PROFILE DESCRIPTION – CYBERSECURITY SERVICE DELIVERY MANAGER

Activities

• Definition of business cases, project/service descriptions, policies, standards, methodologies, tooling, processes, controls.

• Preparation of project management deliverables and associated cybersecurity deliverables and products.

• Development and maintenance of services, processes, plans, attestations and controls, with particular focus in risk management, compliance management and implementation levels of security control baselines under the mandate of the c-LISO and c-SSO service.

• Coordination and review of projects, deliverables and related products under the field of security management

• Reporting of programmes, projects, security processes, cybersecurity governance metrics and services (KPIs).

• Management of cybersecurity compliance and regulatory requirements

• Coordination and review of cybersecurity risk mitigation measures and control implementations.

• Assistance of security coordinators, system owners, system security officers and DIGIT management in their cybersecurity responsibilities.

• Interaction with cybersecurity leadership, IT teams, security coordinators, system owners, system security officers, DIGIT management, and corresponding roles/stakeholders in other Commission Departments to drive cybersecurity innovation and best practices.

Specific expertise requirements

• Cybersecurity governance frameworks and standards (e.g. COBIT, NIST CSF).

• Very good knowledge of compliance and regulatory requirements (e.g. EUDPR, CD46/2017).

• Strong experience with GRC tools, and ServiceNow platform.

• Very good knowledge of IT Security Risk Management methodologies and in particular proven experience in ITSRM.

Nature of services

This service aims to define and deliver project/service management and associated cybersecurity deliverables, such as business cases, project/service descriptions, policies, standards, methodologies, tooling, processes, controls. Ensures, as part of the c-LISO and c-SSO service offering, the development and maintenance of services, processes, plans, attestations and controls, with particular focus in risk management, compliance management and implementation levels of security control baselines. Coordinates and reviews the implementation of risk mitigation measures and controls, and interacts with different levels of the organisation to ensure proper reporting and follow-up.

Skills

• Exceptional strategic planning and execution abilities.

• Expert leadership, team-building and mentoring skills.

• Fast and efficient delivery of results.

• Ability to give business and technical presentations.

• Very good communication skills with technical and non-technical audiences.

• Ability to participate and contribute in technical meetings.

• Analysis and problem-solving skills.

• Capability to write clear and structured technical documents.

Knowledge

• Solid leadership in project, portfolio and service management.

• Command of advanced cybersecurity practices, security architecture frameworks and technologies.

• Command of cybersecurity governance, compliance, and regulatory landscape.

• Deep understanding of legal and compliance aspects related to cybersecurity.

• Proficient knowledge of cloud computing concepts and platforms (e.g. AWS, Azure)

SPECIFIC REQUIREMENTS

Description of the tasks

The service provider will perform the tasks and activities set out below. Service Design, Transition and Operation

• Define and document business cases and service descriptions in alignment with organizational goals.

• Prepare key deliverables such as project charters, work breakdown structures, schedules, and quality plans, including cybersecurity deliverables where relevant.

• Track performance of project and service teams against KPIs, budgets, and timelines, and prepare regular reports for management and governance boards.

• Review and enhance project management tools, methodologies, and service delivery processes based on lessons learned and maturity assessments.

Security Management

• Establish and update security policies, standards, control baselines, guidelines and procedures under Commission’s cybersecurity framework.

• Identify, assess, and mitigate cybersecurity risks, and ensure compliance with Commission’s security standards and with the cybersecurity regulation.

• Support system owners, security coordinators, and IT teams, and promote best practices and innovation in cybersecurity management and operations.

• Prepare governance metrics, KPIs, and compliance reports for management and oversight bodies.

Public Sector & Regulatory Expertise

• Navigate intricate governance and decision-making processes within European Institutions, with a particular focus on the unique complexities and specificities of the European Commission's environment.

• Lead governance initiatives to maintain operational continuity, compliance, and effective risk management.

Team Collaboration

• Coordinate multi-disciplinary, multi-cultural teams across various domains and units and knowledge depths.

• Drive collaboration between technical specialists, business leaders, and operational teams.

• Provide mentorship, capability development, and technical guidance to teams and stakeholders.

Level of education

A Master’s degree in Information Technology, Computer Science, Electronics, or a related engineering discipline is required.

Specific knowledge, skills and expertise

Expertise in the utilisation of frameworks

• Excellent knowledge of cybersecurity governance frameworks and standards (e.g. COBIT, NIST CSF).

• Very good knowledge of compliance and regulatory requirements (e.g. GDPR, CD46/2017).

• Strong experience with ServiceNow platform and with GRC tools.

• Very good knowledge of IT Security Risk Management methodologies and in particular proven experience in ITSRM.

Experience

• Extensive international career spanning 20+ years in IT and Cybersecurity operations and projects.

• Significant experience in leading high impact Cybersecurity service delivery within international public organisations.

• Proven experience in cybersecurity Governance, Risk and Compliance (GRC) related service provision for critical infrastructure coverage.

• Strong project track record in delivering cybersecurity business and technical service elements securing on-premises, cloud, and hybrid IT ecosystems.

• Significant experience in regulatory requirements of the European Union, including data protection and privacy regulations.

Advanced Technical Competencies

• Strong experience in developing and implementing cybersecurity policies, procedures, and standards.

• Strong experience in IT security standards implementation, through relevant training and certifications.

• Strong Experience in identifying, assessing, and recommending risk mitigation measures with a focus on continuous improvement.

• Experience with gathering business security requirements and translating them into security specifications, in the context of information systems.

• Track record in cybersecurity reporting, presenting cybersecurity posture indicators to audiences of all levels, and following-up the implementation of improvements.

Core Competencies

• Command of security frameworks and compliance standards (NIST, ISO 27001).

• Strong strategic, organizational, communication and negotiation skills.

• Ability to lead under pressure and in high-risk scenarios.