Share this Job

Chief Information Security Officer

Luxembourg, LU, L-2955

Job summary


The Chief Information Security Officer is responsible for the development and maintenance of Group Information Security Strategy and Framework at group level.

The CISO monitors the implementation of the information security measures through key risk indicators and on the status of information security management and risks to the bank.

As member of the Group COO management team, the CISO supports and contributes to the definition of the COO strategy and manages a team of security experts/officers.

Job responsibilities


Establishes governance and oversight and responsible for the information security policy for the Bank

Defines jointly with IT Security Officer the IT security measures to be implemented

Identifies risk issues relating to the availability, confidentiality and integrity of Quintet’s digital / electronic business assets; define suitable controls to mitigate the risks; guide the Group in the application of these controls

Ensures compliance with regulation, internal policies and procedures and sets and operates IT risk and compliance policies

Chairs the Group Information Security Committee

Defines the cyber security framework and manages the crisis in the event of a cyber-attack

Organizes regular monitoring of audit recommendations related to information security across the group

Collaborates with IT security Officer to prepare and review IT risk analysis performed about risk analysis process, and increase awareness within business lines

Participates in projects relevant to cyber resilience and ensures cross-entity and cross-project consistency

Ensures awareness across the group on information security through regular exercises such as Phishing campaign, cyberattack simulation including external parties when applicable

Own the Security Monitoring Program including scope definition, steering committees organization, resolution of identified vulnerabilities and issues of ISAE 3000

Experience and skills

Master in Information Technology, Business, Finance

Relevant experience 10-15 years in IT Security, Risk Management


Sound knowledge of EBA guidelines & CSSF circulars

Sound knowledge of IT security standards, industry best practices and methodologies

Experience in IT risk assessment / analysis process

Good understanding of the IT security solutions market

Sound knowledge of banking business

Strong problem solving and analytical  skills

High level of diligence and ability to multi-task and work on tight deadlines

Strong communication skills


Fluent in English and French.

Another additional language is a plus