Information Security Officer (m/f/x)

Information Security Officer (m/f/x)

For our department IT Security within General Services, we are looking for a (an):

Description

As Information Security Officer you will actively contribute to maintaining and strengthening Luxair group's information security posture. Driven by a strong interest in cybersecurity, you will actively support the Head of IT Security in coordinating and implementing risk-based security measures, ensuring that policies, controls, and processes effectively protect the Group’s information assets and support all related activities of the IT department.

Responsibilities

• Ensure effective security monitoring and incident response through analysis of security logs using the existing SIEM, working with the Managed SOC to validate alerts, minimize false positives, detect threats, and develop incident response playbooks for coordinated, timely actions.
• Support the overall identity and access control management process, including IAM, PAM, and IGA, ensuring proper user lifecycle management, access provisioning, privileged account protection, while promoting secure access practices across the organization.
• Conduct risk and security assessments for internal and third‑party solutions in line with established standards.
• Contribute to the design, execution, and follow‑up of vulnerability assessments, and penetration testing, ensuring timely remediation of identified weaknesses.
• Contribute to the creation and maintenance of up‑to‑date baselines, secure configuration and system hardening activities with internal technical teams.
• Develop and maintain information security policies, standards, and procedures, ensuring compliance with frameworks such as PCI‑DSS, and supporting related audits and assessments.
• Contribute to the information security awareness program.

Education & Skills

• Bachelor’s in computer science/information security or equivalent combination of education and experience that satisfy the requirements of the position.
• Previous relevant experience in Information Security.
• Knowledge of enterprise security concepts: Zero Trust, Least Privileges, IAM, PAM, IGA, MFA, SSO, Secure by Design, Defense in Depth, SSDLC, Cryptography, etc.
• Hands‑on experience operating security solutions (e.g. vulnerability scanners, EDR, …).
• Hands‑on experience operating an Identity Governance and Administration (IGA) and Privileged access management (PAM) solution.
• Good analytical skills with the ability to clearly explain and summarize ideas.
• Excellent verbal, written and interpersonal communication skills in English.

Desired or to be acquired criteria

• Knowledge of industry best practices, standards, frameworks and regulations (NIST CSF, ISO27001, ISO27005, GDPR, NIS2, PCI‑DSS…).
• Hands‑on experience in IT infrastructure (e.g., Network, Unix, VMWare, Backups, Windows, …).
• Ability to collaborate with both technical and non‑technical staff.
• Strong passion and interest in information security.
• Organized, proactive and customer‑oriented.
• Strong critical thinking and problem‑solving skills.
• Self‑motivated individual and able to work methodically with minimal supervision.
• Positive can‑do attitude with a mature and professional approach.
• Skills in French or other languages (spoken and written).

The ideal candidate

• Knowledge of Luxemburgish or any other language is considered an asset.