(Senior) IT Security & Risk Officer

Arendt is your legal, tax and business services firm in Luxembourg.

At Arendt we combine the entire value chain of services dedicated to asset managers, banks, insurers, public institutions, commercial companies and private clients operating in Luxembourg.

Arendt offers specialist advice, that encompasses all legal, regulatory, taxation and advisory aspects of doing business in Luxembourg. The driving force behind our work is what our clients need and our commitment to supporting their success.

Given the ongoing development of our firm, we are currently recruiting for our Technology department Arendt Digital Services: 

‎ 

‎ 

(Senior) IT Risk & Control Officer

As a (Senior) IT Risk & Control Officer, you will take the role of ISMS manager and act as deputy of the head of IT security and risk Officer for implementing, overseeing risk & control for Arendt Digital Services in a multi-tenant shared services center environment.

Your role:
 

Lead Information Security Management System (ISMS) activities within IT organization:

• ISMS implementation and improvement plan

• ISO27001 internal audit and annual certification.

• Keep up to date ISMS documentation (Policy, process and procedure documents).

• Define and review IT security framework.

• Maintain IT global registers mandatory for ISO 27001.

• Feed KPIs/KRIs and data points to relevant governances.

Lead Recurring controls activities:

• Define recurring annual controls plan. Pilot, as a program manager, the annual recurring controls execution within IT organization and report findings and remediation plans to the appropriate committees.

• Collaborating with IT managers to improve security controls.

• Lead Annual testing plan, Identity and Access management audit plan and penetration testing plan.

• Support CISO team and Business risks community for compliance conformity assessment and due diligence exercise.

Business Support activities:

• Support CISO team and Business risks community for compliance conformity assessment and due diligence exercise.

• Act as the primary contact point for DPO and support the DPO’s team for GDPR activities.

Operational cyber security activities:

• RFF Validation: maintain and review RFF validation process, validate ITSM tickets related to security.

• Problem management: Assist problem manager to identify security weaknesses in any security incident (root cause) and define remediation plan.

Security by design activities:

• Lead third party assessment analysis for projects requiring outsourcing

• Act as project manager and lead some IT security improvement projects.

• Make risk assessments for some IT or Business Projects.

Your profile:

• You hold a bachelor’s degree or a master’s degree in business informatics, information/security systems or related field.

• You have sound experience (advisory included) in IT security with successful experience as ITSO, CISO, or IT security auditor. You have a very strong knowledge of cybersecurity framework (CIS, NIST, ISO27001…)

• You have ISO 27001 Lead implementor or ISO 27001 Lead auditor certification

• You have minimum experiences in IT Operations and security operational management.

• You have strong interpersonal and communication skills.

• You have problem-solving skills and a proactive attitude.

• You are organized, proactive and customer oriented.

• You are recognized as a team player and able to work autonomously.

• You have a perfect command of English and French, both spoken and written.

Technical skills:

• Project Management

• ITIL process and ISMS management.

• Threat Intelligence and Analysis.

• DORA, GDPR and CSSF circulars (20/750, 22/301; 22/806).

• Knowledge of cloud environments and/or shared services center is an asset.

• You have a very good knowledge of IT security concepts and solutions (Firewall, Waf, Proxies, end point security)

‎

Within Arendt, we uphold high standards. Our professionals work with clients on engaging projects, empowered from the start. With a strong local presence in Luxembourg and international reach, we support and train our team members to thrive in a culture of excellence. Specialised teams ensure the right skills are available, allowing for a focus on added value. Our leaders are approachable, providing support and mentoring.

We offer a vibrant social life with numerous events, embracing sports and art, our culture encourages openness and discovery beyond the professional realm. With over 50 nationalities represented, Arendt is committed to the well-being of its staff, serving the best interests of its clients, protecting the environment, and supporting education.

Arendt promotes equal opportunities and value each employee for what they bring to the community. For more information, please refer to our diversity and inclusion policy on our website.

Interested?

If you are interested in this job opportunity, we are looking forward to receiving your application.
All applications will be treated confidentially.

Please be aware that the selected candidate will be required to provide a criminal record (or certificate of good conduct).

#AM