Auditor/analyst – “off-site” ICT risk supervision (m/f)

Mission

As part of a specialised team, you will be in charge of analysing risk management measures related to information and communication technology (ICT) as part of the review of application files for authorisation of future financial entities and as part of the ongoing supervision of financial entities. You may participate to transversal thematic analyses and/or to national and international working groups dedicated to technical or regulatory aspects in this area. You may also participate to missions of the EU-wide joint oversight framework of critical IT third-party service providers established by the Digital Operational Resilience Act (“DORA regulation”) on the digital operational resilience of the financial sector.

Role & responsibilities

• Analyse the sections relating to ICT organisation and ICT risk management in application files for authorisation of future professionals of the financial sector
• Analyse the notifications for use of ICT third party service providers of entities supervised by the CSSF
• Provide expertise and support to other supervisory departments in assessing the compliance of supervised entities with the DORA regulation
• Provide various types of advice to other supervisory departments (advice on supervised entities’ IT strategy, their digital transformation, findings raised by their internal or external IT auditors, etc.);
• Contribute to technological and regulatory watch in relation with new technologies and digitalization;
• Participate in transversal analyses on topics related to ICT risk management;
• Participate to national and international working groups dedicated to ICT and ICT risk supervision;
• Participate to joint examinations of critical IT third-party service providers under DORA regulation

Your profile

• University degree (at least BAC 3/Bachelor) in information systems audit, or in IT security with a specialization in finance, or in economics, finance or business management with an ICT specialization
• Proven professional experience of at least 3 years in either the field of information systems auditing or in ICT risk management
• Perfect command of written and spoken English. Fluency in French and/or German. Knowledge of Luxembourgish will be considered as an advantage
• Commitment to be available for business trips abroad
• Excellent knowledge of the CSSF circulars notably relating to ICT risk management and to ICT outsourcing
• Knowledge of European regulation in this area (i.e. DORA, PSD, eIDAS, NIS, etc.) and interest in new technologies and digital solutions (DLT, AI, virtual currencies/crypto assets, open banking/finance, etc.) constitute an advantage
• CISA, CISM, CISSP or equivalent certifications are an asset
• Writing, analytical, synthesis skills and thoroughness
• Proactivity and flexibility; ability to work independently as well as good team spirit
• Communication skills
• Confidentiality

The successful candidate (m/f) will be hired as public employee (“employé de l’Etat”) under a permanent contract. If the candidate meets the required conditions, s/he will be asked to apply for admission to the status of civil servant (“fonctionnaire de l’Etat”).

Prior to the conclusion of the contract, the candidate must submit an extract from the criminal record (bulletin n°3), dated less than 2 months, in order to prove their conduct and integrity.