The European Data Protection Supervisor (EDPS), a young EU institution established in 2004, in Brussels, Belgium, is the independent data protection authority of the EU institutions and the advisor of the EU legislator on data protection matters. We strive to be an impartial centre of excellence in order to embed a strong data protection culture in the EU institutions and the legislation emanating from them. We also closely follow technological developments and try to anticipate their impact on the privacy of individuals. Our organisation employs about 120 staff members, most of whom are EU officials, but we also welcome Contract Agents and Seconded National Experts, working full-time or part-time.
Our job vacancy is in the Systems Oversight and Technology Audits Sector of the Technology and Privacy Unit. The unit provides expertise at the intersection of policy and information technology by generating in-depth knowledge about the impact of technology on privacy and data protection, including the forecast of future trends. The Technology and Privacy Unit of the EDPS is in charge to monitor relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies. The unit also serves as technological advisor and contributor for other units and sectors in the EDPS.
In addition, the unit is leading the technical audits of IT systems carrying out data processing operations and in particular the Large Scale IT systems of EU Institutions (EUIs), such as SIS II, Eurodac, VIS, etc. These audits follow the requirements of specific legal instruments and international standards and controls. The unit handles the notification of personal data breaches from the other Union institutions, bodies, offices and agencies (EUIs).
As IT Security Auditor and Data Breach Handler, your main responsibilities will include:
• Prepare/participate in audits of the most relevant (from data protection point of view) IT systems managed by EUIs;
• Document, evaluate and test IT systems and controls to determine their adequacy and effectiveness to ensure compliance with data protection, security legislation and international standards. This will include hands-on verification of the security measures implemented among others at network level, database level, application level, including detection of potential vulnerabilities using specific tools;
• Design and maintain audit processes and procedures;
• Draft technical reports that analyse/interpret audit results and stakeholder reports that use accessible language to explain the process and recommendations;
• Organise and execute ad-hoc technical investigations particularly related to IT systems in the Area of Security, Freedom and Justice (AFSJ);
• Use and development of the IT Lab of the Unit with selection and acquisition of tools that will support the auditing and other security activities of the EDPS such as investigation activities;
• Contribute to drafting guidelines related to personal data breaches;
• Intervene and when appropriate lead investigations or/and audits following one or multiple data breach notifications of the EUIs in order to assess if there is a structural problem of security and provide the necessary recommendations to them;
• Manage the full cycle of data breach notification to verify the compliance of the Controller’s actions with the requirements of the Regulation;
• Deliver training sessions on personal data breach management;
• Prepare reports including statistics on personal data breaches;
• Act when required as business analyst and project manager for the data breach notification system and process inside the EDPS.
Eligibility criteria
For your application to be considered, you must meet the following criteria by the deadline for submitting applications1:
• a level of education corresponding to completed university studies of at least three years attested by a diploma, in the field of Information Technologies or another field relevant for this position, or where justified in the interest of the service, professional training of an equivalent level.
• have a security clearance or be willing to obtain one;
• Candidates for this Contract Agent position must have passed the EPSO Permanent CAST by the end of the recruitment process and are therefore encouraged to create a corresponding EPSO profile already with their application;
Selection criteria
For this job vacancy, we are looking for someone with the following essential and advantageous skills and experience:
Essential
• Appropriate professional experience as Information Security Auditor and / or Data Breach Handler of at least 2 years;
• Knowledge and experience in security audit standards and frameworks such as ISO/2700X, NIST, COBIT;
• Very good ability of multitasking and of completing several simultaneous projects with a deadline, as well as being able to demonstrate flexibility and willingness to work on diverse type of tasks;
• Extensive capacity for analysis, good communication and writing skills in a structured way;
• Experience in working and managing cases/contracts or similar tasks where it is essential to be in control of the full workflow of activities needed to manage a case;
• Ability to work autonomously, but also a strong sense of teamwork;
• Good computer skills with sound knowledge of MS Office package (in particular Word, Excel), as well as forensic skills;
• Very good level of written and spoken English, which is the main working language of the EDPS and of the EDPB. Advantageous
• Hands-on experience with Whitebox and Blackbox testing for IT systems with use of Computer Assisted Audit Techniques;
• CISA Certification would be an asset, alternatively CISSP or other technical / IT security certifications;
• Good knowledge of the applicable legislation in what concerns data breach notifications, in particular Regulation (EU) 2016/679, Regulation (EU) 2018/1725 and Directive 216/680;
• Previous experience in handling personal data breaches;
• Experience in using data analytics and visualization tools such as Power BI, Python, etc;
• Good knowledge of the structure and functioning of the European Union and its Institutions, in relation to the position.
Leave a Reply