Your role
As an Analyst working on IT risk inspections, you will:
1. contribute to IT risk on-site inspections (OSI), primarily at the premises of the significant institutions;
2. add to the technical knowledge within the team, building upon your current expertise and staying up to date with a wide range of new developments, in close contact with national supervisory authorities, joint supervisory teams and ECB horizontal functions;
3. provide deliverables, implement standards and contribute to the assessment of the risks faced by significant institutions and their adherence to regulatory requirements;
4. carry out activities to optimise, manage and integrate processes and tools to support the efficiency and effectiveness of OSIs in the SSM.
As an Analyst in the TLPT team, you will:
5. take an active part in overseeing the TLPT as Test Manager, working closely with the banks undergoing testing, the threat intelligence provider, the red team and all other stakeholders;
6. contribute to the internal TLPT processes of the SSM, such as identifying banks to be tested, planning the tests, liaising with the TLPT Cyber Teams, assisting in attestations and providing guidance to the joint supervisory teams for specific tests;
7. play an active role in the SSM TLPT community and the overall community implementing the European framework for threat intelligence-based ethical red-teaming (TIBER-EU).
These positions in DG/OMI offer excellent opportunities. Both the IT risk inspector and TLPT profile will allow you to contribute to a team which is results-focused and engages with others in a collaborative and constructive manner. They will require you to anticipate stakeholders’ needs within the increasingly important field of IT risk and cybersecurity. Moreover, the organisational combination of TLPT and on-site supervision within DG/OMI provides the potential to switch between these roles in the future.The Directorate General fosters a supportive environment which prioritises employee well-being and a healthy work-life balance.
Qualifications, experience and skills
Essential:
8. a bachelor’s degree or equivalent in computer science, information systems, or another relevant field (see How you can join us for details on degree equivalences);
9. in addition to the above, a minimum of two years of relevant professional experience (including traineeships and internships) in the field of IT operations, IT audit, IT risk management or cybersecurity;
10. a high level of commitment and flexibility as well as the ability to work efficiently and effectively under pressure;
11. good drafting and presentation skills and the ability to prepare briefings in a clear and concise way for diverse audiences;
12. the ability to familiarise yourself quickly with new topics and willingness to continue learning;
13. very good IT skills and experience of using MS Office;
14. an advanced (C1) command of English and an intermediate (B1) command of at least one other official language of the EU, according to the .
Desired for the IT risk inspection profile:
15. a master’s degree, preferably in computer science, information systems, or another relevant field;
16. professional experience with IT system operations, management, IT audit and inspections;relevant professional qualifications such as Certified Information Systems Auditor;
17. a strong ability to use other EU languages for business purposes.
Desired for the TLPT profile:
18. a master’s degree, preferably in computer science, information systems, or another relevant field;
19. professional experience with IT security testing and/or red teaming and/or threat intelligence ;
20. relevant professional qualifications, such as Certified Information Systems Security Professional, Certified Information Security Manager or Certified in Risk and Information Systems Control;
21. a strong ability to use other EU languages for business purposes.
You engage collaboratively with others. You pursue team goals and learn willingly from other people’s diverse perspectives. You signal any need for change by explaining it and proposing alternative solutions. You analyse complex information effectively and can evaluate different views to arrive at solutions. You know and anticipate stakeholder needs. You are skilled at encouraging people to develop their abilities and can build up high-performing teams.You are motivated to be part of our team and to develop and use your skills and competencies to achieve the aims of this position. You are aware of your strengths and areas for development and know what motivates you to perform at your highest level.
Working modalities
For the IT risk inspection profile, much of your time will be spent on-site at the premises of supervised banks. This requires a willingness and ability to travel for prolonged periods.For the TLPT profile most of the work will be performed at the ECB’s premises, but this role requires a willingness to work on-site at the premises of supervised banks for limited periods of time (e.g. for meetings at the start and end of TLPT). Hybrid approaches, alternating between working on-site at banks and remotely, are an integral part of our supervisory culture and compatible with the needs of the on-site activities.A role in European banking supervision means working in multinational and multicultural teams and operating within different national frameworks.