The European Maritime Safety Agency was established for the purpose of ensuring a high, uniform and effective level of maritime safety, maritime security as well as prevention of and response to pollution by ships within the EU.
The Agency provides technical, operational and scientific assistance to the European Commission and Member States in the fields of maritime safety, maritime security, prevention of, and response to, pollution caused by ships as well as response to marine pollution caused by oil and gas installations.
Functions and Duties
As a member of the EMSA CISE team, the ICT Security Expert will contribute to the development of the CISE project. More specifically, the ICT Security Expert will be asked to:
- Design and follow the implementation of the CISE security framework to exchange personal, sensitive (but not classified), and classified information (up to EU restricted);
- Contribute to the design, implementation, maintenance, and assessment of the security aspects of the CISE building blocks (i.e. CISE network, nodes and adaptors);
- Organize and follow-up the accreditation process of the Agency to exchange classified information through CISE, and ensuring the implementation of the security policies for handling such type of information;
- Support the EU MS in the accreditation process for handling classified information at the national level providing reference technical information;
- Draft, review and contribute to official and technical documents (and presentations) addressing internal audience and Public Authorities’ representatives;
- Contribute to the CISE Security Study and follow up its recommendations;
- Participate in the security expert groups for CISE.
A. ELIGIBILITY CRITERIA
A.1 Education and experience
- A level of education which corresponds to completed university studies of at least three years attested by a diploma AND appropriate professional experience of at least one year.
Only qualifications that have been awarded in EU Member States or that are subject to the equivalence certificates issued by the authorities in the EU Member States will be taken into consideration.
A.2 Language skills
- The main working language in the field of maritime safety is English. Candidates must therefore have a very good command of oral English as well as in writing with a satisfactory knowledge of at least one other official language of the European Union to the extent necessary for the performance of the above-mentioned duties.
B. SELECTION CRITERIA
- At least 3 years proven professional experience in the management of information security and the implementation of ICT solutions for information security, including the design, implementation and management of PKI infrastructures (e.g. certificates lifecycle management, signature, encryption, openSSL, etc.);
- Excellent knowledge of information security concepts and technical solutions;
- Excellent knowledge of the European Union law about the security rules for protecting EU classified information;
- Excellent knowledge of the General Data Protection Regulation (GDPR);
- Excellent knowledge dealing with European Union classified information (EUCI) and technical solutions used for EUCI;
- Excellent knowledge on the EU or Member State accreditation process for communication and information systems handling EU Classified information;
- At least 3 years professional experience implementing a security framework (i.e. ISO 27001);
- At least 3 years professional experience in security testing (i.e. penetration testing, vulnerability scanning, risk assessment, etc) based on standard methodologies (i.e. OWASP, OSSTMM, etc.);
Type of contract
26 October 2020