Apply now »

IT Security Officer LU

Date:  02-Feb-2023

Luxembourg, LU, 2453

With 150 years of history, Degroof Petercam is a leading financial institution owned by family shareholders with a long-term commitment since 1871.


Whether they are private or institutional investors, its clients benefit from a unique combination of services combining wealth management, administration and management of collective investment schemes, financial market operations and financial engineering.


Present in Luxembourg since 1987, Degroof Petercam Luxembourg employs more than 370 staff spread over three entities located in the area of La Cloche d'or: Banque Degroof Petercam Luxembourg S.A., Degroof Petercam Asset Services S.A. and Degroof Petercam Insurance Broker S.A.

Your Position

•    Participate to the group IT Risk & Security committee, representing the LUX scope;
•    Challenge, advise, monitor all IT related activities throughout key IT projects and Lifecycle program;
•    Identify, assess  and manage risks linked to Information Technology (confidentiality, availability, integrity);
•    Define and follow implementation of IT security procedures standards or guidelines, aligned with Group IT security strategy in order to protect organization’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals;
•    Serve as the chief point of contact for our Technology Risk Management & Information Security team;
•    Provide support for assessing risks in technology related initiatives with risks and red flags identified during defined intake procedures;
•    Assist in the definition of new metrics monitor Key Risk Indicators (KRIs) against Degroof Petercam technology risk appetite;
•    Prepare the first line Risk report and track actions to reduce technology risk;
•    Assist with the Technology Risk reporting operations, including scheduling key monthly meetings, monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes;
•    Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for specific area;
•    Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines (Such as CSSF, EBA, ECB, etc…);
•    Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement;
•    Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities;
•    Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise;
•    Produce dashboard & reports in order to give visibility on current IT Risks and IT Security status.

Your Profile

•    Good blend of technical and nontechnical skills;
•    Experience with European regulatory requirements (ECB, EBA, NBB, CSSF, …);
•    Advanced knowledge in industry frameworks and standards (NIST, ITIL, ISO27xxx, SANS CIS20, …);
•    Financial Services industry experience is an asset;
•    Expert knowledge of IT security and risk disciplines and practices including vulnerability management (Nessus Tenable, Qualys or IBM QRadar) as an asset;
•    Advanced knowledge of organization, technology controls, security and risk issues;
•    Demonstrated ability to participate in complex, comprehensive or large projects and initiatives;
•    Good knowledge of European and Luxembourg regulatory matters;
•    Good communication skills both in writing and speaking;
•    Stress-resistant and able to manage crisis situations;
•    French and English mandatory (written and spoken).

To guarantee his good repute, the candidate must provide an extract from his criminal record before any hiring. 


The regulations relating to the protection of personal data, concerning the processing and preservation of the personal data of the employer's workers, are applied through the "Data Privacy Policy" and the "Employee Privacy Charter" in force. , available on the company's website:


Apply now »