DORA IT EXPERT

The European Insurance and Occupational Pensions Authority (EIOPA) is an independent European Union Authority established on 1 January 2011 by Regulation (EU) No. 1094/2010 of the European Parliament and of the Council of 24 November 2010.

EIOPA is at the heart of insurance and occupational pensions in the EU.

Our mission is to contribute to a sound, effective and consistent level of regulation and supervision of insurance and occupational pensions sectors in Europe, and to promote transparency, simplicity and fairness in the market for consumer financial products or services across the internal market for the benefit of EU citizens. Through our activities we help protect insurance policyholders, pension scheme members, customers and consumers and other beneficiaries. We furthermore play a key role in supporting the stability of the financial system, transparency of financial markets and products, and we contribute to strengthening coordination among financial supervisors at the international level.

EIOPA is part of the European System of Financial Supervision (ESFS) which includes the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Systemic Risk Board (ESRB).

Further information on EIOPA is available on EIOPA’s website: https://www.eiopa.europa.eu/

As an European Union Authority, EIOPA is committed to fostering an inclusive and dynamic working environment, providing equal opportunities to all its employees and applicants. EIOPA is committed to ensuring gender equality and to preventing discrimination on any grounds. EIOPA actively welcomes applications from all qualified candidates from diverse backgrounds, across all abilities, without any distinction on any ground such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age, marital status or family situation or sexual orientation.

Job Purpose

What is DORA?

The Digital Operational Resilience Act (i.e Regulation 2023/2554, or “DORA”), applicable from January 2025, establishes a comprehensive framework for fostering the digital operational resilience of all EU financial entities. It foresees, among others, that ICT third-party service providers that provide ICT services to financial entities and are identified as critical for the EU financial system (critical third-party providers - CTPPs) are subject to oversight at the EU level to minimise the risks they expose the EU financial sector to.

The CTPPs oversight is carried out by the three European Supervisory Authorities (ESAs) responsible for the EU financial sector, namely the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA). The ESAs exercise their CTPP oversight mandate in cooperation with the financial sector supervisory authorities (competent authorities) and the authorities responsible for the NIS2 Directive.

DORA requires a close cooperation between the three ESAs which exercise jointly their CTPP oversight mandate. The oversight work is organised in Joint Examination Teams (JETs), across the three ESAs. Staff recruited by the three ESAs for the DORA oversight activities work as one team and closely liaise with colleagues responsible for other activities at the three ESAs. The JETs cover the various designated CTPPs according to the predominant technology domain in which they operate (cloud services, data centres, telecommunications, etc.).

Major purpose

The DORA IT Expert will be appointed to EIOPA, located in Frankfurt am Main, in the CTPP Oversight Unit under the Oversight Department. As a JET member, the DORA IT Expert will work in close collaboration with the other JET members led by the two other ESAs. He/she will contribute to the oversight activities of the JET, ranging from:

Ongoing monitoring of the CTPP, such as assessing firm-specific and sector-wide information, typically a desk-based activity, including also the participation to meetings with CTTPs;
In-depth assessment of the risks and ICT services that the CTPPs provide to the financial sector via either desk-based general investigations or on-site inspections;
Following up on identified vulnerabilities and weaknesses by providing recommendations to the CTPP.

Main Responsibilities

Main responsibilities

As JET team member, the DORA IT Expert will contribute to the oversight activities for the assigned CTPPs. His/her core tasks will be to:

Conduct analyses of the technologies, configurations, and solutions used by CTPPs to determine if they fit with state-of-the-art standards and pose no risks to the digital resilience of the financial entities relying on them;
Perform and document risk assessments, identifying risks and analysing their potential implications;
Contribute to the annual risk assessment and the development of the annual oversight plan for CTPPs;
Support additional relevant JET activities as needed.

In addition, the DORA IT Expert will exercise core tasks in the context of on-going monitoring, general investigations (remote review) or on-site inspections (requiring business travel to CTPP premises), by performing:

Desk-based reviews of CTPPs’ documentation, which can be of various types (technical documentation, data samples, but also policies, procedures, contractual arrangements, and other relevant information;
Interviews of CTPPs’ officials.

The main engagement activities will involve a broad range of stakeholders, including but not limited to:

CTPPs’ officials, through regular dialogue and meetings with the CTPP;
All JET members from the assigned JET, and those from other JETs led by other ESAs;
ESAs’ senior management.

Eligibility Criteria

Thorough knowledge of one of the languages of the Union and a satisfactory knowledge of another language of the Union;
Be a national of a Member State of the European Union, Norway, Iceland or Liechtenstein;
Be entitled to their full rights as a citizen;[1]
Have fulfilled any obligations imposed by the applicable laws on military service;
Be physically fit to perform the duties linked to the post.[2]

[1] Prior to the appointment, the successful candidate will be asked to provide a Police certificate confirming the absence of any criminal record.

[2] Before being engaged, a candidate shall be medically examined by one of the institution’s medical officers in order that the institution may be satisfied that he fulfils the requirements of Article 12 (2)(d) of the Conditions of Employment of Other Servants of the European Communities.

Essential Skills and Knowledge

Qualification:

a. a level of education which corresponds to completed university studies, preferably in ICT or related fields (such as computer science, information security, computer engineering, telecommunications engineering, software engineering, electronic engineering, data analytics), audit, control and compliance, attested by a diploma, when the normal period of university education is four years or more; or

b. a level of education which corresponds to completed university studies, preferably in ICT or related fields (such as computer science, information security, computer engineering, telecommunications engineering, software engineering, electronic engineering, data analytics), audit, control and compliance, attested by a diploma and appropriate professional experience of at least one year, when the normal period of university education is at least three years;

At least three years of proven full time professional experience in the following areas: technology domains (cloud computing data centres and hosting services, information security), IT operations, IT risk management, IT audit, IT risk supervision or oversight, acquired after the qualification required under a) or b) above.

Note: Your professional experience will be counted from the time you obtained the certificate or diploma required for admission to the selection procedure. Part-time work will be taken into account in proportion to the stated percentage in relation to full-time work. In case of internship, only paid internship is considered. In case of a doctorate/PhD 50% of the actual duration of the studies will be taken into account as professional experience, subject to an upper limit of three years, on the condition that the candidate was paid during the period of his/her PhD studies, the PhD studies have been completed and a diploma was awarded.

Proven experience gained in at least one of the following areas:
- IT security operations;
- Data centres environments (network architecture, server and virtualisation platforms, storage and backup technologies, ICT security controls);
- Cloud computing (cloud architectures, virtualisation and container platforms, identity and access management, encryption, logging and monitoring, and resilience mechanisms).
Proven experience working with international standards, leading practices, frameworks and regulations in the area of information security, ICT or operational risks, such as ISO, NIST, DORA, NIS2, TIA.
Excellent English written and oral communication skills;
Working knowledge of MS Office, in particular Word, Excel and PowerPoint.

Desirable Skills and Knowledge

Proven work experience in a multicultural environment;
Professional certifications and/or qualifications in the field of the vacancy notice (such as ICT security, operations, audit and/or internal control) e.g. CISA, CRISC, CISM, CISSP, CompTIA Security+/Network+, CCSP, CEH, CCNA/CCNP) or comparable.
Knowledge and/or experience in auditing or supporting audits of critical third-party ICT services.
Knowledge of a third EU language.

Behavioural Competencies required

For the above position, the following behavioural competencies have to be fulfilled:

Flexibility in terms of openness to taking over other tasks within EIOPA in view of the dynamic and evolving institutional environment;
Excellent team player sharing relevant information and supporting team members without taking over responsibility for their work, able to work in different teams with different levels of stakeholders in a multicultural environment;
Being able to have and express a critical view towards own performance and open to learn from experience;
Being able to quickly familiarize oneself with new topics and issues, even under time pressure, and to present them in a media-appropriate and audience-focused manner;
Being able to manage multiple assignments and track progress on numerous processes simultaneously; deliver results within tight time frames and respect deadlines; prioritise tasks and pay attention to detail; proactively anticipate what needs to be done within own area of responsibility, informing others and taking action as required.
Curiosity: Being able to promote open discourse and engage through challenging dialogue; challenge the status quo and exercise professional scepticism; use questions strategically, as a tool to advance insight, understanding and deepen awareness.
Influencing: Being able to demonstrate resilience in difficult situations; push through resistance and continue to work with others in a constructive manner; identify and respond constructively to underlying attitudes or behaviour patterns.
Communication: Being able to frame clear communication messages in line with audience experience, background and expectations, in an engaging manner; stand ground when needed; adopt appropriate influencing styles; Being able to establish and maintain cooperative relationships with staff and management at all levels, both inside and outside the organisation; understand who the internal and external stakeholders are as well as their needs and expectations.
Show a positive mindset: See obstacles as challenges and approach them with a can-do attitude; set high levels of quality and productivity for yourself; and demonstrate self-motivation.

Contractual conditions

Place of employment

Frankfurt am Main, Germany.

Function group and grade

CA Function Group IV

Monthly basic salary

CA FG IV Grade 13/Step 1: 4,449.31 EUR

CA FG IV Grade 14/Step 1: 5,034.18 EUR

CA FG IV Grade 16/Step 1: 6,444.59 EUR

plus specific allowances where applicable*.

Envisaged start date

1 May 2026

Contract type and duration

Successful candidates may be offered an employment contract for three years as a Contract Agent. The contract may be renewed for a second fixed-term period, and upon its second renewal converted into a contract of indefinite duration.

Reserve list

Possibility of reserve list with validity until 31 December 2026 with possibility for extension. Please note that the reserve list may be shared with the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA). Upon establishment of the reserve list and upon request for access, EIOPA shall seek the consent of all candidates included on the reserve list.

*Summary of Conditions of Employment

1. Successful external candidates will be classified in Grade 13/Step 1, grade 14/Step 1 or Grade 16/Step1.

Function Group /Grade^[1]	Monthly basic salary^[2]	Monthly net salary, excluding allowances	Monthly net salary, including specific allowances ^[3]
FG IV/GRADE 13/Step 1	4,449.31 EUR	3,855.76 EUR	5,450.60 EUR
FG IV/GRADE 14/Step 1	5,034.18 EUR	4,050.51 EUR	6,020.46 EUR
FG IV/GRADE 16/Step 1	6,444.59 EUR	5,064.03 EUR	7,339.10 EUR

2. Salaries are subject to a Union tax deducted at source and are exempt from national taxation.

3. Depending on the individual family situation and the place of origin, the successful jobholder may be entitled to: expatriation allowance (16% of the basic salary), household allowance, dependent child allowance, education allowance, pre-school allowance, installation allowance, reimbursement of removal costs, initial temporary daily subsistence allowance, and other benefits.

4. Annual leave entitlement of two days per calendar month plus additional days for grade, distance from the place of origin and in addition on average 15 EIOPA holidays per year;

5. EU Pension Scheme (after 10 years of service);

6. EU Joint Sickness and Insurance Scheme (JSIS), accident and occupational disease insurance coverage, unemployment and invalidity allowance and travel insurance;

7. General and relevant technical training plus professional development opportunities;

8. Modern and flexible working conditions, combining presence in the office and teleworking opportunities (some geographical restrictions apply).

[1] Implementing rules concerning the use and engagement of contract agents

[2] The basic salary weighted by the current correction coefficient for Germany (102.7%)

[3] An estimation of net salary, including the deduction for tax and social security and adding the allowances (this estimation has been calculated with expatriation allowance, household allowance and with one dependent child allowance). Allowances depend in any case on the personal situation of the candidate.

Recruitment procedure

The recruitment process will include a panel interview and a written test. In addition, there may be a pre-screening exercise.

Applicants are required to act with the highest standards of integrity through the whole selection procedure.

The online application form should be submitted in English language.

(1) Curriculum Vitae clearly indicating (among all):

Qualifications (please list exact dates of your academic qualifications gained)

Responsibilities, experience and skills gained in previous positions (please list exact dates of your work experience gained)

Nationality/Citizenship

Language skills

(2) Motivation explaining why you are interested in the post and what would be your added value you would bring to EIOPA if selected.

Applicants will be assessed on the basis of the eligibility and selection criteria specified in the vacancy notice and these must be met by the closing date of the vacancy notice.

Only information included in the Curriculum Vitae or in the Motivation are assessed.

Deadline for application is 23:59 CET on 02 March 2026.