Information Security Officer (m/f/x)

Luxcargo Handling, based at Luxembourg Airport, is a handling company specializing in air freight. Founded in 2023, the company took over the Cargo Handling branch of Luxair and employs 1000 people in various roles.

Luxcargo Handling S.A. is a subsidiary of the Cargolux group, fully owned by Cargolux Airlines International S.A.

For our LCH IT department within LCH, we are looking for an:

Information Security Officer (m/f/x)

Missions:

• Develop and maintain information security management system policies and procedures defining the information security principles, frameworks, and rules for LCH
• Perform a regular cybersecurity risk assessment and follow up associated action plan 
• Assess the compliance of ISMS, cybersecurity services and risk management process regarding the existent and upcoming regulation applicable to the organization
• Develop and implement information security improvement plan to comply with industry standards and regulations
• Support audit and regulatory requests about Cybersecurity
• Collaborate with other departments and stakeholders to educate employees on cybersecurity best practices and enhance organizational awareness of the importance of information security and risks.
• Contribute to the response and lesson learnt to Cybersecurity incidents to mitigate the impact for future occurrences in closed cooperation with technical IT and Cybersecurity teams
• Provide support when needed on all cybersecurity topics and coordinate actions with group cybersecurity and IT teams

Profile:

 Minimum requirements for the position

• Be holder of master or engineer degree in IT (Bac +5). Bachelor degree with significant and relevant experience can be potentially considered
• Demonstrate strong knowledge of technologies and how it supports the day-to-day business, to including: Software Development Life Cycle (SDLC), Information Technology Operations, Data Center Operations, vendors management, Information Technology auditing, third party management and Cloud technology. 
• Have good knowledge and implications of NIS2
• Provide a proven track of practical experience designing and implementing enterprise information technology security environment: physical and/or software.
• Have excellent knowledge of standard project management practices 
• Have excellent knowledge of standard office applications
• Show excellent communication skills in English as well as skills in French or German (spoken and written)

Desired or required skills to acquire / Training to be completed

• Refer to the training table
• Demonstrate the ability to communicate at all levels, both inside and outside the company
• Show strong organizational and analytical skills
• Show ability for clear expression in writing
• Be capable of working independently as well as in a team 
• Be driven to deliver quality results on time with a high degree of integrity and in a highly ethical and professional manner 
• Maintain the strict confidentiality of the data
• Must be able to learn, understand, and apply new regulations

Ideal candidate

• Holding any certification in the area of Information Security will be considered as an asset.
• Have knowledge of the following compliance frameworks (each of them is exclusive): PCI-DSS, COBIT, ISO 2700X or HIPAA
• Knowledge in Project management PRINCE 2 or PMBOK
• Good knowledge and implications of Part-IS (EASA)

A Certificate of Good Conduct (Criminal Record, Polizeiliches Führungszeugnis) will be required in case of a positive selection.