ICT Security Specialist

Are you an experienced ICT Security Specialist with a strong background in information security, risk management, and regulatory compliance?

A leading international private banking organization in Luxembourg is currently looking for an ICT Security Specialist – 1st Line of Defense (LoD) to support strategic security initiatives, regulatory compliance, cyber risk management, and security operations across the organization.

In this role, you will support the development, execution, and continuous improvement of information security controls, risk frameworks, and governance processes. You will work closely with business stakeholders, IT teams, auditors, and risk owners to strengthen the bank’s overall cybersecurity posture.

Your responsibilities will include:

Stakeholder Management & Security Awareness

• Ensuring effective stakeholder management across IT, business, risk, and audit teams
• Supporting data management and governance-related inquiries
• Driving security awareness through training sessions and awareness campaigns
• Supporting stakeholders and security champions with security frameworks

Control, Monitoring & Risk Assessment

• Performing security monitoring to detect potential internal threats
• Conducting periodic and ad-hoc risk and regulatory assessments
• Continuously monitoring and improving security controls
• Supporting security risk management activities in projects

Risk Management & Compliance

• Identifying, assessing, and mitigating ICT and cyber risks
• Supporting risk owners in developing mitigation strategies
• Maintaining the IT Risk Register
• Supporting the annual Security Roadmap and key risk identification
• Liaising with internal and external auditors
• Supporting regulatory compliance, reporting, audits, and certifications

Third Party Risk Management

• Supporting due diligence during onboarding of third-party providers
• Conducting periodic reassessments of third-party security compliance

Incident Response & Mitigation

• Managing mitigation actions to close security gaps
• Supporting forensic investigations and security incident handling
• Coordinating incident response with internal teams and external partners

Reporting & Governance

• Preparing executive-level security reports and regulatory submissions
• Defining and reporting on Key Risk Indicators (KRIs)
• Integrating audit findings and technical test results into risk reporting

To succeed in this role, you should bring:

• 5–10 years of experience in information security or cybersecurity, ideally in financial services
• Strong understanding of cybersecurity frameworks (e.g. ISO 27001, NIST CSF)
• Certifications such as CISSP, CISM, ISO 27001 Lead Auditor are highly desirable
• Experience working with GRC, risk, and ticketing tools
• Strong analytical, organizational, and problem-solving skills
• Ability to translate technical risks into business-relevant insights
• Strong communication skills in English; German is a strong advantage
• Hands-on, proactive mindset with ability to work independently in complex environments

📍 Location: Luxembourg

💼 Workload: 100%

⏳ Duration: 12 months (extension possible)

🗣 Languages: English (fluent), German or French a strong asset

For further details, please contact:

📩 [email protected]

📞 +41 43 508 95 78