISO Luxembourg in ensuring the security, integrity, and resilience of the Bank’s information systems across multiple jurisdictions. The role works independently on operational tasks and helps maintain compliance with regulatory requirements, including DORA and local financial sector regulations. The position involves performing daily security activities, preparing documentation and reports for review by the CISO Luxembourg, and participating in ICT risk management, incident response, business continuity, and third-party monitoring activities. The role requires communication with Group Information Technology and Group Information Security & BCM (Geneva) regarding central security services and group-wide projects, as described in the respective Service Level Descriptions (SLDs).

Key aspects of the role

• ICT Risk Management & Regulatory Compliance
• Third-Party Risk Management (TPRM)
• Management of Major Incidents & Regulatory Reporting
• Business Continuity Management (BCM) & Operational Resilience
• Security Operations & Surveillance
• Governance & Security Awareness

Tasks

• Contribute to the annual ICT Risk Framework Report by collecting data and drafting sections for review by the CISO
• Monitoring regulatory developments (DORA, local circulars) and preparing impact analyses
• Ensuring compliance with documentation requirements and supporting regulatory reporting activities
• Assistance in preparing materials for regulatory communications and audits
• Conducting security due diligence and risk assessments for new and existing ICT service providers
• Monitoring third-party compliance with contractual security requirements and SLAs
• Conducting incident response procedures and participating in security incident investigations
• Support for the development and maintenance of IT business continuity plans (BCP)
• Participation in BCP testing activities and documentation of test results
• Conducting daily security monitoring, including data breach alerts and business activities

Requirements

• A bachelor’s or master’s degree in IT, cybersecurity, or a related field
• At least 5 years of experience in information security
• Experience in the financial services/banking sector
• Strong knowledge of security frameworks (ISO 27001, NIST CSF)
• Familiarity with DORA, GDPR, and CSSF requirements
• Experience with vulnerability scanning and SIEM tools
• Understanding BCM Practices
• Experience with vulnerability assessments
• Basic knowledge of cloud security (Azure, AWS)
• Fluent in English and