Information Security Consultants - IT Service

Are you passionate about cyber and information security? Are you driven by supporting DTU's goal of delivering technology to people and protecting research data? 

DTU is looking for information security consultants to join the Information Security Team, which is responsible for the implementation and improvement of DTU’s Information Security Management System (ISMS). 

As an information security consultant at DTU, you are a key partner to the university departments and central administration, ensuring that information security is fully integrated into the organizational processes, with respect for DTU’s mission to bring new knowledge into the world. 

We are looking forward to welcoming you on board!

Consultants with solid experience to face known and new challenges
You have extensive experience with information security from a multi-year in-house role in large organizations or as external consultant. Through the years you have achieved the knowledge and the pragmatical approach needed to prepare and implement security policies and processes that must work in a varied context. We expect you to have been working on cross-disciplinary projects, especially collaborating with enterprise and IT-security architects. It is a plus but not a requirement that you have technical IT knowledge, although we expect that your experience has made you confident in advising how technological controls can be implemented. 

You are used to interacting with and acting as a bridge between different stakeholders, with a focus on managers and people investing key roles within information security (such as information owners and system owners). You have hands-on experience in reporting to the upper management and may have been coordinating the information security committee of a large institution. You think strategic and have problem-solving abilities, especially when it comes to finding viable solutions in translating the information security framework into actionable implementation initiatives. Ideally, you can navigate the complexity of a political organization.

You can see yourself in the following:

• You have documented knowledge and deep understanding of security frameworks, risk management, and regulatory compliance. DTU works with the ISO Standard 27000-series, therefore practical experience with this framework is required.
• You are used to vet vendors’ data processing agreements and security posture.
• Since DTU has a complex assets landscape, ranging from administrative IT systems to chemical laboratories, ideally you have experience from both the IT and OT areas. 
• You have project management skills, as several tasks require coordinating other people’s work across the organization.
• Your goal is for your team to achieve its objectives, and when you have an independent task, you are always open to sparring with your colleagues and sharing your knowledge and ideas.
• You have a positive attitude and are experienced in spotting good practices that can be spread to the whole organization.
• You are willing to join a team where a good dose of humor is highly valued, and where we are inspired by the experimental approach, we breathe at DTU.
• You have both English and Danish skills in writing and orally. DTU is an international university, and English is used on a daily basis. However, you must be able to master Danish to a sufficient level. For example, you can participate in office work, which is primarily conducted in Danish. Native language skills are not required.

Reporting to your team leader, your primary tasks will be:

• Contribute to develop and execute the security roadmap, ensuring alignment with DTU’s strategic goals and increase the maturity level of the organization. Some of the areas where we would like you to contribute are:
  • Constant improvement of the documents composing DTU’s ISMS
  • Development of the strategy for NIS2 implementation
  • Internal audit program 
• Facilitate the maintenance and update of assets inventory, conduct risk assessments and advise on risk management at DTU units.
• Handle enquiries about the status of information security at DTU and give advice on vendors’ information security assessments.
• Update your knowledge of security trends, threat levels and changes in legislation, and effectively communicate such knowledge to colleagues and employees at DTU, for instance by holding internal webinars or workshops.

Your future team and department
You will be part of DTU's IT department, in the Cyber ​​and Information Security section, which is responsible for DTU's information security management system (ISMS) and assists the university at all levels. The section supports, without leading, the operational IT security. In the IT department we take pride in sparring with each other, as our different approaches provide good synergy.

Daily you will be a member of a diverse and ambitious team with a team leader and in direct contact with DTU's CISO. We place great emphasis on innovative thinking and creativity in task solving. We believe that psychological safety allows team members to put their strengths and interests into play. 

The team has a close collaboration with the other functions at DTU that deal with various compliance areas, e.g. GDPR, Research Data Management and security in international research collaboration. Hence, you will have plenty of opportunities for cross-departmental experiences and to gain insights into many different fields.

Salary and appointment terms
The appointment will be based on the collective agreement with the Danish Confederation of Professional Associations (AC). 

The positions are full-time positions. Starting date is as soon as possible.

The workplace is DTU Lyngby Campus.

Application and contact
Please submit your online application no later than 25 November 2024 .  Open the “Apply now” link, fill out the form and attach your motivated application, CV and exam certificates. 

If you would like additional information about the position, please contact the Information Security Team Leader, Serena Faccio, on 93511722.

Applications received after the deadline will not be considered.

All interested candidates irrespective of age, gender, disability, race, religion or ethnic background are encouraged to apply. As DTU works with research in critical technology, which is subject to special rules for security and export control, open-source background checks may be conducted on qualified candidates for the position.

Technology for people
DTU develops technology for people. With our international elite research and study programmes, we are helping to create a better world and to solve the global challenges formulated in the UN’s 17 Sustainable Development Goals. Hans Christian Ørsted founded DTU in 1829 with a clear mission to develop and create value using science and engineering to benefit society. That mission lives on today. DTU has 13,500 students and 6,000 employees. We work in an international atmosphere and have an inclusive, evolving, and informal working environment. DTU has campuses in all parts of Denmark and in Greenland, and we collaborate with the best universities around the world.