EMSA

Call for Applications: EMSA/CA/2020/17 - CISE ICT Security Expert

Post: EMSA/CA/2020/17 - CISE ICT Security Expert
Directorate/Unit: Department 2: Safety, Security & Surveillance
Type of post: Contractual Agent
Function group: IV
Location: Lisbon
Closing date for applications: 16 November 2020

The selection of candidates will follow the EMSA Staff Recruitment Procedure. Candidates must apply for this post via the EMSA website http://www.emsa.europa.eu - vacancies. Please note that to make an EMSA on-line application you will need to create your EMSA profile using a valid e-mail address and a password.

1. Background

The European Maritime Safety Agency was established for the purpose of ensuring a high, uniform and effective level of maritime safety, maritime security as well as prevention of and response to pollution by ships within the EU.

The idea of a European Maritime Safety Agency (EMSA)  originated in the late 1990's along with a number of other important European maritime safety initiatives. EMSA was set up as the decentralised agency that would provide a major source of support to the European Commission and the Member States in the field of maritime safety, security and prevention of pollution from ships. The Agency was established by Regulation (EC) No 1406/2002 and subsequent amendments have refined and enlarged its mandate to cover among other measures, the efficiency of maritime transport.

2. Tasks of the Agency

The Agency provides technical, operational and scientific assistance to the European Commission and Member States in the fields of maritime safety, maritime security, prevention of, and response to, pollution caused by ships as well as response to marine pollution caused by oil and gas installations.

The Agency also contributes to the overall efficiency of maritime traffic and maritime transport and supports European cooperation on coastguard functions.

EMSA's activities can be broadly described as:

  • providing technical and scientific assistance to the Member States and the European Commission in the proper development and implementation of EU legislation on maritime safety, security, prevention of pollution by ships and maritime transport administrative simplification;
  • monitoring the implementation of EU legislation through visits and inspections;
  • improving cooperation with and between Member States;
  • building capacity of national competent authorities;
  • providing operational assistance, including developing, managing and maintaining maritime services related to ships, ship monitoring and enforcement;
  • carrying out operational preparedness, detection and response tasks with respect to pollution caused by ships and marine pollution by oil and gas installations;
  • at the request of the European Commission, providing technical operational assistance to non-EU countries around relevant sea basins.

3. Department 2: Safety, Security & Surveillance

The mission of Department 2 is to provide technical assistance and support to the European Commission and Member States on matters related to ship safety and security (Unit 2.1), and to provide maritime surveillance services (Unit 2.2) to EMSA’s large array of users.

On a horizontal level Department 2 is also responsible for managing the Common Information Sharing Environment (CISE) transitional phase by way of bringing together the CISE stakeholders to develop and expand the CISE network to become operational by end of 2021. Department 2 is also responsible for implementing the collaboration with the European Space Agency (ESA). It follows very closely the proceedings at IMO’s Committees and Sub-Committees and provides and coordinates where necessary any technical support required in respect of matters related to ship safety, security, and satellite communications.


4. Functions and Duties

As a member of the EMSA CISE team, the ICT Security Expert will contribute to the development of the CISE project. More specifically, the ICT Security Expert will be asked to:

  • Design and follow the implementation of the CISE security framework to exchange personal, sensitive (but not classified), and classified information (up to EU restricted);
  • Contribute to the design, implementation, maintenance, and assessment of the security aspects of the CISE building blocks (i.e. CISE network, nodes and adaptors);
  • Organize and follow-up the accreditation process of the Agency to exchange classified information through CISE, and ensuring the implementation of the security policies for handling such type of information;
  • Support the EU MS in the accreditation process for handling classified information at the national level providing reference technical information;
  • Draft, review and contribute to official and technical documents (and presentations) addressing internal audience and Public Authorities’ representatives;
  • Contribute to the CISE Security Study and follow up its recommendations;
  • Participate in the security expert groups for CISE.

5. Eligibility and Selection Criteria

A. ELIGIBILITY CRITERIA

A.1 Education and experience

  • A level of education which corresponds to completed university studies of at least three years attested by a diploma AND appropriate professional experience of at least one year.

Only qualifications that have been awarded in EU Member States or that are subject to the equivalence certificates issued by the authorities in the EU Member States will be taken into consideration.

A.2 Language skills

  • The main working language in the field of maritime safety is English. Candidates must therefore have a very good command of oral English as well as in writing with a satisfactory knowledge of at least one other official language of the European Union to the extent necessary for the performance of the above-mentioned duties.

B. SELECTION CRITERIA

B.1. Essential

  • At least 3 years proven professional experience in the management of information security and the implementation of ICT solutions for information security, including the design, implementation and management of PKI infrastructures (e.g. certificates lifecycle management, signature, encryption, openSSL, etc.);
  • Excellent knowledge of information security concepts and technical solutions;
  • Excellent knowledge of the European Union law about the security rules for protecting EU classified information;
  • Excellent knowledge of the General Data Protection Regulation (GDPR);
  • Excellent knowledge dealing with European Union classified information (EUCI) and technical solutions used for EUCI;
  • Excellent knowledge on the EU or Member State accreditation process for communication and information systems handling EU Classified information;
  • At least 3 years professional experience implementing a security framework (i.e. ISO 27001);
  • At least 3 years professional experience in security testing (i.e. penetration testing, vulnerability scanning, risk assessment, etc) based on standard methodologies (i.e. OWASP, OSSTMM, etc.);

B.2. Advantageous

  • Holding a recent security clearance;
  • Certifications on information security frameworks, such as ISO270XX NIST, etc.

Applicants must meet the required eligibility criteria concerning the required educational qualifications and years of experience, as well as the essential criteria by the deadline for this call for applications.

The advantageous criteria will be considered by the Selection Board depending on the number of applicants meeting the essential criteria.

In addition to the requirements above, candidates invited to the interview and test phase may also be assessed against the following supplementary requirements:

  • Excellent written and verbal language skills in English (in order to draft technical documents and to interact with English-speaking stakeholders);
  • Passion for learning new technologies and tools;
  • Customer orientation and agile mind-set;
  • Good organisational and interpersonal skills as well as the ability to deal with people tactfully;
  • Strong customer-focused approach to work, demonstrating responsiveness and flexibility;
  • Ability to clearly communicate in an effective manner with colleagues, superiors, and external contacts at different levels;
  • Capacity to work with minimum supervision;
  • Sense of initiative and responsibility; 
  • Ability to work under pressure and to deliver within precise deadlines, to organise the workload and to prioritise tasks.

6. General Conditions

In order to be eligible the candidate must:

  • Be a national of one of the Member States of the European Union or of Iceland or Norway;
  • Be entitled to his/her full rights as a citizen;
  • Have fulfilled the obligations imposed on him/her by the laws concerning military service;
  • Meet the character requirements for the duties involved; and
  • Be physically fit to perform the duties linked to the post.

It should be noted that due to the withdrawal of the United Kingdom from the European Union on the 31/01/2020, candidates from the United Kingdom who do not hold the nationality of another European Union Member State, are not eligible for calls for applications at EMSA due to the fact that they do not fulfil the requirements of Article 82.3 of the Conditions of Employment of Other Servants, namely that they do not hold the nationality of a EU Member State.

7. Conditions of Employment

The CISE ICT Security Expert will be appointed by the Executive Director, upon recommendation of the Chairperson of the Selection Committee.

Please note that the position will be offered only after the signature of the second CISE Grant Agreement with DG MARE, which is currently foreseen to enter into force in October 2020 with a duration of 3 years. The initial contract of employment will be aligned to the duration of the CISE Grant Agreement.

In the event that the CISE Grant Agreement is renewed, the contract of employment may also be renewed beyond the initial duration, subject to the normal conditions.

Security Clearance to have access to classified information up to and including the level of SECRET UE/EU SECRET is requested for this post. In case the successful candidate is not in possession of such a clearance, EMSA will request it. Failure to obtain the security clearance will lead to termination of the contract of employment.

The successful candidate will be recruited in function group IV (FGIV). The grade will be determined in accordance with the number of years of professional experience.

The basic monthly salary, before any deductions or allowances, weighted for Lisbon, at 1 July 2019 for the entry grade of Function Group IV (FGIV, Grade 13, Step 1) is 3,177.31 EUR.

In addition to the basic salary, staff members may be entitled to various allowances, such as an expatriation allowance (16% of basic salary), household allowance, dependent child allowance and education allowance. The salary is subject to a Community tax deducted at source and staff members are exempt of national taxation.

Please note that recruitment is done in the first or second step of the indicated grade, depending on the duration of the acquired professional experience. EMSA offers a comprehensive welfare package including pension scheme, medical, accident and occupational disease insurance coverage, unemployment and invalidity allowance. Further information regarding rights and conditions of employment can be found in the following document.

Please note that in line with the Staff Regulations recruited candidates shall be required to demonstrate before their first promotion the ability to work in a third European Community language.

The place of employment is Lisbon, Portugal.

Candidates are advised that if they are offered a post, and accept, they must undergo a compulsory medical examination to establish that they meet the standard of physical fitness necessary to perform the duties involved.

EMSA is an Agency focused on gender balance and a harmonic workplace and strongly encourages the applications of women for the positions where they are underrepresented.

8. Submission of Applications

Candidates should ensure that they clearly indicate how they meet the selection criteria in their application and motivation letter.

Candidates must submit their application electronically solely via the EMSA website within the deadline. Applications by any other means (hard copy or ordinary e-mail) or submitted after the deadline will not be accepted.

All candidates will receive an acknowledgement of receipt for their application.

EMSA is an equal opportunities employer and encourages applications from all candidates who fulfil the eligibility and selection criteria without any distinction whatsoever on any ground such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age, marital status or other family situation or sexual orientation.

You may apply in any of the official languages of the European Union, but it would be helpful to apply in English in order to facilitate the selection process.

9. The Selection Process

For each selection process a Selection Committee is nominated. The selection is carried out in two phases:

1. In the first phase all eligible applications will be evaluated by the Selection Committee and scored against the selection criteria. Please note that non-compliance with at least one of the essential selection criteria will result in the exclusion of the candidate from the selection process. Advantageous criteria constitute additional assets and will not result in exclusion, if not fulfilled. The advantageous criteria will be considered by the Selection Committee depending on the number of applicants meeting the essential selection criteria.

On this basis, the Selection Committee will invite to the interview and to the test phase the best qualified candidates (maximum of 15), on condition that they have achieved at least 60% of the highest possible score during the evaluation of applications. Should the case arise that there are various candidates scoring the same number of points in the 15th ranking, the number of candidates to be invited will be increased accordingly to accommodate this. 

2. In the second phase, the selected candidates will be invited to pass one or several written tests related to the job profile and to take part in a selection interview.

During this recruitment phase, the selected candidates will be evaluated by the Selection Committee. After the interviews and tests, the Selection Committee will draw up a list of the most suitable candidates to be proposed to the Appointing Authority. Only candidates receiving at least 70% of the maximum points at interview and at the test phase will be included in the list of the most suitable candidates. The Appointing Authority will select the successful candidate and decide whether to also adopt a reserve list. The successful candidates will be informed accordingly.

Candidates are strictly forbidden to make any contact with the members of the selection committee, either directly or indirectly. Any infringement of this rule will lead to disqualification from the selection procedure.

All candidates will receive an information letter of the outcome of their application.

Please be informed that due to the current COVID-19 situation, there is a possibility that the interviews and/or the written tests could be organised remotely. Further information on the organisation of the  test and interview will be provided upon invitation.

Please note that a binding commitment can only be made after verification of all conditions and will take the form of a contract signed by the Executive Director.

The reserve list will remain valid for a period of 1 year following its establishment, with the possibility of renewal. Therefore candidates whose name will be put on a reserve list could be offered a contract during this period of time. Please note however that inclusion in the reserve list does not guarantee recruitment.

Please note that the selection process may take several months to be completed and that no information will be released during this period. Once a selection process has been completed, its status will be displayed in the e-recruitment.

Please note that once you have created your EMSA profile, any correspondence regarding your application must be sent or received via your EMSA profile.

For any prior enquiry, please refer to the FAQ (Frequently asked questions) section, or send an e-mail to recruitment@emsa.europa.eu

Requests for information and appeal:

How to request for information: An applicant who would like further information or considers that he/she has grounds for complaint concerning a particular decision of the selection procedure may send a request by e-mail to recruitment@emsa.europa.eu preferably within 10 working days from the date he/she was notified.

EMSA Human Resources will forward the request to the Chairperson of the Selection Committee and the applicant will receive a reply as soon as possible.

How to lodge a complaint and/or an appeal procedure: An applicant may lodge a complaint under Article 90(2) of the Staff Regulations of Officials of the European Communities and Conditions of employment of other servants of the European Communities by email to recruitment@emsa.europa.eu or registered mail at the following address:

Human Resources Unit

EMSA

Praca Europa 4

1249-206 Lisbon

Portugal

The time limit for initiating this type of procedure is three months (see Article 90(2) of the Staff Regulations as amended by Regulation (EU, Euratom) No 1023/2013 of the European Parliament and of the Council of 22 October 2013, OJ L 287, 29.10.2013 from the time you become aware of the act allegedly prejudicing your interests.

Applicants can make a complaint to the European Ombudsman. Before submitting a complaint to the European Ombudsman applicants must already have contacted EMSA about the matter and used all the internal administrative options for review and/or complaints provided for in the Staff Regulations.

More information: https://www.ombudsman.europa.eu/en/home

Personal Data protection

 

The processing of personal data in the Community institutions and bodies like agencies is regulated by Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

The Applicant shall have the right of access to his/her personal data and the right to rectify any such data that is inaccurate or incomplete. Should the Applicant have any queries concerning the processing of his/her personal data, (s)he shall address them to the delegated controller of the data, Head of Human Resources Unit. The Applicant shall have right of recourse at any time to the European Data Protection Supervisor.

For more on personal data protection and related documents see the Personal Data Protection page.