Information Security Engineer

The Information Security Engineer reports to the Chief Information Security Officer. The Chief Information Security Officer determines the activities due based on evolving needs to improve the company’s GRC posture and to secure CHAMP assets.

The Information Security Engineer assists the Chief Information Security Officer with managing Information Security activities. Especially, he will work on improving the Governance, Risk, and Compliance (GRC) program. He will be assisting in developing and ensuring compliance with security policy, carrying out security assessments, and assisting with the development and management of a cybersecurity risk management program. His competence should include knowledge of common cybersecurity frameworks like ISO 27001.

The Information Security Engineer proactively evaluates the system and network enterprise environments and uses technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures, and education to implement effective cyber security programs and strategies; determines security controls, configurations, procedures, and policies based off industrial standards, best practices, regulations, and contractual requirements; establishes and manages program control processes and compliance assessments to determine deviations from acceptable configurations, policy, or standards.

Responsibilities :

The Information Security Engineer reports to the Chief Information Security Officer. The Chief Information Security Officer determines the activities due based on evolving needs to improve the company’s GRC posture and to secure CHAMP assets. A non-exhaustive list of responsibilities and duties is:

• Assist in drafting and updating documentation related to compliance frameworks, policies, and procedures as needed.
• Collaborate on internal communications regarding updates to security policies or compliance requirements.
• Review and understand fundamental regulations and frameworks related to cybersecurity and manage security documents and applicable processes to be aligned with them.
• Assist in audits by coordinating evidence collection, responding to framework requirements such as ISO 27001, NIST 2.0 CSF… and supporting audit readiness efforts.
• Stay informed on emerging compliance regulations and industry trends to provide recommendations for continuous improvement.
• Assist in conducting risk assessments, maintaining the risk registry, and supporting the development and implementation of security policies and procedures.
• Manage the intake and review process for software and vendor security assessments, ensuring compliance with organizational standards.
• Address customer security inquiries and maintain accurate and transparent information.
• Design and develop security control automation to support the Cyber Security Roadmap and the GRC program.
• Track and manage GRC-related tasks, providing comprehensive support for compliance and risk mitigation initiatives.
• Monitor and report on GRC program performance, including task progress, risk mitigation, and training outcomes, and provide regular updates to leadership on metrics and milestones.
• Collaborate with cross-functional teams, including Security Operations, Engineering, IT, Legal, and Internal Audit, to integrate security best practices and meet regulatory obligations.
• Assist in conducting periodic reviews of third-party vendors to assess compliance with security and contractual requirements.
• Serve as a backup resource for other security team functions during peak workloads or resource constraints.

Knowledge, Competencies & Skills

• Proficiency in various cybersecurity technologies and tools, including security training and awareness tools, vendor risk management tools, and security compliance and risk register tools.
• Experience with security domains (e.g., Identity and Access Management, Security and Risk Management, Compliance, Organization of Information Security, Cryptography, Security Assessment and Testing, etc.).
• Familiarity with security information and event management (SIEM) systems.
• Strong analytical, problem solving, and conceptual thinking skills.
• Familiarity with industry security standard frameworks and security compliance regulations (e.g., ISO 27001/27002, NIST 2.0 CSF…).
• Successfully completed or able to work towards a security certification (e.g., CISSP, CGRC, CRISC, CISA…).

Education and Experience :

• Master’s degree in computer science, information technology, cybersecurity, or equivalent.
• Related work experience in Information Security, IT/IS Audit, Security Governance, Risk, Compliance, or a related field appreciated.

The selected candidate may be subject to the provision of an up-to-date (not older than 3 months) criminal record certificate.

Security: the successful candidate will have to comply with CHAMP Security Requirements (including but not limited to CHAMP’s IT Security Policies, especially the ISMS Policy and the Acceptable Use Policy, mandatory courses, confidentiality and data protection, use of company assets, and incident reporting).

CHAMP Cargosystems is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions are based on business needs, job requirements and individual qualifications, without regard to race, ethnic background, religion or belief, family or parental status, or any other status protected by the laws or regulations in the locations where we operate.

Please note that any personal data that you submit along with your application will be processed by CHAMP and may be processed by any of its global entities as necessary. These data will be treated in strict compliance with the applicable data protection legislation (i.e. the Law of 2 August 2002 on the protection of individuals with regard to the processing of personal data, as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, - the GDPR -, which entered into force on 25 May 2018, as well as any other subsequent regulation).

Further details on what is considered personal data, how it is processed by CHAMP as well as your rights in this regard can be found here. Any questions relating to this should be addressed to CHAMP’s Data Protection Officer:

Gertrud Huberty
2, rue Edmond Reuter
Zone d'Activités "Weiergewan"
L-5326 Contern
Luxembourg

Email:  dpo@champ.aero  (Please do not use this email to send job application)