Information Security Officer

Applications until 19 Mar

The Calouste Gulbenkian Foundation is a private institution whose fundamental mission is to improve people’s quality of life through art, philanthropy, science and education. The Foundation carries out its activities from its headquarters in Lisbon and from its delegations in Paris and London.

We are looking for an Information Security Officer to join the General Secretariat team, who will ensure the organisation’s information security across all formats and media – digital and analogue – safeguarding the confidentiality, integrity, availability and traceability of data. The Officer will be responsible for implementing information security policies, standards and best practices in compliance with national and European legislation, as well as applicable international standards.

Contract conditions: Permanent employment contract

Main Responsibilities

  • Develop, review and implement the Information Security Policy (ISP) applicable to all information media, including digital media (IT systems, networks, devices) and analogue media (paper documents, physical archives, optical media, among others). Ensure that the ISP and related procedures are aligned with the organisational strategy, applicable legislation and current standards. Contribute to the definition and follow-up of technical and physical security controls, such as access management, secure storage, copy control and secure document disposal. Promote awareness of and compliance with policies among all employees and external entities with access to information. Ensure the periodic review and update of the ISP, keeping pace with technological and organisational developments. Support the Compliance Officer in ensuring compliance with the General Data Protection Regulation;
  • Conduct risk assessments relating to information held in digital and analogue formats, identifying threats, vulnerabilities and potential impacts. Maintain an up-to-date inventory of information assets, classifying them according to their level of criticality and type of media. Monitor the effectiveness of technical (digital) and physical (analogue) security controls. Follow up on alerts, logs and audits in order to detect incidents and security breaches;
  • Define and implement information security incident response procedures, in coordination with the Cyber Security Officer. Coordinate the detection, recording, analysis, containment and resolution of incidents. Ensure internal and external communication of incidents, where applicable. Support data and service recovery processes, safeguarding evidence for investigation purposes. Prepare post-incident reports identifying causes, impacts and preventive measures;
  • Carry out compliance assessments of information security practices across all media. Evaluate the effectiveness of technical and organisational controls and recommend improvements. Promote vulnerability testing and system integrity checks in digital environments, as well as physical inspections of areas and archives storing sensitive information. Support organisational projects and processes by ensuring information security from the outset (“security by design” and “privacy by design”). Prepare technical reports, opinions and recommendations for management;
  • Plan and deliver training and awareness initiatives for all employees on the protection of information in digital and analogue formats. Produce informative materials and internal campaigns promoting good physical and logical security practices. Foster a culture of information security and confidentiality within the organisation. Assess the level of maturity and behavioural compliance among employees and define continuous improvement plans;
  • Define and monitor Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) related to information security across all media, such as: percentage of incidents resolved within defined deadlines; number of physical and digital vulnerabilities or weaknesses identified and corrected; level of compliance with policies and procedures; percentage of employees trained in information security; and level of update of the inventory of assets containing information. Prepare periodic security reports for management, including trend analysis, risk assessment and recommendations.

Required Competencies

  • Bachelor’s degree in Computer Engineering or a related field;
  • Between 2 and 5 years of professional experience in information security, data protection, networks or IT governance roles;
  • Good command of English (spoken and written);
  • Strong communication skills;
  • Strong results-oriented mindset.

The Gulbenkian Foundation strives to attract and retain talent by recognising people as our most important asset in fulfilling the Foundation’s mission. Our organisational culture is grounded in the institution’s values, encouraging motivated teams to thrive in a healthy and inclusive workplace.

We welcome applications from all people, regardless of their age, gender, sexual orientation, ethnic origin, religion, or disability, in particular of those who identify with underrepresented groups in the various initiatives promoted by the Foundation.


Applications

Updated on 06 march 2026

Cookies settings

Cookies Selection

This website uses cookies to improve your browsing experience, security, and its website performance. We may also use cookies to share information on social media and to display messages and advertisements personalised to your interests, both on our website and in others.