Accept Refuse

EUR-Lex Access to European Union law

This document is an excerpt from the EUR-Lex website

Document C2018/388A/01

European Union Agency for Network and Information Security (ENISA) — Publication of a vacancy for the function of Executive Director (Temporary Agent — Grade AD 14) — COM/2018/20032

OJ C 388A , 26.10.2018, p. 1–6 (BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)



Official Journal of the European Union

CA 388/1

European Union Agency for Network and Information Security (ENISA)

Publication of a vacancy for the function of Executive Director

(Temporary Agent — Grade AD 14)


(2018/C 388 A/01)


We are

The European Union Agency for Network and Information Security (ENISA) was established in 2004 with the mandate to contribute to a high level of network and information security within the Union.

Since then, the Agency has grown into a modern centre of expertise in cybersecurity supporting the EU Member States, Institutions, Agencies and Bodies, as well as the private sector, with a view to increasing the resilience of the Union and thus the functioning of the Single Market. In particular, ENISA provides support in the areas of policy development and implementation, capacity building, cooperation and awareness raising.

ENISA plays an important role in the implementation of the Directive on Security of Network and Information Systems (the ‘NIS Directive’), which represents the first EU-wide law on cybersecurity. In particular, ENISA provides the secretariat to the Computer Security Incident Response Teams (CSIRTs) Network, the cornerstone of operational cooperation, and it is also called to assist the Cooperation Group in the execution of its tasks.

In September 2017, the European Commission has presented the proposal for the ‘Cybersecurity Act’, which includes a new mandate for ENISA and the establishment of an EU framework for cybersecurity certification of ICT products and services. The proposal, which is currently under negotiation by the Council and the European Parliament, represents an ambitious reform of a strengthened cybersecurity agency ENISA, amongst others by making its mandate permanent and reinforcing the Agency's contribution to the prevention and response to significant cross-border cybersecurity incidents, as well as by supporting the development and implementation of the EU policy on cybersecurity certification.

ENISA is located in Greece, with offices in Heraklion (Crete) and Athens. It currently employs 83 people and it is entrusted with an annual budget of approximately € 11 million. Subject to the outcome of the negotiations, the resources of the Agency are expected to increase significantly when the new mandate will come into force.

We propose

We offer a senior manager position to lead a multidisciplinary team of professionals called to support a key priority area for the future of the European Union.

The Executive Director of ENISA is the legal representative and public face of the Agency and is accountable to its Management Board, composed of representatives of the EU Member States and the European Commission.

The Executive Director will lead and manage the Agency and take overall responsibility for its operations, ensuring the achievement of the Agency’s objectives. The Executive Director’s specific responsibilities will include:

Developing and executing the Agency’s activities in accordance with its mission and the general orientations defined by the Management Board;

Recruiting and supervising the Agency’s staff and fostering a good team spirit and working environment;

Taking part, without the right to vote, in meetings of the Management Board, reporting to the Management Board and providing its secretariat;

Adopting decisions within the responsibilities of the Agency;

Preparing and executing the Agency’s budget and ensuring that it is managed efficiently and according to the principles of sound financial management;

Drafting and implementing the single programming document, including the annual work programme, and ensuring the most effective use of its resources;

Managing the resources of the Agency, giving particular priority to the operational part of the mission of the Agency;

Facilitating cooperation between the Agency, the Commission, the Member States and the stakeholders of the Agency to promote the development of a common approach to respond to cybersecurity issues;

Establishing effective cooperation between the Agency and the competent bodies in the Member States in its field of activities;

Communicating directly and indirectly to the public in relation to all matters within the Agency’s mission.

We look for (selection criteria)

The selected candidate will be an outstanding and dynamic professional who should fulfil the following criteria:

Management competences, in particular:

A proven track record of successfully managing large teams and projects, including the ability to lead, motivate and develop the potential of a team with multinational and multidisciplinary backgrounds. Experience gained in a multicultural environment would be an asset.

Experience in the management of significant financial resources in a national, European and/or international environment, including budgetary planning and internal control (1).

Ability to work under high pressure and maintain a professional demeanour while managing his/her responsibilities.

Ability to contribute to and implement the strategic vision for the Agency as defined by the Management Board, and to mobilise the support of stakeholders.

Ability to maintain fruitful relations with EU institutions and with Member States' competent authorities, and awareness of the public relations implications of the role.

Technical competences, in particular:

A thorough understanding of key cybersecurity issues, including strategic, regulatory, policy and industrial matters, at national, European and international level.

A good understanding of the European Union institutions, Agencies and Bodies and how they operate and interact.

Experience in the field of cybersecurity acquired in a national, European or international public administration or in a non-public entity with strong connection with public sector would be an asset.

Experience in leading teams in the field of cybersecurity would be an asset.

Communication and further skills, in particular:

Proven ability and experience to communicate effectively and efficiently with the public and to cooperate with all the relevant stakeholders. Experience in crisis communication contexts would be an asset.

Excellent interpersonal, decision-making, organisational and negotiation skills as well as the ability to build trusted working relationships with the European Union's institutions and with other stakeholders;

A very good knowledge of English, the working language of the Agency, would be an advantage.

Candidates must (eligibility requirements)

Candidates will only be considered for the selection phase on the basis of the following formal requirements to be fulfilled by the deadline for applications:

Nationality: candidates must be a citizen of one of the Member States of the European Union.

University degree or diploma: candidates must have:

either a level of education which corresponds to completed university studies attested by a diploma when the normal period of university education is 4 years or more;

or a level of education which corresponds to completed university studies attested by a diploma and appropriate professional experience of at least 1 year when the normal period of university education is at least 3 years (this one year's professional experience cannot be included in the postgraduate professional experience required below).

Professional experience (2): candidates must have at least 15 years postgraduate professional experience at a level to which the qualifications referred to above give admission. At least 5 years of that professional experience must be in the area of the activities of the agency.

Management experience: at least 5 years of the post-graduate professional experience must have been gained in a high-level management function (3).

Languages: candidates must have a thorough knowledge of one of the official languages of the European Union (4) and a satisfactory knowledge of another of these official languages. Selection panels will verify during the interview(s) whether candidates comply with the requirement of a satisfactory knowledge of another official EU language. This may include (part of) the interview being conducted in this other language.

Age limit: candidates must be able to complete, at the deadline for application, the full mandate of 5 years (see also the first footnote in the section on conditions of employment) before reaching the retirement age. For temporary staff of the European Union, the retirement age is defined as being the end of the month in which the person reaches the age of 66 years (see Article 47 of the Conditions of Employment of other Servants of the European Union (5)).

In addition, candidates must have fulfilled any obligations imposed by law concerning military service, produce appropriate character references as to their suitability for the performance of their duties and be physically fit to perform their duties.

Selection and appointment

The Executive Director will be appointed by the Management Board of ENISA on the basis of a shortlist provided by the European Commission.

To establish this shortlist, the European Commission organises a selection in accordance with its selection and recruitment procedures (see: the Document on Senior Officials Policy (6)).

As part of this selection procedure, the European Commission sets up a pre-selection panel. This panel analyses all applications, proceeds with a first eligibility verification and identifies candidates having the best profile in view of the selection criteria mentioned above, and who may be invited for an interview with the pre-selection panel, in which a representative of the Management Board of ENISA will participate as an observer.

Following these interviews, the pre-selection panel draws up its conclusions and proposes a list of candidates for further interviews with the European Commission's Consultative Committee on Appointments (CCA). The CCA, taking into consideration the conclusions of the pre-selection panel, will decide on the candidates to be invited for an interview.

Candidates who are called for an interview with the CCA participate in a full-day management assessment centre run by external recruitment consultants. Taking account of the results of the interview and the report of the assessment centre, the CCA establishes a shortlist of candidates it considers suitable to exercise the function of Executive Director of ENISA.

Candidates on the CCA shortlist will be interviewed by the relevant Commissioner(s) (7).

Following these interviews, the European Commission adopts a shortlist of the most suitable candidates, which will be communicated to the Management Board of ENISA. The latter may decide to interview the candidates before appointing the Director from among the candidates on the Commission shortlist. Inclusion on this shortlist does not guarantee appointment.

Candidates may be required to undergo further interviews and/or tests in addition to those indicated above. They could also be required to deliver a statement before the relevant committee(s) of the European Parliament.

For functional reasons and in order to complete the selection procedure as quickly as possible in the interest of the candidates as well as that of the institution, the selection procedure will be carried out in English and/or French only (8).

Equal opportunities

The European Commission and ENISA apply a policy of equal opportunities and non-discrimination in accordance with Article 1d of the Staff Regulations (9).

Conditions of employment (10)

The salaries and conditions of employment are laid down in the Conditions of Employment of Other Servants (11).

The successful candidate will be engaged by the Management Board of ENISA as a Temporary Agent at grade AD14 (12). He/she will be classified depending on the length of his/her previous professional experience in step 1 or step 2 within that grade.

According to Regulation (EU) No 526/2013 of the European Parliament and of the Council (13), she/he will be appointed for an initial mandate of 5 years, with a possible prolongation for a maximum 5 years. This Regulation is currently under revision by the proposed Cybersecurity Act (COM(2017) 477).

Applicants should note the requirement under the Conditions of Employment of Other Servants for all new staff to complete successfully a nine-month probationary period.

The working place is in Greece in accordance with Decision 2004/97/EC, Euratom (14), adopted at the meeting of the European Council on 13 December 2003, and the terms of the seat arrangement between the Greek government and ENISA.

The post is available from 16 October 2019.

Independence and declaration of interests

Before taking up his/her duties, the Director will be required to make a declaration of commitment to act independently in the public interest and to declare any interests, which might be considered prejudicial to his/her independence.

Application procedure

Before submitting your application, you should carefully check whether you meet all eligibility requirements (‘Candidates must’), particularly concerning the types of diploma, high-level professional experience as well as linguistic capacity required. Failure to meet any of the eligibility requirements means an automatic exclusion from the selection procedure.

If you want to apply, you must register via the Internet on the following website and follow the instructions concerning the various stages of the procedure:

You must have a valid email address. This will be used to confirm your registration as well as to remain in contact with you during the different stages of the procedure. Therefore, please keep the European Commission informed about any change in your email address.

To complete your application, you need to upload a CV in PDF format and to fill out, online, a letter of motivation (maximum 8 000 characters).

Once you have finished your online registration, you will receive an email confirming that your application has been registered. If you do not receive a confirmation mail, your application has not been registered!

Please note that it is not possible to monitor the progress of your application online. You will be contacted directly by the European Commission regarding the status of your application.

If you require more information and/or encounter technical problems, please send an email to:

Closing date

The closing date for registration is 27 November 2018, 12.00 noon Brussels time, following which registration is no longer possible.

It is your responsibility to complete your online registration in time. We strongly advise you not to wait until the last few days before applying, since heavy internet traffic or a fault with your internet connection could lead to the online registration being terminated before you complete it, thereby obliging you to repeat the whole process. Once the deadline for the submission of registrations has passed, you will no longer be able to introduce any data. Late registrations are not accepted.

Important information for candidates

Candidates are reminded that the work of the different selection panels is confidential. It is forbidden for candidates to make direct or indirect contact with their individual members or for anybody to do so on their behalf. All queries must be addressed to the secretariat of the relevant panel.

Protection of personal data

The Commission will ensure that candidates' personal data are processed as required by Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data (15). This applies in particular to the confidentiality and security of such data.

(1)  The staff and financial management of the Agency is regulated by the Staff Regulations of Officials and Conditions of Employment of Other Servants of the European Union (1962R0031) and the Decision No MB/2014/1 WP of the Management Board of the European Union Agency for Network and Information Security (ENISA) on the financial regulation applicable to the European Union Agency for Network and Information Security respectively.

(2)  Professional experiences shall be taken into account from the date on which the person fulfils the minimum qualifications for engagement. Any given period may be counted only once (in order to be calculated as eligible, years of studies or professional experience to be taken into account shall not overlap with other periods of studies or professional experience). Professional activities pursued part-time will be calculated pro-rata on the basis of the certified percentage of full-time hours worked

(3)  In their curriculum vitae, candidates should clearly indicate for all years during which management experience has been acquired: (1) title and role of management positions held; (2) numbers of staff overseen in these positions; (3) the size of budgets managed; (4) numbers of hierarchical layers above and below; and (5) number of peers.




(7)  Unless the Member of the Commission concerned, in line with the Commission Decision of 5 December 2007 (PV(2007) 1811), has delegated this task to another Member of the Commission.

(8)  Selection panels will ensure that no undue advantage is given to native speakers of these languages.


(10)  The European Parliament and Council of the EU are currently discussing the Commission Proposal for a Regulation of the European Parliament and of the Council on ENISA, ‘the EU Cybersecurity Agency’, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (‘Cybersecurity Act’). The Commission proposal is to maintain the seat arrangement as per Decision 2004/97/EC/Euratom on the location of the seats of certain offices and agencies of the European Union, and the duration of the mandate of the Executive Director in accordance with Regulation (EU) No 526/2013 on ENISA currently in force.


(12)  The correction coefficient applicable to the remuneration and pensions of officials and other servants of the European Union for Greece is set at 79,9 % as from 1 July 2017. This coefficient is subject to an annual revision.

(13)  OJ L 165, 18.6.2013, p. 41.

(14)  OJ L 29, 3.2.2004, p. 15.

(15)  OJ L 8, 12.1.2001, p. 1.