Job Description

The Information Security Officer supports the CISO Luxembourg in ensuring the security, integrity, and resilience of the Bank's information systems across multiple jurisdictions. Working autonomously on operational tasks, the role contributes to maintaining compliance with regulatory requirements including DORA and local financial sector regulations.

The position holder executes day-to-day security activities, prepares documentation and reports for CISO Luxembourg review and participates in the organization's ICT risk management, incident response, business continuity, and third-party oversight activities.

The role requires liaison with Group Information Technology and Group Information Security & BCM (Geneva) on centralized security services and group-level projects, as described in the respective Service Level Descriptions (SLDs)

Key Responsibilities

1. ICT Risk Management & Regulatory Compliance

• Contribute to the annual ICT Risk Framework report by gathering data and drafting sections for CISO review
• Track regulatory developments (DORA, local circulars) and prepare impact assessments
• Maintain compliance documentation and support regulatory reporting activities
• Assist in preparing materials for regulator communications and audits

2. Third Party Risk Management (TPRM)

• Perform security due diligence and risk assessments on new and existing ICT service providers
• Monitor third-party compliance with contractual security requirements and SLAs
• Follow up on third-party security incidents and escalate as required

3. Major Incident Management & Regulatory Reporting

• Execute incident response procedures and participate in security incident investigations
• Assist in classifying incidents according to DORA major incident criteria
• Draft regulatory major incident notifications (initial, intermediate, final reports) for CISO validation
• Maintain incident logs and support aggregated annual cost/loss reporting
• Perform post-incident reviews and track remediation actions to completion

4. Business Continuity Management (BCM) & Operational Resilience

• Assist in developing and maintaining IT Business Continuity Plans (BCP)
• Participate in BCP testing activities and document test results
• Support digital operational resilience testing activities when applicable
• Maintain Business Impact Analyses (BIA) for critical ICT systems and services

5. Security Operations & Monitoring

• Perform daily security monitoring, including data leakage prevention alerts, and business as usual activities
• Monitor vulnerability assessments and track remediation of identified findings
• Maintain security documentation including policies, procedures, and technical standards
• Participate in security architecture reviews and project security assessments

6. Governance & Security Awareness

• Follow-up the Information Security Awareness programs including phishing simulations, annual class-rooms awareness trainings…
• Prepare security reports and KRIs.
• Perform security reviews of new projects, systems, and cloud deployments

Skills and experience

• Bachelor’s or Master’s degree in IT, Cybersecurity, or related field
• Minimum 5 years of experience in Information
• Experience in financial services/banking sector
• Good knowledge of security frameworks (ISO 27001, NIST CSF)
• Familiarity with DORA, GDPR, CSSF requirements
• Experience with vulnerability scanning and SIEM tools
• Understanding of BCM practices
• Experience with third-party security assessments
• Basic knowledge of cloud security (Azure, AWS)
• Fluent in English and French

Our Values

Accountability: Taking ownership for tasks and challenges, as well as seeking continuous improvement

Hands-on: Being proactive to rapidly deliver high-quality results

Passionate: Being committed and striving for excellence

Solution-driven: Focusing on client outcomes and treating clients fairly with a risk-aware mindset

Partnership-oriented: Promoting collaboration and teamwork. Working together with an entrepreneurial spirit.