IT Security Auditor and Data Breach Handler

ABOUT THE POSITION Our job vacancy is in the Systems Oversight and Technology Audits Sector of the Technology and Privacy Unit. The unit provides expertise at the intersection of policy and information technology by generating in-depth knowledge about the impact of technology on privacy and data protection, including the forecast of future trends. The Technology and Privacy Unit of the EDPS is in charge to monitor relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies. The unit also serves as technological advisor and contributor for other units and sectors in the EDPS. In addition, the unit is leading the technical audits of IT systems carrying out data processing operations and in particular the Large Scale IT systems of EU Institutions (EUIs), such as SIS II, Eurodac, VIS, etc. These audits follow the requirements of specific legal instruments and international standards and controls. The unit handles the notification of personal data breaches from the other Union institutions, bodies, offices and agencies (EUIs). As IT Security Auditor and Data Breach Handler, your main responsibilities will include: • Prepare/participate in audits of the most relevant (from data protection point of view) IT systems managed by EUIs; • Document, evaluate and test IT systems and controls to determine their adequacy and effectiveness to ensure compliance with data protection, security legislation and international standards. This will include hands-on verification of the security measures implemented among others at network level, database level, application level, including detection of potential vulnerabilities using specific tools; • Design and maintain audit processes and procedures; • Draft technical reports that analyse/interpret audit results and stakeholder reports that use accessible language to explain the process and recommendations; • Organise and execute ad-hoc technical investigations particularly related to IT systems in the Area of Security, Freedom and Justice (AFSJ); • Use and development of the IT Lab of the Unit with selection and acquisition of tools that will support the auditing and other security activities of the EDPS such as investigation activities; • Contribute to drafting guidelines related to personal data breaches; • Intervene and when appropriate lead investigations or/and audits following one or multiple data breach notifications of the EUIs in order to assess if there is a structural problem of security and provide the necessary recommendations to them; • Manage the full cycle of data breach notification to verify the compliance of the Controller’s actions with the requirements of the Regulation; • Deliver training sessions on personal data breach management; • Prepare reports including statistics on personal data breaches; • Act when required as business analyst and project manager for the data breach notification system and process inside the EDPS. These tasks may require occasional (3-4 times a year) missions out of Brussels. You may also be required to carry out additional tasks when necessary and in the interest of the service.