EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document C/2024/01445

Recruitment Notice PE/303/S – Director (function group AD, grade 14) – Directorate-General for Innovation and Technological Support – Directorate for Cybersecurity

OJ C, C/2024/1445, 15.2.2024, ELI: (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)


European flag

Official Journal
of the European Union


Series C




DIRECTOR (function group AD, grade 14)

Directorate-General for Innovation and Technological Support – Directorate for Cybersecurity



1.   Vacant post

The President of the European Parliament has decided to open the procedure for filling the post of director (AD, grade 14) in the Directorate-General for Innovation and Technical Support — Directorate for Cybersecurity, in accordance with Article 29(2) of the Staff Regulations of Officials of the European Union (1) (‘the Staff Regulations’).

This selection procedure, which is designed to give the appointing authority a wider choice of candidates, will be conducted at the same time as internal and interinstitutional recruitment procedures.

Recruitment will be to grade AD 14 (2). The basic salary is EUR 16 735,00 per month. In addition to the basic salary, which is subject to Union tax and exempt from national tax, certain allowances may be payable in circumstances laid down by the Staff Regulations.

Candidates should note that this post is subject to the mobility policy rules adopted by Parliament’s Bureau on 15 January 2018.

The post calls for flexibility and frequent contact with people inside and outside Parliament, including Members of the European Parliament. The director will be required to travel frequently between Parliament’s places of work and elsewhere.

2.   Place of employment

Luxembourg. This post may be transferred to one of Parliament’s other places of work.

3.   Equal opportunities

The European Parliament is an equal opportunities employer and very much welcomes all applications without discrimination on any ground such as gender, ethnicity, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age, sexual orientation, marital status or family situation.

4.   Job description

As a senior official, the director will be required to carry out the following duties in the light of the guidelines and decisions laid down by the parliamentary authority and the director-general (3):

ensuring that a large department in Parliament’s Secretariat, comprising several units covering the directorate’s areas of activity, runs smoothly and in keeping with Parliament’s policies,

managing, leading, motivating and coordinating teams of staff; optimising the use of the directorate’s resources to provide a high-quality service (organisation, management of human and budget resources, innovation, etc.) in its areas of activity,

planning the directorate’s work (deciding on objectives and strategies); taking the decisions required to achieve the objectives set; assessing the performance of the departments within the directorate with a view to ensuring that high standards are maintained,

advising the director-general, the Secretary-General and Members in the directorate’s areas of activity,

cooperating with the other directorates in the Secretariat, representing Parliament and negotiating contracts and agreements in the directorate’s areas of activity;

managing and seeing through specific projects likely to involve financial responsibilities,

acting as authorising officer by subdelegation.

5.   Eligibility

The selection procedure is open to candidates who fulfil the following conditions on the closing date for applications:


General conditions

Under Article 28 of the Staff Regulations, candidates must:

be a national of one of the European Union’s Member States (4);

enjoy full rights as a citizen;

have fulfilled any obligations imposed on them by the laws on military service;

be able to produce the appropriate character references as to their suitability for the performance of the duties concerned.


Specific conditions



when the normal period of university education is four years or more, a level of education which corresponds to completed university studies attested by a diploma officially recognised in one of the Member States of the Union,


a level of education which corresponds to completed university studies attested by a diploma officially recognised in one of the Member States of the Union and appropriate professional experience of at least one year (5) when the normal period of university education is at least three years.

Diplomas, whether issued in a Member State of the Union or in another country, must be recognised by an official body of a Member State of the Union, such as the ministry of education.

Candidates holding diplomas issued in a non-EU country (6) must enclose with their application an EU equivalence for their diplomas. For further information on recognition of qualifications obtained in a non-EU country in the ENIC-NARIC networks, see


Professional experience required

Professional experience gained after obtaining the qualifications referred to above:

12 years, at least part of which must be in the directorate’s areas of activity, including:

at least six years in a European and/or international environment, and

at least six years in management positions in a large department.


Knowledge of languages

Excellent knowledge of one of the European Union’s official languages (7) is required, along with satisfactory knowledge of at least one other official language of the European Union.

The Advisory Committee for the Appointment of Senior Officials will take knowledge of other official languages of the European Union into account.

6.   Tests

To assist the appointing authority in its choice, the Advisory Committee for the Appointment of Senior Officials will draw up a list of candidates and make a recommendation to Parliament’s Bureau as to who should be called for interview. The Bureau will adopt the list, and the committee will conduct the interviews and submit its final report to the Bureau for a decision. At this stage, the Bureau may interview the candidates.

The interviews will be based on the job description as set out in point 4 above, focusing on the following:

strategic thinking;

management skills;

forward-planning skills;

ability to react appropriately to events;


communication skills.

7.   Submission of applications

The deadline for applications is:

12.00 (noon), Brussels time, on Thursday, 29 February 2024.

Candidates are asked to send, by email only, a personal statement in pdf format (marked ‘For the attention of the Secretary-General of the European Parliament, Recruitment Notice PE/303/S’) and a curriculum vitae in Europass format (8), quoting the reference number for the procedure (PE/303/S) in the subject line, to:

The date and time of dispatch of the email will be taken to be the date and time of submission of the application.

Scanned documents must be legible.

Candidates called for interview must produce by the interview date copies or photocopies of supporting documents relating to their studies, professional experience and current responsibilities  (9) . These documents will not be returned.

Personal data which candidates provide for the purposes of this selection procedure will be processed in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council (10), in particular as regards their confidentiality and security.

(1)  Council Regulation (EEC, Euratom, ECSC) No 259/68 (OJ L 56, 4.3.1968, p. 1), as amended by Regulation (EC, Euratom) No 723/2004 (OJ L 124, 27.4.2004, p. 1) and most recently by Regulation (EU, Euratom) No 1023/2013 of the European Parliament and of the Council of 22 October 2013 amending the Staff Regulations of Officials of the European Union and the Conditions of Employment of Other Servants of the European Union (OJ L 287, 29.10.2013, p. 15).

(2)  On recruitment the official will be placed in the appropriate step, in accordance with Article 32 of the Staff Regulations.

(3)  For description of main tasks, see annex.

(4)  The European Union’s Member States are: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.

(5)  This year of experience will not be taken into account when assessing the professional experience required under indent (ii), ‘Professional experience required’.

(6)  UK qualifications/diplomas obtained up until 31.12.2020 are accepted with no other recognition required. For diplomas obtained after that date NARIC recognition is required. In practice, this means that UK diplomas issued from 1 January 2021 must be accompanied by an equivalence issued by a competent authority of a current Member State of the EU.

(7)  The European Union’s official languages are: Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish and Swedish.


(9)  This does not apply to candidates working for the European Parliament on the closing date for applications. Candidates are responsible for making sure that we are in possession of their complete application file (where relevant documents are missing from the HRM portal (Streamline)).

(10)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).


Directorate-General for Innovation and Technological Support – Directorate for Cybersecurity

Main tasks

(Entity comprising 43 staff: 25 officials and 18 temporary staff members)


Setting up the governance structure and all associated aspects (internal organisation, defining the multiannual roadmap, etc.);

Handling incidents and coordinating the defined list of actions, including drafting reports for the directorate and the authorities; assessing and monitoring ICT security;

Monitoring special projects and initiatives (participating in steering committees, product and equipment selection processes, etc.) that have an impact on ICT security;

Carrying out user awareness actions;

Acting as Data Protection Coordinator for DG ITEC.


Cybersecurity User Awareness:

Develop cybersecurity campaigns for end-users, either on a general level or targeted to specific audiences, in collaboration with the political groups, DGs, directorates or units requesting this service;

Create and deliver cybersecurity presentations tailored to the specific features of the entity for which the presentation is made;

Provide assistance to VIPs in the context of sensitive missions;

ICT Security Governance, Risk, Compliance (GRC) — policy development:

Define the security rules to be followed by both ICT-related functions and end-users;

Security Risks Assessment:

Support IT projects by providing expertise in cybersecurity risk evaluation as well as technical assistance;

Assess the potential cybersecurity risks linked to the introduction of new software in the European Parliament’s IT ecosystem during the evaluation of that software;

Security Assurance:

Create standards for web application security testing as a service;

Develop cybersecurity-related testing methodologies and procedures;

Create coding guidelines in line with cybersecurity industry standards;

Secure Software Development Lifecycle:

Maintain a specific application security program;

Integrate security into every stage of the SDLC through practices, processes, technologies and tools.


Check exposure to risks: check the implementation and effective application of security measures, discover the vulnerabilities, perform security tests throughout the lifecycle of the applications and EP infrastructure (vulnerability scans, pen-tests, configuration reviews and technical audits). Contribute to the resolution of vulnerabilities with operational managers;

Detect security incidents and provide a rapid and effective response to them: search for evidence of compromise and intrusion attempts, collect artefacts, analyse them, and develop resolution actions;

Provide security support and expertise to other services of DG ITEC, the Secretariat, political groups and other institutions. Lead horizontal, complex and multi-disciplinary projects or broad-based services;

Maintain an ICT security technology watch, monitor changes in the threat, evaluate new products and new technologies that can be applied in the field of operational security;

Manage, coordinate and motivate the unit, and ensure that its activities are consistent with the mission of the CISO. Manage relations with current and prospective suppliers in the unit’s area of responsibility. Monitor the unit’s contracts, budget and staff;

Provide expertise in cryptography and implement cross-functional key management infrastructure and public key infrastructure (PKI) services; contribute to the security of infrastructure services;

Manage information relating to cyber defence (Cyber Threat Intelligence), analyse and process the information received, eliminate false positives, and input indicators of compromise (IOCs) into sensors and systems. Generate IOCs from analyses carried out at the EP and share information according to the policy in force. Participate in working and coordination groups (e.g. CERT-EU).


Provide data protection expertise to mitigate against the risks of non-compliance with EU data protection regulations and support ITEC Data Protection Controllers;

Monitor and report cybersecurity risks and threats, manage the ITEC Risk Register, and incorporate the ‘risk and business continuity management by design’ principle into organisational practices;

Develop Business Continuity arrangements for DG ITEC, including maintenance of the organisation’s Business Continuity Plan and continuity exercising and embed the ‘continuity by design’ principle into organisational practices;

Act as Data Protection Coordinator for DG ITEC;

Act as DG ITEC Risk, Business Continuity and Incident Manager;

Ensure that DG ITEC has the capacity to monitor and report on the threat landscape as regards the EU and its institutions;

Manage, coordinate and motivate the unit, and ensure that its activities are consistent with the mission of the CISO. Manage relations with current and prospective suppliers in the unit’s area of responsibility. Monitor the unit’s contracts, budget and staff.


ISSN 1977-091X (electronic edition)