Job Offer

Information Security Officer

Application Open Date: 
04/02/2020 - 01:01
Deadline Date: 
02/03/2020 - 11:00
Helsinki, Finland
Type of Contract: 
Temporary staff
JOB Description: 
The Information Security Officer works in the Information Systems Directorate of the Agency. The Agency is working to consolidate Information security and IT security into one horizontal function by the end of 2020. Such function does not cover physical security and the security aspects of HR management. The purpose of the Information Systems Directorate is to enable the business and administrative processes of the Agency with digital technologies and to apply state of the art data management technologies and methodologies to large data repositories and knowledge bases on chemicals, which are at the core of the Agency’s work. In this context, the Agency is committed to protecting confidential information received from the chemical industry and other market operators. The Agency complies with the EU Data Protection Regulation. Sound data classification and data access policies, secure IT infrastructure and secure management of access to data for all the users (internal, external in the Member States of the EU, contractors and other stakeholders) are key responsibilities of the Information Systems Directorate. The Agency manages security according to Information security policies and by applying the controls foreseen in the IT Security Management System that is part of the ISO 9000 certified Internal Management System. As part of their portfolio of services, ECHA’s IT outsourcing contractors also provide security services for the Agency; for example, the provider of IT infrastructure services delivers infrastructure related security services too. CERT services are provided by CERT-EU and a collaboration with the Finnish national CERT - NCSC-FI - is well established. The Information Security Officer will carry responsibilities and perform tasks in the following areas of work: • Support management in developing and maintaining information security policies, coordinate their implementation in the IT and Business processes; • Regularly assess security risks and propose mitigating measures as needed; • Implement and upgrade the ECHA’s security model for working with national authorities in the EU Member States; • Ensure application and, when necessary, upgrade the ECHA’s security model for working with IT Contractors having access to confidential data in the delivery of their services; • Collaborate with external stakeholders (e.g. CERT-EU) and IT Contractors providing security services to ECHA; • Implement and upgrade the ECHA IT Security Management System, in particular coordinate security incident investigation and response by working closely with the contractors providing security services; • Deliver security services to internal demand in the Agency, such as security assessments of new or changing IT services; • Contribute to the Enterprise Architecture function; • Assess the implementation, performance and effectiveness of Information security policies and IT security management and report at all necessary level, including Board of Directors level and Agency Management Board level.
Reference ID: 
Vacancy Type: 
Job Status: