WE ARE:

The European External Action Service (EEAS) supports the High Representative in the exercise of his/her mandate to conduct and implement an effective and coherent Union’s Common Foreign and Security policy. The EEAS supports his/her tasks of conducting the Union's Common Foreign and Security Policy (CFSP), to represent the EU and to chair the Foreign Affairs Council. It also supports the High Representative in his/her capacity as Vice President of the Commission with regard to his/her responsibilities within the Commission in the external relations field, including the coordination of other aspects of the EU’s external action. The EEAS works in close cooperation with the EU Member States, the General Secretariat of the Council, the relevant services of the Commission and the General Secretariat of the European Parliament.

The Division RM.SCS.4 “Secure Communications” is responsible for the protection and registration of EU Classified Information (EUCI) within all EEAS entities and during the transfer to Member States, other EU institutions, International Organisations, agencies and missions by the provision of classified communication and information systems (CCIS), along with the infrastructure, organisation, personnel and information resources required to develop, maintain and operate them.

Within the Division, the Security Studies and Accreditation Sector (RM.SCS.4.SEC.1) supervises the full accreditation cycle of the CCISs, ensuring the different applicable regulations and information assurance policies are incorporated at design, during implementation and while services are operated. The sector supplies formal opinions on IT security matters upon requests of a variety of internal and external clients and on diverse IT security topics. The sector's core mission involves preparing risk assessments, which the senior management uses to make decisions for production deployment.

WE PROPOSE:

The position of IT Security Officer - Contract agent FG IV as per article 3b of the Conditions of Employment of Other Servants of the European Union (CEOS)[1].

PLACE OF EMPLOYMENT:

EEAS Headquarters, Brussels, Belgium

POST AVAILABLE: 01/10/2024

WE LOOK FOR:

An IT Security Officer, supervising and assisting in the correct administration and management of classified Communication and Information Systems (CCIS) within the EEAS.

Under the direction of the Head of the Sector 'Security Studies and Accreditation', the person will be called to perform tasks belonging to both the operational domain as well as to the analysis and studies domain in a lesser extent:

In the operational domain, the jobholder will assist with recurrent tasks required to fulfil operational commitments of the sector:

• Review, request additional information when required, then propose changes and eventually approve Request for Changes (RFCs) on CCISs;
• Perform IT security inspections to verify that the defined security posture matches with the existing configuration;
• Actively participate in the change management process and be a member of the Change Control Board for CCISs;
• Act as validator for entitlement management for CCISs, in support of the SOC;
• Complement the system administrators in security-sensitive duties that require the application of the “four-eyes” principle;
• Participate on security investigations when a security incident is declared;
• Monitor the correct implementation and application of the SecOPs;
• Supervise the overall functioning of the security features of CCISs, analyse events and compose reports, with the support of the Security Operating Centre (SOC);
• Follow-up of IT security incidents, and in particular the impact on the security status of a CCIS.

In the analysis and studies domain, the jobholder will support the accreditation lifecycle of the different existing CCISs as well as new systems coming in to fulfil new business needs:

• Advise on the best System-specific Accreditation Strategy (SAS) to be followed on the accreditation of a system, and participate in its elaboration from beginning to end;
• Directly support the Information Assurance Operational Authority (IAOA) for one or multiple CCISs, either by assisting with the drafting of the required security documentation or by supervising the deliverables when documentation is produced by a contractor;

• Draft and revise Security Operating Procedures (SecOPs), in close collaboration with other division sectors;
• Elaborate and review System-specific Security Requirement Statements (SSRS);
• Provide input to the Crypto plans to be followed by the Crypto team;
• Define and elaborate system security testing, evaluation and inspection (STE&I) plans;
• Produce and assess the quality of the Security Testing Evaluation and Inspection reports (STEI-R);
• Co-create security implementation verification reports (SIVR) with other sector members;
• Participate in the risk assessments issuing Residual Vulnerabilities Statements (RVS). Elaborate risk analysis delivering an actual risk log with mitigation actions if applicable and/or acceptance criteria according to the stated criticality and probability, to support the decision making process of the Security Accreditation Authority (SAA);
• Participate on accreditation exercises driven by third party states or international organisations with whom the EEAS have agreements with on the exchange of EUCI. The jobholder will have to get herself/himself familiar with the accreditation strategies and documentation of the third party;
• Elaborate innovative security studies on conceptual cases and hypothetically elaborate on forward-looking cybersecurity scenarios. Stay up to date on latest cybersecurity incidents and disruptive technologies;

LEGAL BASIS:

The vacancy is to be filled in accordance with the conditions stipulated under the CEOS, in particular Article 82 thereof.

In case of recruitment, the successful candidate will be offered a contract agent position (Function group IV), on the basis of a contract with an initial duration of one year that may be successively renewed for a maximum duration of six years[2], subject to the maximum duration of engagement by the EEAS allowed under successive limited duration contracts of different types[3].

ELIGIBILITY CRITERIA[4]:

Further to the conditions set out in Article 82 of the CEOS, candidates must:

• have passed a valid EPSO CAST in FG IV;

or

• (ii) be registered in the EPSO Permanent Contract Agent Selection Tool (CAST) for FG IV (https://epso.europa.eu/en/job-opportunities/open-for-application). In that case, while the registration will render the candidate eligible for the selection procedure, the recruitment of a candidate on this vacant post will be subject to their successfully passing the CAST exam that this candidate will be called to attend;
• have completed university studies of at least three years attested by a diploma;
• have the capacity to work in the languages of the CFSP and external relations (English and French) necessary for the performance of their duties;
• be a national of one of the Member States of the European Union and enjoy full rights as a citizen.

SELECTION CRITERIA:

Candidates must have:

• A sound background and experience on IT security, IT systems and networks;

Candidates should have:

• At least 3 years of experience in IT security, where the candidate would get extra consideration for the position if the experience would also be related to accreditation processes and Information Assurance policies applicable to classified CISs, their full lifecycle, conception and decommissioning;
• Knowledge of risks analysis frameworks and tools (e.g. EAR / PILAR) would be an asset;
• Knowledge of information security standards (e.g. ISO/IEC 27002:2022, ENS 2022, etc.);
• Professional collaboration skills;
• Strong drafting and communication skills and the ability to establish and maintain a  network of contacts both within and outside the EEAS;
• The ability to work autonomously and precise, and to deliver results in a timely manner;
• Knowledge of English and French would be considered an asset;
• Knowledge of external relations, internal policies and functioning of the Union, in particular on CSDP missions and operations.

Furthermore, the candidate should possess: 

• Experience with regulatory bodies such as Security Accreditation Boards and associated approval processes is considered as an asset;
• Experience of working in a team in multi-disciplinary and multi-cultural environment;
• Experience in working with or within other EU institutions;
• Ability to communicate clearly on complex issues and the capacity to perform with accuracy and in a flexible manner a diversity of tasks in a complex institutional environment;
• A strong service attitude;

CONDITIONS OF RECRUITMENT AND EMPLOYMENT:

The signature of the contract will be subject to prior favourable opinion of the Medical Service.

The requested level of security clearance for this post is: SECRET UE/EU SECRET. A description of the EU classified information levels is available under Article 2 of Annex A of the Decision ADMIN(2023) 18 on the security rules of the EEAS^[5].

The selected candidate should hold, or be in the position to obtain, a valid Personnel Security Clearance (PSC)[6] issued by the competent authority of the Member State concerned.

Candidates who do not already have a valid PSC will be required to go through the security clearance vetting procedure of their Member State to obtain this clearance in accordance with national laws and regulations and with the procedure laid down in the Decision ADMIN(2019)7 on Security Clearance Requirements and Procedures for the EEAS of 08 March 2019 and in Annex A I of the Decision ADMIN(2023) 18 on the security rules of the EEAS. Until the PSC is issued by the competent authority of the Member State concerned, the selected candidate will not be authorised to access EUCI at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or above, or to participate in any meetings or workflow where EUCI is processed.

Please note that the necessary procedure for obtaining a PSC can be initiated on request of the employer only, and not by the individual candidate.

In case of failure to obtain or renew the required PSC, the AACC may take the appropriate measures in accordance with Article 3(3) of the Decision ADMIN(2019) 7 on Security Clearance Requirements and Procedures for the EEAS of 08 March 2019.

EQUAL OPPORTUNITIES:

The EEAS is committed to an equal opportunities policy for all its employees and applicants for employment. As an employer, the EEAS is committed to promoting gender equality and to preventing discrimination on any grounds. It actively welcomes applications from all qualified candidates from diverse backgrounds and from the broadest possible geographical basis amongst the EU Member States. We aim at a service which is truly representative of society, where each staff member feels respected, is able to give their best and can develop their full potential.

Candidates with disabilities are invited to contact CONTRACTAGENTS-HQ@eeas.europa.eu in order to accommodate any special needs and provide assistance to ensure the possibility to pass the selection procedure in equality of opportunities with other candidates.  If a candidate with a disability is selected for a vacant post, the EEAS is committed to providing reasonable accommodation in accordance with Art 1(d)-(4) of the Staff Regulations.

APPLICATION AND SELECTION PROCEDURE[7]

Please send your CV and cover letter (with your EPSO CAST number), in English or in French via email, with reference to the Vacancy number in the Subject field, to:

RM-SCS-4@eeas.europa.eu

Deadline for sending application: 21/10/2024 at 12.00 (CET).

Candidates shall draft their CV using the Europass CV, which can be found at the following internet address: http://europass.cedefop.europa.eu/en/documents/curriculum-vitae.

Late applications will not be accepted.

The selection panel will make a pre-selection on the basis of the qualifications and professional experience described in the CV and motivational letter, and will produce a shortlist of eligible candidates who best meet the selection criteria for the post. Please note that only shortlisted candidates will be informed about the outcome of the pre-selection phase.

The candidates who have been preselected will be invited for an interview by a selection panel.

The selection panel may decide, subsequent to the interview, to organise written tests, either for all pre-selected candidates or to the best ranked ones. The content of such written tests will be defined by the selection panel and may include, but not be limited to, multiple choice questions, open questions and/or topics for a short essay.

Pre-selected candidates without a valid CAST shall be invited to sit the CAST exam before or after the interview stage (in accordance with the eligibility criteria set out above).

The panel will recommend a shortlist of candidates for a final decision by the Authority Authorised to Conclude Contracts of Employment (hereafter, the “AACC”). The AACC may decide to interview the candidates on the final shortlist before taking this decision.

It is recalled that the selection procedure may be terminated at any stage in the interest of the service.

In the interest of the service, after identifying the candidate that best fits the requirements of the post as set out in the vacancy notice, the AACC may also establish a reserve list of candidates. These candidates shall be informed that the reserve list shall remain valid for a period of one year from when it is established and that it may be used to fill the same post or an equivalent post in the EEAS with the same job profile.

[1]    Staff Regulations of Officials of the European Union (SR) and the Conditions of Employment of Other Servants of the European Union (CEOS). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:01962R0031-20140501&from=EN

[2]      Article 8 of the Commission Decision C(2017) 6760 of 16.10.2017 on the general provisions for implementing Article 79(2) of the Conditions of Employment of Other Servants of the European Union, governing the conditions of employment of contract staff employed by the Commission under the terms of Articles 3a and 3b thereof.

[3]     Decision ADMIN(2023) 24 on the maximum duration of engagement by the European External Action Service of non-permanent staff under successive limited duration contracts of different types, and on the minimum lapse of time between successive contracts under Article 2(e) of the CEOS.

[4]     Decision ADMIN(2023) 24 on the maximum duration of engagement by the European External Action Service of non-permanent staff under successive limited duration contracts of different types, and on the minimum lapse of time between successive contracts under Article 2(e) of the CEOS.

[5]    OJ C 263, 26 July 2023, p.16. 

[6]    The ‘Personnel Security Clearance’ is defined under point 2 of Annex A I of the Decision ADMIN(2023) 18 on the security rules of the EEAS as “a statement by a competent authority of a Member State which is made following completion of a security investigation conducted by the competent authorities of a Member State and which certifies that an individual may, provided his ‘need-to-know’ has been determined, be granted access to EUCI up to a specified level (CONFIDENTIEL UE/EU CONFIDENTIAL or above) until a specified date; the individual thus described is said to be ‘security cleared’.”

[7]    Your personal data will be processed in accordance with Regulation (EU) 2018/1725, as implemented by ADMIN(2019) 8 Decision of the High Representative of the Union for Foreign Affairs and Security Policy. The privacy statement is available on the Europa website: (https://www.eeas.europa.eu/eeas/eeas-privacy-statement-data-protection-notice-purpose-processing-personal-data-related-public_en) and on the EEAS Intranet:(https://intranet.eeas.europa.eu/page/eeas-work/data-protection/privacy-statements-dp-notices)