Local Information Security Officer

[1] The place of employment is subject to changes in the interest of the service and always under due consideration of the Staff Member’s interests.

[2] Possibility of renewal for a fixed period and a further renewal for an indefinite period on the conditions set out in the Staff Regulations and in the Conditions of Employment for Other Servants

[3] The organisational department and the hierarchical reporting line may change in line with the developments of the EUSPA and department’s organisation.

[4] The successful candidate must hold a valid personnel security clearance at the level defined above or be able and willing to apply for it immediately after the contract signature. The procedure for obtaining a personnel security clearance shall be initiated on request of the employer only, and not by the individual candidate. Description of the EU classified information levels is available here.

The European Union Agency for the Space Programme (EUSPA) is an operational EU Agency that provides safe and secure European satellite navigation services, promotes the commercialization of Galileo, EGNOS, and Copernicus data and services. It also coordinates the EU’s forthcoming governmental satellite communications programme GOVSATCOM. EUSPA is also responsible for the security accreditation of all the Components of the EU Space Programme. For more information on the EUSPA and the EU Space Programme, click here.

A core task for EUSPA is security of the EU Space Program. The Security Authority (SAU) Department proactively contributes to the fulfilment of the missions of the Agency by providing the security expertise in order to (1) ensure that the components of the Space Program are defined, implemented and exploited securely, (2) achieve successful security accreditation of the components of the Program, (3) ensure a wide, secure and sustainable use of the services provided by the different components, (4) ensure the protection of classified information’s.

In particular, the GSMC Local Security Office (GSMC LSO) implements and monitors the correct implementation of the applicable security rules, as laid down in Commission Decision (EU, Euratom) 2015/444. In coordination with the Central Security Office (CSO) and the Security Offices of the other Agency sites, the GSMC Local Security Office supports the functions of the Security Authority of the Agency ensuring the on-site implementation of the security rules, managing the GSMC EU Classified Information (EUCI) Registries and COMSEC accounts, supporting the performance of the GSMC operations and in maintaining the accreditation of the Agency’s infrastructure and IT assets deployed at the GSMC sites.

The place of employment for this position is Saint-Germain-en-Laye, one of the more affluent suburbs of Paris. With its historic museum and impressive castle, the city is less than 32 kms from romantic Paris and even less from the football stadium Parc des Princes, the home of Paris Saint-Germain club. 

We are looking for a Local Information Security Officer (LISO) to join the security team in the Galileo Security Monitoring Centre located in France (GSMC-FR). The LISO is the main point of contact with the IT security team and performs the responsibilities independently from system owners and data owners. The jobholder shall report to the GSMC Local Security Office Team Leader and will support the activities related to the security of the GSMC Communication and Information Systems (CIS).

The jobholder’s tasks and responsibilities include (without limitation) and subject to adjustment by his/her line manager:

• Proactively identify and inform system owners, data owners and other roles with IT security responsibilities in GSMC about the IT security policy;
• Liaise on IT-security-related issues in GSMC with the department responsible for the ICT as part of the LISO network;
• Maintain an overview of the information security risk management process and of the development and implementation of information system security plans;
• Advise data owners, system owners and heads of GSMC business units on IT-security-related issues;
• Cooperate with the department responsible for the ICT in disseminating good IT security practices and propose specific awareness-raising and training programmes;
• Report on IT security, identify shortfalls and improvements to GSMC business units;
• Cooperate with the Local Security Officer (LSO) and the EUSPA HQ LISO as well as with the Data Protection Officer (DPO) and support the implementation of the CIS processes related to the data protection;
• Ensure that an inventory of all classified CIS is kept and updated, with a description of the security requirements and a maintenance of the evidence demonstrating compliance to those requirements;
• Organise compliance inspections, audits or other supervisory/monitoring instruments as necessary in order to verify that CIS service providers and system suppliers establish and implement the security measures required under security plans;
• Contribute to the accreditation process of the EUSPA CIS handling EUCI, including the organisation of the reviews required for the accreditation process, in support of the EUSPA Security Accreditation Authority;
• Report and contribute to handling breaches of security and compromise of sensitive or classified information; also responsible for collaborating with formal investigations as required;
• Perform the activities related to the access control for the IT systems on the GSMC sites and maintain the access control registry;
• Perform the audit of the IT systems according to the SecOps requirements;
• Keep abreast of technology developments, threats and protection measures in the field of security pertaining to CIS;
• Contribute to business continuity plans of the GSMC in areas related to his/her responsibilities.

The LISO will be also responsible to enforce the IT security of the information system (IS) of the building of the GSMC [i.e. the Access Control System (ACS) and Building Management System (BMS)] and enforcement of the rules set out by the French legislation, and related requirements of the French National Informatics Security Agency (ANSSI) for vital information systems IT (‘Système d’information d’importance vitale’).

In that framework, the LISO should:

• Plan actions to implement the Information System Security Policy (PSSI);
• Keep updated all application documents (process, procedures, etc.) of the PSSI;
• Participate to Cyber and Configuration Control Board;
• Act as system administrator for IS of the building of GSMC-FR;
• Liaise and work closely with system maintainer and secmon provider;

Language use: The above tasks and responsibilities will be conducted in the English language, however relevant interactions with the local authorities require the knowledge of the French language.

As a member of the GSMC Local Security Office, the LISO may at times be required to support other team members in their duties, especially in tasks regarding the management of EUCI, management of physical security, raising general security awareness of the EUSPA staff, assistance to the COMSEC Officer or Crypto Custodian in the handling of cryptographic key material. In that case, appropriate additional training will be provided should the need to support these roles arise.

The Local Information Security Officer shall be available for regular on-call duties outside normal working hours (availability by phone with ability to come back to the site within predefined elapsed times that will be established to meet operational external requirements). The duties associated with such ‘on-call’ shall be of a nature similar to those of the main duties of the post, but will also include a wider set of activities aimed at ensuring the security and technical availability of the site focussing on feared events and their related initial reaction procedures.

The jobholder may be required to obtain and maintain a certification for the related duties.

The selection procedure is open to applicants who satisfy the following eligibility criteria, on the closing date for application:

1. Have a level of education which corresponds to completed university studies⁵ of at least three years attested by a diploma
2. Be a national of a Member State of the European Union, Iceland or Norway      
3. Be entitled to his or her full rights as citizen
4. Have fulfilled any obligations imposed by the applicable laws concerning military service
5. Meet the character requirements for the duties involved⁶
6. Have a thorough knowledge of one of the languages of the European Union⁷ and a satisfactory knowledge of another language of the European Union to the extent necessary for the performance of his/her duties
7. Be physically fit to perform the duties linked to the post⁸

Contract agents from EUSPA and other EU agencies are also invited to apply in accordance with the following EUSPA rules: https://www.euspa.europa.eu/simplecount_pdf/tracker?file=conditions_of_employment_of_contract_staff_ca.pdf

[5] Only study titles that have been awarded in EU Member States or that are subject to the equivalence certificates issued by the authorities in the said Member States shall be taken into consideration. Qualifications/diplomas awarded in the United Kingdom until 31/12/2020 are accepted without further recognition. For diplomas awarded in the United Kingdom after this date (from 01/01/2021), a NARIC recognition is required: https://www.enic-naric.net/  [6] Prior to the appointment, the successful candidate will be asked to provide a Police certificate confirming the absence of any criminal record. [7] The languages of the EU are: Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, Irish, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovene, Spanish, Swedish. [8] Before a successful candidate can be appointed, s/he will be medically examined by a selected medical service so that the Agency will be satisfied that s/he fulfils the requirement of Article 28(e) of the Staff Regulation of Officials of the European Communities.

All eligible applications, according to the afore-mentioned criteria, will be assessed against the requirements listed below solely based on the information provided by the candidates in their application.

The Selection Board responsible for this selection will determine the criteria to be assessed in the various phases of the selection procedure (assessment of the application forms, interview and written test) prior to being granted access to the names of the applicants.

When filling the online application, candidates are expected to clearly include elements that demonstrate that their profile matches the requirements below.

Professional experience and expertise

1. Relevant experience and ability to perform the tasks described, preferably gained within an international environment;
2. Professional experience with security aspects of CIS systems, preferably for processing of classified information;
3. Professional experience in handling classified material within a national or international environment, including issues related to EU or national security;
4. Excellent command of both written and spoken English;

Required competencies

5. Motivation;
6.  Excellent communication skills;
7. Good command of written and spoken French;
8. Ability to work with others within a team, as well as with stakeholders;
9. Ability to educate a non-technical audience about various security measure.

The current vacancy aims to fill 1 (one) post and establish a reserve list.

A comprehensive description of the selection process is available here.

Indicative date for the interview and written test: October 2022. The date might be modified depending on the availability of the Selection Board members.

Candidates are strictly forbidden to make any contact with the Selection Board members, either directly or indirectly. Any infringement of this rule will lead to disqualification from the selection procedure.

Any questions regarding the selection procedure should be addressed only to: jobs@euspa.europa.eu

In addition, candidates having any personal relationship within the EUSPA have the possibility to declare such situation to jobs@euspa.europa.eu.

In order to be considered for this position, candidates need to create an account by registering via the EUSPA e-recruitment tool.

Only applications submitted via the e-recruitment tool will be accepted. Applications sent via email or post will not be taken into consideration.

Multiple applications received for the same position via different accounts will lead to the exclusion of the applicant from the selection procedure.

Important: the information provided by candidates in their online application constitutes the solely basis for the assessment of the eligibility and selection criteria. Therefore, they are invited to carefully read the requirements and to provide the relevant information in such detail that would allow this assessment. Particular attention should be paid to information on the education and professional experience, in particular exact dates, description of responsibilities and duties carried out. It is the candidate’s responsibility to ensure accurate and elaborate completion of the application form and avoidance of unclarities and typos.

All sections of the application should be completed in English in order to facilitate the selection procedure.

In order to be considered, applications must be received by the closing date indicated in the vacancy notice.

Candidates are advised to submit the application well ahead of the deadline in order to avoid potential problems during the final days before the closing date of applications’ submissions. The Agency cannot be held responsible for any last-minute malfunctioning of the e-recruitment tool due to heavy traffic on the website.

Any request for technical support must be sent to: jobs@euspa.europa.eu minimum two working days before the vacancy notice deadline. Please note, that if you submit your request for technical support later, we may not be able to assist you;

Please consult the e-recruitment guideline for instructions on completing the application.

Any questions regarding the selection procedure should be addressed only to: jobs@euspa.europa.eu

If a candidate considers that he/she has been adversely affected by a particular decision, he/she can lodge a complaint under Article 90(2) of the Staff Regulations of Officials of the European Union and Conditions of employment of other servants of the European Union; submit a judicial appeal under Article 270 of the Treaty on the Functioning of the EU (ex Art. 236 of the EC Treaty) and Article 91 of the Staff Regulations of Officials of the European Union; or make a complaint to the European Ombudsman.

Details on how to initiate these processes are available here.

FINANCIAL ENTITLEMENTS

The remuneration consists of a basic salary⁹ and, where applicable, additional allowances¹⁰, paid on a monthly basis and reimbursements¹¹, paid upon their evidenced occurrence.

The sum of the basic salary and the applicable additional allowances is weighted by the correction coefficient applicable for the location of the post¹². The sum of usual social deductions from salary at source is subtracted from the weighted amount¹³. The full pay is exempted from the national income tax, but is subject to the internal income tax and the solidarity levy¹⁴.

Examples of net monthly salaries (as currently applicable in Saint Germain-en-Laye) are presented below:

LEAVE ENTITLEMENTS

Staff is entitled to annual leave of two working days per each complete calendar month of service plus additional days for the grade, age, home leaves for expatriates and an average of 16 EUSPA public holidays per year.

Special leave is granted for certain circumstances such as marriage, moving, elections, birth or adoption of a child, serious sickness of spouse, etc.

SOCIAL SECURITY

The pension scheme provides a very competitive pension after a minimum of 10 years of service and reaching the pensionable age. Pension rights acquired in one or more national schemes before starting to work at EUSPA may be transferred into the EU pension system.

EUSPA’s benefits include an attractive Health insurance: staff is covered 24/7 and worldwide by the Joint Sickness Insurance Scheme (JSIS). Staff is insured against sickness, accident and occupational disease, and could be entitled to unemployment and to invalidity allowances.

PROFESSIONAL DEVELOPMENT AND BENEFITS CONTRIBUTING TO WORK-LIFE BALANCE

EUSPA aims at creating and maintaining a supportive and healthy work environment that enables staff members to have balance between work and personal responsibilities, for example through flexible working time arrangements. 

GSA also offers a wide range of training courses to develop staff members’ personal skills and keep in touch with the latest developments in their field. The training and professional development opportunities are attuned to the career plan and requirements of the departments.

INTERNAL AND INTERAGENCY MOBILITY

In case of internal and interagency mobility, EUSPA and the selected candidate shall conclude a contract of employment in accordance with the EUSPA rules: https://www.euspa.europa.eu/sites/default/files/conditions_of_employment_of_contract_staff_ca.pdf

^[9] As per Articles 92 and 93 CEOS. ^[10] Household allowance (e.g. if you have a dependent child or you are married and your spouse's income is below a defined threshold); Dependent child allowance (e.g. if you have a child under the age of 18 or between 18 and 26, if in specified training programme); Education allowances (in very specific cases) or Payment of the education fees applicable to the educational institutions EUSPA has an agreement with (currently more than 18 international schools in the Czech Republic and Spain, and European Schools in France and in the Netherlands); Expatriation allowance (16% of the sum of basic salary and other applicable allowances). ^[11] If staff member is requested to change the residence in order to take up duties, s/he will be entitled to: reimbursement of the travel costs; temporary daily subsistence allowance (e.g. EUR 45.12 for up to 10 months or EUR 36.39 for 120 days, if no dependents); installation allowance (depending on personal situation, 1 or 2 months of the basic salary – paid upon successful completion of the nine-month probationary period). ^[12] Currently correction coefficients for the EUSPA duty locations are: 88% for CZ, 118,7% for FR, 110,3% for NL, 95,2% for ES. The coefficient is updated every year, with retroactive effect from 1 July. ^[13] Pension (10.10%); health insurance (1.70%); accident cover (0.10%); unemployment insurance (0.81%). ^[14] Currently: income tax: tax levied progressively at a rate of between 8% and 45% of the taxable portion of the salary; solidarity levy: 6%. ^[15] Please note that the numbers in examples b) and c) are indicative and net monthly remuneration varies depending on the personal, life and social situation of the incumbent. The various components of the remuneration are updated every year, with retroactive effect from 1 July.

Declaration of commitment to serve the public interest independently:

The jobholder will be required to make a declaration of commitment to act independently in the public interest and to make a declaration in relation to any interest that might be considered prejudicial to his/her independence.

The jobholder will be required to carry out his/her duties and conduct him/herself solely with the interests of the European Union in mind; he/she shall neither seek nor take instruction from any government, authority, organisation or person outside his/her institution. He/she shall carry out the duties assigned with objectivity, impartiality and loyalty to the European Union.

Commitment to promote equal opportunities:

The Agency is an equal opportunities employer and strongly encourages applications from all candidates who fulfil the eligibility and selection criteria without any distinction whatsoever on grounds of nationality, age, race, political, philosophical or religious conviction, gender or sexual orientation and regardless of disabilities, marital status or other family situation.

The personal data requested from applicants will be processed in line with Regulation (EU) N° 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, officers and agencies and on the free movement of such data (repealing Regulation (EC) N° 45/2001 and Decision N° 1247/2002/EC) and the applicable privacy statement which can be accessed here: https://www.euspa.europa.eu/sites/default/files/privacy_statement_selection_and_recruitment_2019.pdf