Senior IT Risk & Control Officer

Arendt & Medernach is the leading independent business law firm in Luxembourg with over 800 professionals. The firm’s international team of more than 450 legal experts represents Luxembourg and foreign clients in all areas of Luxembourg business law from its main office in Luxembourg and representative offices in Frankfurt, Hong Kong, London, New York, and Paris.

Our service to clients is differentiated by the end-to-end specialist advice we offer, covering all legal, regulatory, taxation, and advisory aspects of doing business in Luxembourg.

Our firm advises international and domestic clients in all areas of business law relevant to their business activities, ranging from fund formation, banking, insurance, private equity, and real estate to corporate and tax matters.

Given the ongoing development of our firm, we are currently recruiting:

Senior IT Risk & Control Officer

Based in our Hamm Office

Your role:

Lead Document management & Risk Framework activities within IT organization: 

• ISMS implementation and ISO27001 annual certification.
• Keeping up to date IT security Policy, process and procedure documentations.
• Define and review IT security framework.
• Maintain IT global risk register 
• Feed KPIs/KRIs and data points to relevant governances.

Lead Recurring controls activities: 

• Define recurring annual controls planning.
• Pilot, as a program manager, the annual recurring controls execution within IT organization and report findings and remediation plan to the appropriate committees.
• Collaborating with management to improve security. 
• Lead Annual testing plan and penetration testing plan.
• Support CISO team and Business risks community for compliance conformity assessment and due diligence exercise.

Operational cyber security

• Incident management: Documenting any security breaches and assessing their damage.
• Problem management: Assis problem manager to identify security weakness in any security incident (root cause) and define remediation plan.

Your profile:

• You hold a Bachelor degree or a Master degree in business informatics, information/security systems or related field;
• You have a sound experience (advisory included) in IT security with a successful experience as ITSO or CISO.
• You have ISO 27001 Lead implementor or ISO 27001 Lead auditor certification
• You have solid IT knowledge.
• You have strong interpersonal and communication skills.
• You have problem-solving skills and a proactive attitude.
• You are organized, proactive and customer oriented.
• You are recognized as a team player and able to work autonomously.
• You have a perfect command of English and French, both spoken and written.

Technical skills:

• Project Management 
• ITIL process and vulnerability management.
• Threat Intelligence and Analysis.
• DORA, ISO27001 and PSF requirements.
• Knowledge of cloud environments and/or shared services center is an asset.
• You have a very good knowledge of IT security concepts and solution (Firewall, Waf, Proxies, end point security)

We Offer:

• Excellent career development opportunities with tailor-made internal training focused on both technical and soft skills;
• An entrepreneurial work culture where we promote talent & ideas;
• Multicultural, diverse teams encouraging collaborative work;
• The opportunity to work and interact within a wide network of specialists; and
• A hybrid working environment offering flexibility and the possibility to work from home.

Within Arendt, we uphold high standards. Our professionals work with clients on engaging projects, empowered from the start. With a strong local presence in Luxembourg and international reach, we support and train our team members to thrive in a culture of excellence. Specialised teams ensure the right skills are available, allowing for a focus on added value. Our leaders are approachable, providing support and mentoring. 

We offer a vibrant social life with numerous events, embracing sports and art, our culture encourages openness and discovery beyond the professional realm. With over 50 nationalities represented, Arendt is committed to the well-being of its staff, serving the best interests of its clients, protecting the environment, and supporting education.

Arendt promotes equal opportunities and value each employee for what they bring to the community.For more information, please refer to our diversity and inclusion policy on our website.

Interested?

If you are interested in this job opportunity, we are looking forward to receiving your application.

All applications will be treated confidentially.

Please be aware that the selected candidate will be required to provide a criminal record (or certificate of good conduct).

#AM

About Arendt

Arendt & Medernach (A&M) is dedicated to providing top-quality legal services. Based in Kirchberg, A&M is the leading independent law firm in Luxembourg, representing local and international clients in all areas of Luxembourg business law.

Arendt Regulatory & Consulting (ARC) is a team of experts from a diverse range of fields. Based in Kirchberg, ARC offers the opportunity to advise asset managers and servicers on their fund regulatory matters.

Arendt Investor Services (AIS) acts as a regulated business facilitator. Supported by a team of experts in Hamm, AIS offers a full range of corporate, tax and funds services.