European Fund Administration S.A. (EFA) is an independent company servicing investment funds, unit-linked insurance products, private equity funds, real estate funds, hedge funds and funds of hedge funds.
EFA is one of the leaders of the outsourcing market in Luxembourg, Europe’s largest fund center.
EFA’s range of services include: Net Asset Value calculation, bookkeeping and portfolio valuation, transfer agent and registrar services, fiscal services, compliance and risk management, performance measurement and attribution, domiciliation and reporting solutions.
EFA is present in Luxembourg and in Paris (via EFA France). More information is available at www.efa.eu.
EFA's shareholders are KBL European Private Bankers S.A., Banque de Luxembourg S.A., Banque et Caisse d’Epargne de l’Etat, Oddo & Cie and EFA Partners S.A.
For its IT team, EFA is looking to recruit a:
Chief Information Security Officer
Your main tasks and responsibilities:
- The Chief Information Security Officer (CISO) is responsible for organising and overseeing information security. His/her role is to provide advice, assistance, information, training and supervision with regard to the security of the information system (IS). Core duties include executing IT risk assessments, defining and implementing the necessary organisational, technical, legal and human means, as well as designing and coordinating action plans to improve the IT security coverage.
- The CISO is in charge of the IT risk assessment for all projects and proposes appropriate preventive measures to mitigate risks. He/she coordinates IT security projects and ensures consistency and compliance with the base principles set out in the General Information Security Policy (GISP). He/she coordinates DRP/BCP tasks and manages a team of IT security officer(s).
- The person appointed as CISO has to be approved by the CSSF (Commission de Surveillance du Secteur Financier- Luxembourg’s Financial Sector Supervision Authority).
- In this role, you will:
- propose security objectives to the Executive Committee and maintain the GISP to reflect those objectives;
- propose approaches to implement security technology and methods;
- define security guidelines and standards, and establish oversight and data protection procedures;
- oversee the coordination and manage IT security projects;
- participate in other projects, notably by providing IT Security deliverables required to comply with the project management methodology;
- provide a security assessment of IT systems in place and of ongoing projects;
- monitor technological and legislative trends in your domain of expertise: tools, methods, circulars, etc.;
- monitor and assess major IT security threats and provide proposals to mitigate risks;
- coordinate the actions required for the proper functioning and maintenance of the DRP solution, and participate in the actions relating to the tests and development of the BCP;
- serve as the main point of contact for internal and external auditors and the CSSF with regard to IT security;
- carry out the necessary investigations in the event of an alert or security incident, including managing the relation with external IT security experts and firms;
- manage and supervise the IT security officers in charge of the day-to-day management of security actions: managing users, investigating vulnerabilities in our systems, checking security logs, etc.
- You have at least 5 years’ experience in a similar role
- You are aware of the standards and procedures in IT security, the IT security environment, and are familiar with IT security risk assessments and risk management
- You are capable of anticipating and monitoring trends in IT technology and identifying the impacts they will have on our IS; you can stay abreast of relevant legislation and circulars pertaining to information security and data protection
- You have excellent knowledge of fund administration, and are able to understand and monitor regulations governing this domain
- You have a strong command of both French and English, and are at ease in writing documents at executive management level in both languages
- You are meticulous and methodical
- You are able to effectively analyse and summarise situations, and have proven experience of project management
- Your strengths include your interpersonal skills and your ability to communicate effectively
- You are open-minded, pragmatic and flexible
- You have experience in team management and in the coordination of cross-cutting projects involving many different departments across an organisation
We can offer you:
- Varied work as part of a dynamic and ambitious company that has been established in the Grand Duchy of Luxembourg for 20 years,
- An attractive remuneration scheme: Company Agreement, 33.5 days’ leave, meal vouchers, life and disability insurance, supplementary pension, interest subsidies, a Sympass card, offices located close to the central railway station in Luxembourg, etc.
If you think you fit this profile, please send your application to email@example.com with the reference CISO 2019.
N.B.: In order to meet the worthiness criteria provided for in Article 45 of CSSF Regulation No. 12-02 of 14 December 2012 on anti-money laundering and the financing of terrorism, candidates concerned will be asked to produce a recent extract of their criminal record no later than their first day of employment. This document will be dealt with in accordance with the Law of 23 July 2016.
As part of the recruitment process, EFA may collect and process candidates’ personal data. This data will be stored for processing purposes for the period required by law. Candidates may assert their right to access, correct or delete their personal data in accordance with the applicable legal provisions, and in particular with the provisions of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and in accordance with the Luxembourg Act of 2 August 2002 concerning the protection of individuals with regard to the processing of personal data. To do so, they must send an email to firstname.lastname@example.org.