Information technology security officer (m/f/x)

Luxcargo Handling, based at Luxembourg Airport, is a ground handling company specializing in air cargo services. Established in 2023, the company took over the operations of Luxair's Cargo Handling division and employs 1,000 people across a wide range of roles.

Luxcargo Handling S.A. is a member of the Cargolux Group and is wholly owned by Cargolux Airlines International S.A.
For our LCH IT department within LCH, we are looking for an:

Information Technology Security Officer (m/f/x)

Missions:

Own overall responsibilitiesfor LCH information security, support senior management in approving and overseeing cybersecurity risk management measures, and reporting security posture and risks to the ISMS Steering Committee and leadership.
Define and maintain security requirements in intercompany agreements, monitor service provider compliance, conduct regular security reviews, and ensure audit rights are established in line with regulatory governance obligations.
Perform and maintain risk assessments for outsourced services, validate provider risk and audit evidence, ensure compliance with regulatory and standards requirements, and maintain a comprehensive risk register.
Oversee service provider incident management processes, ensure timely escalation of incidents, coordinate internal response actions, and ensure compliance with NIS2 incident notification requirements.
Coordinate internal and external information security audits, validate compliance evidence, and ensure timely implementation of corrective and preventive actions aligned with regulatory expectations.
Define and enforce access control and privileged access management requirements, oversee provisioning and deprovisioning processes, and ensure adherence to least privilege and segregation of duties principles.
Promote cybersecurity awareness by collaborating with internal stakeholders to educate employees on best practices and organizational security responsibilities.
Support incident response activities and lessons learned processes, working closely with IT and cybersecurity teams to strengthen resilience. Provide ongoing support across cybersecurity topics and coordinate actions with group cybersecurity and IT functions.
Define and enhance the IT Business Continuity Management Plan (based on ISO22301), conduct BIAs assessments, maintain BCP/DRP documentation, define and monitor RTO/RPO, coordinate testing, ensure resilience of critical and third-party services, and supportcrisis management through clear communication, timely escalation, and coordinated stakeholder updates.

 Profile:

Minimum requirements for the position
Bachelor's or Master's degree in Information Security IT, Computer Science, or a related field
5+ years of experience in information security, cybersecurity governance, or IT risk management
Strong understanding of regulatory frameworks (e.g., NIS2, Part IS, or equivalent)
Experience managing third-party/vendor risk and outsourcing arrangements
Proven experience in risk assessments, audits, and compliance management
Knowledge of incident management and reporting processes
Show excellent communication skills in English as well as in French or German (spoken and written)

Desired or required skills to acquire / Training to be completed
Strong analytical and organizational skills
Excellent knowledge of cybersecurity principles and controls
Ability to translate regulatory requirements into practical controls
Strong stakeholder management and effective communication skills, both written and verbal.
Ability to work both independently and collaboratively across IT, legal, and business functions
High level of integrity, accountability, and attention to details
Demonstrate a strong commitment to delivering high-quality results on time, with a high level of integrity and professionalism.
Maintain the strict confidentiality of the data

Ideal candidate
Professional certifications (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor) are a plus
Knowledge of the following compliance frameworks (each of them is exclusive): PCI-DSS, COBIT, ISO 2700XStandards
Knowledge in Project management PRINCE 2 or PMBOK
Good knowledge and implications of Part-IS (EASA)

Benefits:
Progressive 13th-month salary
30 days of annual leave
Discounts on a wide range of services and products through partner companies, including travel, retail, healthcare, leisure activities, and more
Training and internal career mobility opportunities across various departments
Free on-site parking and subsidized cafeteria
Life and disability insurance coverage providing financial protection in the event of serious life events
Access to a supplementary pension plan through Lalux
A Certificate of Good Conduct (Criminal Record, Polizeiliches Führungszeugnis) will be required in case of a positive selection.