Cybersecurity Risk Manager (Warsaw, onsite) – FRONTEX / EU Public Agencies

Profile: Cybersecurity Risk Manager in support of Security Risk Management service.

Security Clearance: EU RESTRICTED required.

Place of performance: Frontex Headquarters in Warsaw. (100% onsite). Candidates must be based in Poland.

Duration of the mission: 48 months.

Minimum level of education: Level 7.

Minimum English language skills (CEFR): C1.

Minimum IT relevant professional experience (years): 9.

Minimum experience at similar position (years): 6.

Award Criteria: 35% Price / 65% Quality, (minimum required scoring for interview 60%).

Rate: 480-495€/day NWH 630-645€/day EWH.

· NWH: 220days x 4 years.

· EWH: 30days x 4 years.

Required cerificates:

At least 4 certifications among the list below:

· (Certified Information Systems Security Professional).

· CISA (Certified Information Systems Auditor).

· CISM (Certified Information Security Manager).

· GSNA (GIAC Certified Systems and Network Auditor).

· GCCC (GIAC Certified Critical Controls).

· ISO 27001 Lead implementer.

· ISO 27001 Lead Auditor.

· ISO 27005 Risk Manager.

· CAP ((ISC)2 Certified Authorization Professional).

· CRISC (ISACA Certified in Risk and Information Systems Control).

· CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional).

· GIAC Certified ISO-27000 Specialist.

· Or an equivalent certification recognised internationally (subject to acceptance as a valid credential by the Contracting EU-I).

Knowledge and skills:

· Perform risks assessments and analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls.

· Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards.

· Enable business assets owners, executives, and other stakeholders to make risk informed decisions to manage and mitigate risks.

· Enable employees to understand, embrace and follow the controls.

· Build a cybersecurity risk-aware environment.

· Advanced knowledge of risk management frameworks, standards, methodologies, tools, guidelines and best practices.

· Knowledge of cyber threats, threats taxonomies and vulnerabilities repositories.

· Knowledge of risk sharing options and best practices.

· Knowledge of state of the art technical and organisational controls that appropriately mitigate cybersecurity risks.

· Knowledge of monitoring, implementing and testing the effectiveness of the controls.

Specific expertise:

· Experience in making Business Impact Assessments.

· Knowledge on risk assessment implementation in GRC Service Now.

· Experience in preparing personal data protection documentation.

· Experience in tools for graphical and programmatic threat modelling.

· Experience in threat modelling for DevOps.

· Experience in designing Zero Trust Architecture.

· Expirience in Securing Software Development Lifecycle.

· Experience in designing controls for defending Directory Services.

Typical tasks and responsibilities:

· Develop an organisation’s cybersecurity risk management strategy.

· Manage an inventory of organisation’s assets.

· Identify and assess cybersecurity-related threats and vulnerabilities of ICT systems.

· Identification of threat landscape including attackers’ profiles and estimation of attacks’ potential.

· Assess cybersecurity risks, and propose most appropriate risk treatment options, including security controls, and risk mitigation and avoidance that best address organisation’s strategy.

· Monitor effectiveness of cybersecurity controls and risk levels.

· Ensure that all cybersecurity risks remain at an acceptable level for the organisation’s assets.

· Develop, maintain, report and communicate complete risk management cycle.

Travel: By default, travelling in the interest of service is not foreseen for this position/profile.

Nevertheless, Frontex may exceptionally request to carry out some services at other locations than Frontex Headquarters or other Contracting Authority’s premi