JOB DESCRIPTION

Call for Expression of Interest Local Cybersecurity Officer (Contract Agent – Function Group IV)

Ref. BEREC/2025/03

Applications are invited for the establishment of a reserve list for the post of Local Cybersecurity Officer at the Agency for Support for BEREC.

1. Agency for Support for BEREC (‘BEREC Office’, ‘Agency’)

The BEREC Office, an Agency of the European Union located in Riga, Latvia, offers a unique opportunity to be part of a dedicated team of professionals contributing to the future of digital communications in Europe. As the EU Agency supporting BEREC – the Body of European Regulators for Electronic Communications – the BEREC Office plays a significant role in facilitating the consistent development and implementation of electronic communications regulation across the EU. It is achieved by delivering high-quality administrative and professional support, guided by the core values of professionalism, efficiency, effectiveness, accountability, teamwork, and diversity.

Working in a highly professional, dynamic, and international environment, staff at the BEREC Office collaborate closely with national regulatory authorities (NRAs) and the European Commission to help ensure that Europe’s telecom markets remain competitive, fair, and fit for the future. The work is diverse and forward-looking, encompassing the collection and

exchange of information from NRAs, the dissemination of regulatory best practices, support to the BEREC Chair, and the coordination of Expert Working Groups. Staff also manage administrative, financial, procurement, and ICT tasks, as well as support communications and organise high-level meetings and events.

The BEREC Office offers a stimulating professional setting where the main asset of the organization is people, where innovation and expertise are valued, and supported through continuous learning and development opportunities. Employees benefit from the attractive working conditions of EU institutions, including attractive remuneration, comprehensive social security coverage, and a strong work-life balance – all while living and working in Riga, a vibrant, dynamic, and welcoming European capital.

For further information about BEREC or the BEREC Office, please visit our website: https://www.berec.europa.eu/en

2. The post

The job holder will be responsible, among others, for the following tasks:

• Identify, assess, and mitigate cybersecurity risks in accordance with Regulation (EU, Euratom) 2023/2841;
• Conduct regular cybersecurity risk assessments, develop and implement risk mitigation strategies to address identified risks;
• Report on risk management activities to senior management;
• Ensure compliance with all relevant cybersecurity regulations and standards;
• Develop and maintain cybersecurity governance frameworks, policies, and procedures, in line with Regulation (EU, Euratom) 2023/284;
• Ensure compliance with all relevant cybersecurity regulations and standards;
• Define security measures by evaluating business strategies and requirements and implement security solutions that protect the organization against cyber threats;
• Develop and implement incident response plans to address and manage cybersecurity incidents;
• Coordinate with relevant stakeholders to ensure timely and effective response to incidents;
• Conduct post-incident analysis and reporting to identify lessons learned and improve incident response processes;
• Promote cybersecurity awareness and provide training to employees on best practices and regulatory requirements. Foster a culture of security within the organization;
• Develop and deliver cybersecurity awareness training programs and provide regular updates and best practices on emerging cybersecurity threats;
• Monitor the organization’s information systems for security breaches and vulnerabilities;
• Work closely with IT, management, and other departments to ensure a holistic approach to cybersecurity;
• Acting as the contact point for external counterparts, such as the Cybersecurity Service

for the Union entities (CERT-EU), the Interinstitutional Cybersecurity Board (IICB), and act as the primary point of contact for cybersecurity matters within the BEREC Office.

The above tasks and responsibilities will be conducted mainly in the English language.

The jobholder will work under the supervision of his/her line manager at the BEREC Office located in Riga, Latvia and may be assigned other duties appropriate to the grade in the interest of the service.

3. Eligibility criteria

Candidates will be eligible for this selection procedure if they fulfil the following formal criteria at the time of the application deadline:

• Be a national of a Member State of the EU and enjoy his or her full rights as a citizen;
• Have fulfilled any obligations imposed by applicable laws concerning military service;
• Be physically fit to perform the duties linked to the post^[2];
• Produce the appropriate character references as to suitability for the performance of the duties^[3];
• Languages: Have a thorough knowledge of one of the official EU languages and a satisfactory knowledge of a second EU language to the extent necessary for the performance of his/her duties;
• Qualifications and work experience: Completed university studies of at least three years attested by a diploma.

4. Selection criteria

If the eligibility criteria set out in the section “Eligibility criteria” are met, the candidates’ application forms, CVs and motivation letters will be evaluated on the basis of the selection criteria below. The most suitable candidates will be invited to an interview and written test.

When filling in the application form, candidates are expected to include elements that demonstrate that their profile matches the requirements below.

• Essential:
  • One year of relevant professional experience in relation to the tasks assigned to the post;
  • Knowledge in the area of cloud architectures and security as well as data protection regulations;
  • Knowledge in the area of cybersecurity risk management, governance, and compliance;
  • Knowledge of Regulation (EU, Euratom) 2023/2841 and other relevant cybersecurity regulations and standards;
  • Thorough knowledge of written and spoken English.^[4]
• Advantageous:
  • Experience with cybersecurity frameworks such as ISO/IEC 27001, NIST, or similar;
  • Proven knowledge of security architecture reference models and security solutions;
  • Experience working in a CSIRT (Computer Security Incident Response Team).
• Evaluation during interviewing and written test process

Candidates invited to the interview and written test will be evaluated based on their professional and personal competencies, as well as their knowledge of English the working language and their