Senior Information Security & GRC Expert

About the role

The Luxembourg Institute of Science and Technology (LIST) is seeking a senior professional to lead the implementation, maintenance and continuous improvement of its Information Security Management System (ISMS). The role bridges business objectives, regulatory requirements and emerging cyber threats, ensuring a robust security governance framework across the organization.

Key responsibilities

• Support the implementation and ongoing improvement of the ISMS in line with business strategy, legal, regulatory and contractual obligations (e.g., NIS2, GDPR, ISO/IEC 27001).
• Develop, review and maintain information security policies, standards, procedures and guidelines.
• Conduct risk assessments, support risk treatment planning and manage security exception processes.
• Define, implement and monitor administrative, organizational and technical security controls.
• Coordinate with internal stakeholders to embed security requirements into projects and IT services (secure‑by‑design).
• Define and track security KPIs/KRIs, produce dashboards and support risk‑informed decision‑making.
• Maintain risk registers, governance artefacts and support risk committees, security reviews and compliance monitoring.
• Contribute to security awareness initiatives and support incident management and post‑incident learning.

Required profile

• Master’s degree (Bac+5) in information security, computer science or a related field.
• Extensive experience in information security governance, risk management and compliance within a large organization.
• Strong knowledge of international standards and regulations such as ISO/IEC 27001, NIS2 and GDPR.
• Proven ability to develop and maintain security policies, procedures and control frameworks.
• Excellent communication skills to work with technical and non‑technical stakeholders.

Required skills

• ISO/IEC 27001
• NIS2
• GDPR
• Risk assessment and treatment
• Security governance and policy development

What we offer

• Permanent contract in a leading research and technology organization.
• Opportunity to shape the security posture of a high‑impact institution.
• Collaborative environment with access to cutting‑edge scientific projects.