Information Security & Risk Specialist

Job title:

Information Security & Risk Specialist

Company:

ENTSO-E

Job description

About ENTSO-EENTSO-E is the European Network of Transmission System Operators for Electricity. ENTSO-E coordinates the cross-border system operations, system development and electricity market activities of the 39 electricity transmission system operators (TSOs) which cover 35 countries. ENTSO-E was established and given legal mandates by the EU’s Third Legislative Package for the Internal Energy Market in 2009, which aims at further liberalising the gas and electricity markets in the EU; the legal mandates include among others: Europe-wide 10-year electricity network development plans, the transparency platform, network codes, guidelines, and European-wide methodologies.The ENTSO-E Secretariat in Brussels is the focal point for technical, market and policy questions for all European TSOs in their cooperation with each other, in their joint fulfilment of their legal mandates, and in the intensive interactions with European Commission, regulatory agencies, associations representing network users and other stakeholders. The role of the TSOs and their cooperation in ENTSO-E is crucial to ensuring security of supply; completing the largest and most competitive electricity market in the world; and successfully integrating large volumes of renewable energy into the system. The candidate we are seeking will contribute to ENTSO-E work both in legally mandated tasks and policy-related work related to European electricity markets.General position descriptionThe common Grid Model Business process requires a significant data exchange amongst all ENTSO-E members. The IT data exchange system is called the Operational Planning Data Exchange Platform [OPDE] and is fully in scope of the deliveries of the Common Grid Model Programme.The successful candidate will have the opportunity to work in a hybrid model, allowing for a blend of remote and in-office work to support a good work-life balance. S/he will work within the OPDE Service Delivery team. S/he will be managing all security related activities for the software development and service coordination in scope of the OPDE. This role will expand in the future into further business areas with a long-term security impact beyond OPDE.As owner of the OPDE, ENTSO-E is in charge of the software design, development and delivery as well as the overall coordination of the operation of the OPDE services. All parties involved in the data exchanges, including ENTSO-E as coordinator and software provider are bound to a set of security controls to ensure the overall information security of the data and systems.Possible International travels within Europe (e.g., 1-2 days per month) will be required to meet the community.Responsibilities and tasks

• Maintain and continuously improve the OPDE specific security policies.
• Ensure security integration into the Software Development Lifecycle (SSDLC) by collaborating with product owners to implement security best practices.
• Lead and follow up on non-functional security testing (code scanning, penetration testing, threat modelling) and the yearly security auditing campaign, ensuring follow-up as part of the risk management process.
• Manage the OPDE related security risks in the context of ENTSO-E’s software development and coordination activities, work with product owners and software development teams on managing identified risks.
• Provide security expertise to testing teams to enhance security coverage in functional test cases.
• Organise and perform security trainings for the teams.
• Support the OPDE architecture design activities with security related knowledge.
• Act as the single point of contact for the external Application Security Centre for OPDE, while advising and coordinating its activities related to overall parties’ compliance and risk management.
• Represent OPDE in security related forums on association level.
• Support activities of ENTSO-E’s digital section beyond OPDE to increase organizational maturity in terms of information security.

Profile

• 5+ years of experience in IT and cybersecurity domains.
• Degree in IT (Information Technology), OT (Operational Technology), or equivalent experience.
• CISSP certification or equivalent experience required. Additional certifications such as CISM, OSCP, CEH, or equivalent are considered a strong asset. Proven experience in implementing and monitoring Information Security Management Systems (ISMS) is essential.
• Strong knowledge of information security standards such as ISO 27001:2022, ISO 27002.
• Technical expertise in security technologies such as cryptography, network security, intrusion detection, access control models, authentication mechanisms, and security policies (GPOs).
• Experience with security monitoring tools (e.g., SIEM, IDS/IPS). Strong analytical and risk management skills, with the ability to assess and mitigate security risks.
• Strong experience in security governance, risk assessments, and project coordination.
• Familiarity with issue tracking and content management systems (e.g., JIRA, SharePoint, or similar tools) is beneficial.
• Excellent written and verbal communication skills in English, with the ability to collaborate across technical and business teams.
• Ability to work both independently and as part of a team in a self-organized manner.
• Experience working in international teams is preferred.
• Positive mindset aligned with the values of ENTSO-E: Team, Trust, Future-thinking, Integrity & Excellence.

Our offerWe are a dynamic European association and are delighted to offer you the opportunity to work for ENTSO-E on truly exciting projects focused on the electricity sector. With us, you will contribute to building the world’s largest integrated electricity market – impacting not only those in the energy sector but also Europe’s overall economy, today and in the future.You will work in a truly multi-cultural environment, with colleagues from over 35 different nationalities.Our people are the heart of our association. We value work life balance. We offer a broad range of training and development, to make sure our employees continue to develop.We offer market competitive compensation and benefit package, with excellent insurance coverage for you and dependent family members (such as hospitalization, supplemental medical plan). You will benefit from group insurance and travel insurance. You have the opportunity to participate in a Flexible Benefits Plan to choose for those benefits that create the best value for you. We also offer a maximum of flexibility enabling to have a good balance between working digitally and in physical meetings with Members and colleagues.If you want to play a role in creating a sustainable world, then ENTSO-E is the place for you!Application processFor this role, the Secretariat is looking for either a secondment from a Member TSO (for which we can give advice to TSOs and candidates on financial and tax effects) or other qualified applicants not working for ENTSO-E members.Due to the nature of the position a vetting procedure will be required for this role. Furthermore, an assessment could be performed by an external company.ENTSO-E is an equal opportunities employer and does not discriminate on the grounds of age, disability, marital status, gender, sexual orientation, race, religion, or political beliefs.Please submit your complete application consisting of a motivational letter and curriculum vitae on ENTSO-E career website before 1 April 2025.

Expected salary

Location

Bruxelles

Job date

Thu, 20 Mar 2025 23:37:06 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (vacanciesin.eu) you saw this job posting.