Job Description

Our client, the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), aims to transform the anti-money laundering and countering the financing of terrorism AML/CFT supervision across the EU and enhance cooperation among Financial Intelligence Units (FIUs).
The Authority is located in Frankfurt am Main, Germany. Civitta in cooperation with Synergie Personal Deutschland GmbH is providing temporary staffing services to the agency.

Information Security Specialist

As an Information Security Specialist at AMLA, you will help establish, implement, and operationalise the Authority's information security policy framework, ensuring that AMLA's information assets are protected in line with international standards and regulatory expectations. You will play a key role in building a structured and consistent approach to security governance across the organisation.

You will

• Support the preparation, refinement, and operationalisation of AMLA's information security policies, standards, and related procedures, including policy lifecycle management, approvals, publication, and periodic review
• Draft and maintain AMLA's information classification and handling framework, including practical handling instructions for internal sharing, external exchange, storage, printing, retention, and disposal
• Establish governance processes and artefacts such as SOPs, control catalogues, RACI matrices, metrics, and an exceptions and risk acceptance process
• Define and support implementation of secure collaboration requirements, including secure file sharing, secure email, encryption principles, and data loss prevention, in coordination with IT
• Develop and support rollout of policy awareness materials and role-based guidance for system owners and staff
• Prepare audit readiness evidence packs and support internal assessments, policy compliance tracking, and remediation follow-up
• Contribute to procurement processes by defining information security requirements for services handling AMLA information

Requirements

• University degree of at least 3 years of study in information security, risk and governance, IT, law, policy, or a related field
• At least 3 years of hands-on experience drafting and operationalising information security policies, standards, and procedures, ideally in a regulated or public sector environment
• Practical experience with information classification, secure handling, and collaboration controls
• Excellent written and spoken English with strong drafting skills — able to produce clear, actionable policies and procedures
• Strong stakeholder management skills and ability to translate complex requirements into practical processes
• High level of discretion and integrity
• The following are considered assets:
• Security governance certifications (e.g. CISSP, CISM or equivalent)
• Experience with audit readiness and compliance tracking
• Background in a sensitive information environment (e.g. financial supervision, law enforcement, or EU institutions)
• Working knowledge of M365 security controls (classification labels, conditional access, encryption, DLP)

Benefits

• Full-time temporary role for 6 months, with possible extension based on operational needs
• Hourly salary: €33.24 (full-time position gross monthly salary approx. €4,819)
• Opportunity to work in a prestigious EU Authority within a multicultural environment
• A position that provides interesting, varied tasks with a healthy work-life balance
• The expected start date for this position is May 2026

We kindly invite you to submit your CV in English by 13th of April 2026

Civitta is the leading consulting and research company in Central and Eastern Europe with the headquarters in Estonia.
By applying to this vacancy, you agree to the following: I have read and understood that my personal data will be processed for the ongoing recruitment process, as described in the Privacy notice for applicants I agree to the storage of my personal data to be contacted by Civitta for future employment opportunities, as described in the Privacy notice for applicants