PwC Luxembourg is hiring an IT Security Officer (m/f/d). What if it was you? Your mission: We’re looking for an IT Security Officer to strengthen our cybersecurity posture and help protect our organization’s systems, data, and people. In this role, you’ll be part of a dedicated security team responsible for assessing products, enforcing security controls, supporting IT teams, and ensuring compliance with security standards. If you enjoy solving security challenges and want to make a real impact, this role will suit you well.
Be a part of our team where you will:

• Enforce security policies, standards, and procedures across IT systems and services;
• Conduct regular security checks and configuration assessments;
• Track vulnerabilities and follow up with technical teams to ensure timely remediation;
• Provide security guidance during system changes, deployments, and upgrades;
• Coordinate and support audits and compliance activities (NIS, ISO 27001, …);
• Support IT projects end-to-end, from early security assessment to CAB validation for production release;
• Maintain and communicate policies, procedures, guidance, standards and instructional materials to IT teams based on NIS information.;
• Review and analyze design documentation to ensure appropriate security controls are in place;
• Maintain accurate records of security controls, exceptions, and risk acceptance decisions;
• Coordinate and oversee penetration testing activities.

Security Assessments

• Conduct security assessments on products and any software developed. Identify risks and define remediation actions .;
• Evaluate the security of solution architecture to validate the use of the solution within our IT landscape;
• Acts as the main point of contact for all security assessments and remediation advice.

Eligibility / Qualification Required:

Let’s talk about you. If you are/have:

• Bring at least 3 years of experience in a related field;
• Hold a Bachelor’s degree;
• Are familiar with industry best practices, standards and frameworks such as ISO 27001, NIST, OWASP and the MITRE ATT&CK Framework;
• Communicate clearly and effectively, both verbally and in writing, and can explain complex technical concepts to non‑technical audiences;
• Possess strong technical knowledge in cybersecurity, including application security, security assessments and security controls;
• Feel comfortable educating and training non‑technical colleagues on security best practices and protective measures;
• Approach cybersecurity holistically, considering both human and technological aspects, and understand the role of user behaviour in maintaining security;
• Have experience in vulnerability management, including identification and follow‑up;
• Are fluent in English and French;

Education (if blank, degree and/or field of study not specified):

• Degrees/Field of Study required: Not specified
• Degrees/Field of Study preferred: Not specified

Certifications (if blank, certifications not specified): Not specified
Required Skills: Accepting Feedback, Active Listening, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Governance, Data Architecture, Data Archiving, Data Flow Mapping, Data Privacy Act, Embracing Change, Emotional Regulation, Empathy, Enterprise Content Management, Incident Response Plan, Inclusion, Information Rights Management (IRM), Information Security, Information Security Governance, Information Security Management System (ISMS), Intellectual Curiosity, IT Infrastructure {+ 11 more}
Optional Skills: Accepting Feedback
Desired Languages (If blank, desired languages not specified): Not specified
Travel Requirements: Not Specified
Available for Work Visa Sponsorship? Yes
Government Clearance Required? No

How to Apply:

Application instructions are not provided in the text.

General Conditions:

General conditions are not provided in the text.
View Official Posting & Apply