The EIB, the European Union's bank, is seeking to recruit for its Directorate - Corporate Services (CS) - Information Technology (IT) - IT Security Unit (SEC) at its headquarters in Luxembourg, an (Associate) IT Controls Officer*. This is a full time position at grade 4/5.
Panel interviews are anticipated for end of March 2021.
The term of this contract is 4 years.
The EIB offers fixed-term contracts of up to a maximum of 6 years, according to business needs, with a possibility to convert to a permanent contract, subject to organisational requirements and individual performance.
As (Associate) IT Controls Officer (internally referred to as Officer*), you will support the implementation of the internal IT control processes by providing first line of defence assurance on the adequacy and effectiveness of IT risk management and controls in the EIB Group according to Best Banking Practices and IT assurance standards in order to minimise IT and operational risks with regards to IT governance and adequate risk management and oversight.
The IT Security Unit monitors the deployment and effectiveness of adequate controls to mitigate Information and Communications Technology (ICT) risks, and is responsible for technical security matters for on premise hosted systems.
You will report to the Head of the IT Security Unit.
You will ensure that all dissemination and knowledge sharing activities are consistent with EIB Internal Control Framework policy, guidelines, practices, and taking account of the specific IT requirements. This is a control risks role that requires proper support to the implementation of a coherent and process driven internal control framework covering key activities and risks of the bank, and will require tight co-ordination with the EIB's Internal Controls and Assertion Division.
- Contribute to the strategy and policy development for the IT function to ensure that the overall system of internal IT controls of the EIB is based upon practical needs and constraints of the organisation;
- Propose, develop, improve and implement IT processes, procedures, initiatives, systems, methodologies and working tools for conducting IT risk management and internal control activities in line with best practice in the area of IT risk and control management
- Conduct control/self-assessment assignments in the context of the EIB's Internal Control Framework
- Make recommendations for improvements in order to ensure that the primary risk associated with the Bank activity are identified and controlled and weaknesses identified and corrected;
- Provide recommendations on Information Communication Technology (ICT) risk management and internal control questions in order to align the EIB with best banking practices;
- Keep up-to-date on latest developments in ICT Internal Risk and Control and build greater expertise in assigned ICT Risk areas;
- Cooperate with Internal Audit, EIB's external auditors, and any regulatory body on auditing assignments concerning CS-IT and act as central point of contact for any such audit missions;
- Manage the follow-up on audit findings, ensure that action points are addressed and closed within the agreed timeframe, timely escalate when action points cannot be addressed and keep management informed, throughout the engagements;
- Attend relevant meetings with the Internal Controls and Assertion Division Division to update and co-ordinate activities on Internal Control Framework where appropriate acting as back up for the Senior IT Controls Officer
- University degree in computer science, audit, finance or accounting or related disciplines
- At least 3 years of professional experience as internal/external IT Auditor or in a second line of defence function with focus on IT risk and control
- Demonstrated experience in managing ICT risk review assignments through planning, fieldwork and results clearance
- Professional knowledge and understanding of IT auditing, IT internal control systems and best banking practices
- Good understanding of the EIB Group business activities and operational procedures (only for internal)
- Understanding of software packages used for risk management research analysis
- Knowledge sharing skills, including holding presentations, conducting workshops and drafting of documentation in English
- Relevant post-graduate studies in field of IT risk management, IT or information management would be considered as an advantage
- Professional qualifications as an IT risk and control professional or IT Auditor (e.g. CISA, CISM, CISSP, CIA) would be considered as an advantage
- Fluent in English and/or French and preferably a solid understanding of the other (**)
Apply now by clicking on the "Apply" button!
Find out more about EIB core and managerial competencies here
(*) There may be certain flexibility on this requirement, but limited to particularly suitable candidates who may not yet be proficient in French. If selected, such candidates will be hired on the condition that they build up rapidly knowledge of French and accept that their future career in the EIB may be subject to the attainment of sufficient proficiency in both of the Bank's working languages
We are an equal opportunity employer, who believes that diversity is good for our people and our business. As such, we promote the inclusion of suitably qualified and experienced staff without regard to their gender, age, racial or ethnic origin, religion or beliefs, sexual orientation/identity, or disability (*).
By applying for this position you acknowledge the importance of maintaining the security and integrity of the Information of the EIB Group. In case of selection for the position you agree to comply with all measures (policies, controls, document classification and management) implemented by the EIB Group to prevent unauthorized disclosure of any information or any damage to the EIB Group reputation.
Deadline for applications: 1st of March 2021
(*). We particularly welcome applications from women and persons with disabilities.