Information Technology Security Specialist

Tasks and responsibilities

• Ensure adequate stakeholder management
• Support in Data Management and Governance related inquiries
• Foster Information Security and IT risk awareness by contribution to trainings and awareness campaigns
• Provide support for the framework to stakeholders & champions
• Perform security monitoring activities to detect potential internal threats
• Conduct periodical and on-demand risk and regulatory assessments
• Continuously execute, monitor and assess the effectiveness of 1st Line of Defense related security controls, recommending enhancements as needed
• Support for security risk management in projects
• Identifying, assessing, and mitigating cyber risks across the organisation to support informed decision-making
• Support & assist risk owners to develop risk response strategies for ICT risks
• Manage involved stakeholders inside and outside of IT in line with 1LoD activities (e.g. Risk champions, CRO, audit)
• Support stakeholders in the prioritization of risks
• Identify & promote risk specific changes for projects/funding
• Maintain the IT Risk Register
• Support in annual Security Roadmap key risk identification process
• Liaise with internal and external auditors to address ICT risk findings and validate remediation progress
• Ensuring adherence to internal policies and external regulations, including audits, certifications, and regulatory reporting
• Support due diligence against the Bank’s information security requirements during onboarding of third parties (where required)
• Support periodic assessment to re-validate third parties’ compliance with those requirements
• Manage the overall mitigation action to resolve identified gaps with the control framework
• Perform forensic research and support investigations
• Investigate criminal activities and their possible impact on the company to take adequate protective measures
• Support incident response efforts, coordinating with internal teams (incl. Cyber Fusion Center) and external partners to minimise the impact of security incidents
• Deliver regular status updates on the information security risk landscape, remediation progress, and audit findings
• Prepare executive-level reports and regulatory submissions on the bank’s security posture
• Support the definition of and report on Key Risk Indicators
• Align and collaborate with the group’s Cyber Fusion Center to more effectively detect, mitigate, and protect against cyber threats
• Integrate findings from audits and technical tests into risk reporting and KRIs

Must-have criteria

• Bachelor’s degree in Information Security, Computer Science, Business Informatics, or a related discipline
• 5 - 10 years of professional experience in information/cybersecurity, preferably within the financial services sector
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001), banking regulations (CSSF, EBA), and industry best practices
• A hands-on individual with proven ability to operate independently and drive initiatives forward in a complex organisation
• Proficient in Microsoft Office suite and experience in using GRC, risk, and ticketing tools
• Skilled in translating technical risks into business-relevant insights for diverse audiences
• Solution-oriented mindset with attention to detail, reliability, and a commitment to ethical conduct
• Ability to thrive under pressure, manage competing priorities, and deliver consistently in a dynamic environment
• Passionate about building and maturing security capabilities within a globally operating private bank

Nice-to-have criteria

• Advanced qualifications (Master’s, MBA) or equivalent experience considered advantageous
• Certifications in information security (e.g., CISSP, CISM, ISO 27001 LA) are highly desirable

Language requirements

• Excellent verbal and written communication skills in English
• Proficiency in German or French is an advantage

Employment type: Contract

Industry: Banking

Area: IT

Location: Luxembourg

Remote from abroad?: No

Home office?: Flexible

Contract duration: 12 months with option of extension