enisa

E

Ref. Ares(2026)4205145 - 23/04/2026

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Attiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

Vacancy Notice

Vacancy Title HR COORDINATOR (TA/AST6)

Ref. ENISA-TA-AST6-2026-06

tbl-0.md

1. The Agency

ENISA's mission is to achieve a high common level of cybersecurity across the Union, by actively supporting Member States, European Union institutions, industry, academia and EU citizens⁴.

ENISA contributes to policy development and implementation, supports capacity building and preparedness, facilitates operational cooperation at Union level, enhances the trustworthiness of ICT products, services and processes by rolling out cybersecurity certification schemes, enables knowledge sharing, research, innovation and awareness raising, whilst developing cross-border communities and synergies.

ENISA is located in Athens, Greece (the Agency's official seat) with a branch office in Heraklion (Crete), Greece and a Local Office in Brussels, Belgium.

Further information about ENISA is available on the ENISA website: https://www.enisa.europa.eu/.

¹ For contracts related to Contribution Agreements, the duration of the contract is concluded for a limited period linked to the duration of the Contribution Agreement, including any extensions (even if under a different name within the Programme) and upon budget availability or for a maximum duration of four years, whichever comes first.

² Eastern European Time

³ Central European Time

⁴ Regulation (EU) 2019/881 - Cybersecurity Act: http://data.europa.eu/eli/reg/2019/881/oj

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Adiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

2. The Unit

The Corporate Support Services Unit (CSS) of ENISA is responsible to implement the corporate objective “Build an agile organisation focused on people” and support the Agency activities, pursuant to Chapter II of Regulation (EU) 2019/881 - Cybersecurity Act (CSA).

The underlying mission of the CSS is to help ensure the seamless functioning of the Agency, support the Executive Director, and provide efficient corporate support services to all operational units, staff members and, when relevant, offer services to other EU bodies and agencies under joint corporate service frameworks. The unit is also responsible for implementing ENISA’s corporate and HR Strategy 2023-2028, as adopted by the Management Board in 2023.

The unit is undergoing a business transformation via modernising its services vis-à-vis market practices, reengineering its processes, analysing and reviewing policy and legal framework, service outsourcing and proceeds to enhanced digitalisation and change management in order to promote self-service functionalities and process optimisation. The unit aspires to build further on the business partnering concept and further enhance alignment with the strategic and business objectives of the Agency.

The new way of working is centred around services rather than silo-profiling or product delivery profiling. The CSS unit, a small, friendly and dynamic unit comprised of approximately 20 colleagues (& supported by external service providers) is committed to providing a one-stop shop for all services within its extensive portfolio, including HR, Budget, Finance, Procurement, IT, Security, Facility & Event Management and Legal. This transformation aligns with a global business model, emphasising XaaS (Anything as a Service), shifting historically siloed activities into a holistic, service-based approach as a one-stop-shop.

The unit is facing important developments on critical areas such as sustainability, modernisation, collaboration and cooperation as well as building partnerships and transitioning from an administrative function to a service delivery model entity.

3. The job

ENISA is looking to fill in a post of a HR Coordinator to support the Corporate Support Services Unit activities.

As needs arise, ENISA might also search the pool of reserve list candidates and select those that are appropriate to its needs. The established reserve list may be used to cater for other Agency wide staffing needs.

The key responsibilities and tasks are outlined below:

• HR operational Coordination:

Coordinate day-to-day HR Services, talent acquisition and development services, oversee onboarding and exit procedures, oversee and provide guidance to staff on HR policies & procedures, Prepare HR reports, statistics, and documentation, ensure compliance with internal rules and data protection standards

enisa

European Union Agency for Cybersecurity (ENISA)

Agememnonos 14 | Chalandri 15231 | Attiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

Workforce Planning & Coordination:

Support the Head of Unit in fulfilling the work plan & strategic priorities and in assisting the Executive Director in managing ENISA's resources; Coordinate and conduct ENISA's Annual Workforce Planning exercises, annual job screening and benchmarking exercises; Coordinate and contribute to the regular planning and reporting exercises (SPD, CAAR, Discharge etc); Manage ENISA's establishment plan and resource mobilities by providing traceable datasets, analytics and monitoring in compliance with the EC regulatory framework and ENISA's post management guidelines; Coordinate inputs across HR, Finance and organisational entities to ensure effective planning and timely implementation of post/resource management; Monitor and evaluate the effectiveness of workforce development initiatives; Coordinate ENISA's staff satisfaction survey and work plans; Model workforce scenarios (e.g. budget changes, new projects etc) Ensure data accuracy and prepare workforce reports for HoU and Executive Director; use HR analytics to track workforce metrics (e.g headcount, attrition, time spent per activity etc) Provide evidence-based insights for decision making.

Workforce Development & Analysis:

Lead organisational development projects and initiatives in the area of resource & activity planning and ensure that strategic priorities are systematically incorporated into the design, implementation, and review of workforce planning frameworks and initiatives; Ensure that new EC policy requirements are well reflected in the strategic development plans and organisational goals; Collect, analyse, and interpret workforce data to identify trends, gaps, and future needs as well as produce multiple scenario planning options; conduct competency and skill gaps analysis and identify solutions for supporting future workforce capabilities increase; Support in the in the design and implementation of talent management, succession planning, and career development initiatives; Analyse skill shortages and coordinate the design of learning and development programs to address capability gaps. Contribute to the organisational culture, diversity and inclusion strategies;

Budget & people management:

Coordinate and oversee allocated budget and contracts, acting as a delegated Authorising Officer by Sub-delegation (AOSD) and ensuring accurate and timely execution; Coordinate work deliverables of service providers and/or manage assigned staff, while fostering cross-unit and inter-team cooperation; Demonstrate utmost ethics, confidentiality and integrity; first tier management of staff, projects and resources.

Stakeholder engagement:

Serve as the point of contact in relation to resource and staff planning and collaborate with the Budget and Planning Coordinator in ensuring sufficient back up, business continuity and alignment on resource planning; Liaise with EU and other external partners and establish rapport and trustful relationships; join the HoU or negotiate/act on behalf of the HoU on meetings with stakeholders in

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Adiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

line with the agreed mandate; participate in meetings at EU/international level; Negotiate with service providers on expected outcomes versus market prices and expected results;

• Policy Advisory and Capacity Building:
  Ensure that ENISA policies, standards, procedures, and data protection requirements are applied across the area of responsibility; Proactively recommend improvements to processes, policies, and standard operating procedures. Contribute to the development, implementation, and continuous improvement of strategic HR and workforce plans; support policy making via best market practices;

• Other duties
  Perform any other duties in the interest of the service as assigned by the Head of Unit

4. Qualifications and experience required

4.1 Eligibility Criteria

The selection procedure is open to candidates who satisfy the following eligibility criteria on the closing date and time for application:

• Be a national of one of the Member States of the European Union⁶ or EFTA⁷ countries;
• Be entitled to their full rights as a citizen⁸;
• Have fulfilled any obligations imposed by the applicable laws concerning military service;
• Produce appropriate character references as to their suitability for the performance of the duties;
• Be physically fit to perform the duties linked to the post⁹;
• A level of education which corresponds to completed university studies of at least three years attested by a diploma, followed by at least 9 years of professional experience OR a

⁶ Candidates must satisfy ALL the eligibility criteria on the closing date for applications. In the event that you do not fulfil all the eligibility criteria, your application will not be further assessed. Candidates should assess and check before submitting their application whether they fulfil all the requirements as specified in the vacancy notice. Please include in the application form only professional experience and academic qualifications for which you hold supporting documents. Candidates must be able to provide supporting documents clearly showing duration and nature of experience upon request.

⁷ It should be noted that, due to the withdrawal of the United Kingdom from the European Union on 31/01/2020, British nationals, who do not hold the nationality of another European Union member state, are not eligible for applications at ENISA due to the fact that they do not fulfil the requirements of Article 12.2 of the Conditions of Employment of Other Servants, namely that they do not hold the nationality of an EU Member State.

⁷ Iceland, Liechtenstein, Norway, and Switzerland.

⁸ Prior to the appointment, the successful candidate will be asked to provide a certificate issued by a competent Member State Authority attesting the absence of any criminal record.

⁹ Before appointment, the successful candidate shall be medically examined in line with the requirement of Article 28(e) of the Staff Regulations of Officials of the European Communities.

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Adiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

level of secondary education attested by a diploma giving access to post-secondary education, followed by at least 12 years of professional experience¹⁰;

• Thorough knowledge of one of the official languages of the European Union (at C1 level) and a satisfactory knowledge of another official European language of the Union (at B2 level) to the extent necessary for the performance of their duties¹¹.

4.2 Selection Criteria

Only eligible candidates, who fulfil the above eligibility criteria, will be further assessed by the Selection Board against the selection criteria, solely based on the information provided by the candidates in their application form and the talent screening questions. Candidates must provide concrete results and/or actions they undertook in demonstrating the below criteria and their relevant competencies in their application form.

Candidates must demonstrate and will be assessed on the following skills and competencies:

Technical skills and experience

• Demonstrable knowledge and experience in human resources, organisational development, workforce planning and reporting, HR analytics and/or activity and resource planning;
• Demonstrable knowledge and experience in coordinating people and projects, service outputs and results;
• Strong analytical and problem-solving skills, with great attention to detail and proven ability to working with large datasets and ability to turn datasets into actionable insights to influence decisions;
• Proven ability to handle sensitive information with discretion and professionalism;
• Proficiency in standard office tools (MS Office, HRIS) and knowledge of Microsoft Excel or PowerBi or other visualisations tools;
• Excellent command of English (minimum C1), with the ability to produce clear written reports and deliver effective oral briefings on complex security matters.

¹⁰ Only diplomas issued by EU Member State authorities and diplomas recognised as equivalent by the relevant EU Member State bodies are accepted. If the main studies took place outside the European Union, the candidate's qualification must have been recognised by a body delegated officially for the purpose by one of the European Union Member States (such as a national Ministry of Education) and a document attesting so must be submitted if you have been invited for an interview. This will enable the selection board to assess accurately the level of the qualifications. Diplomas awarded in the UK until 31/12/2020 are accepted without further recognition. For diplomas awarded after this date (from 01/01/2021), a NARIC recognition is required: https://www.enic-naric.net/. Candidates must meet this requirement on the closing date for applications.

¹¹ Please note that the minimum levels required above must apply to each linguistic ability (speaking, writing, reading and listening). You must have knowledge of at least two official EU languages: language 1 at minimum C1 level (thorough knowledge) and language 2 at minimum B2 level (satisfactory knowledge). These abilities reflect the Common European Framework of Reference for Languages: https://europass.cedefop.europa.eu/resources/european-language-levels-cefr. The official languages of the European Union are: Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish, and Swedish. The languages referred to in Article 129(1) of the EEA Agreement shall also be considered as languages of the Union.

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Adiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

Personal qualities

• Adaptability & growth orientation: Identifies issues quickly, generates effective solutions, and adapts to changing operational needs while maintaining service quality. Recognises strengths and limitations, seeks feedback, and applies lessons learned to improve work processes; supports and develops others. Manages multiple priorities, maintains accurate records, and ensures tasks are completed to a high standard within deadlines.

Collaborative & service focus:

Builds trust and promotes cooperation within and across teams, fostering a positive and inclusive working environment. Conveys complex ideas clearly and concisely, tailoring style and content to diverse audiences; listens actively and responds constructively. Anticipates stakeholder needs, provides practical solutions, and ensures security services are fit for purpose and user-focused. Acts with discretion, maintains confidentiality, and upholds ENISA's ethical standards in all interactions.

Core competences

Required competences:

• Cybersecurity technical competence: Basic
• Network and community development: Intermediate
• Data analytics and reporting: Foundation/Intermediate
• Policy advising: Intermediate
• Communication: intermediate

In addition, the successful candidate should act and abide by ENISA's core values. An outline of the ENISA's core values, as well as a full description of the ENISA's competencies is available here.

NB: Candidates are advised to demonstrate with concrete examples in their application how they possess the above competences at the required level.

5. Submission of applications

To apply for this vacancy, please use ENISA's e-recruitment system, complete all required sections of the application and submit it. ENISA does not accept applications submitted by e-mail, mail or any

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Attiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

other means. The application must be submitted in the English language, which is the working language of ENISA.

Candidates must send their application within the set deadline. In order to be considered, applications must be received by 23:59:59 EET (Greek time (CET+1)) on the closing date. Once you have submitted your application, you will receive an automatic e-mail message confirming receipt of your application. Please ensure that the email address you provide for your applicant account is correct and that you check your email and spam/junk folders regularly.

Applicants are strongly advised to submit their applications well in advance of the deadline, since heavy internet traffic or fault with the internet connection could lead to difficulties in last-minute submission. ENISA cannot be held responsible for any delay related to internet connection issues etc.

At this stage of the selection procedure, candidates are not required to send any additional supporting documents with the application (i.e., copies of your ID-card, educational certificates, evidence of previous professional experience etc.).

For any questions on the recruitment process or other technical issues, feel free to reach out via email to applications@enisa.europa.eu.

6. Selection procedure

A Selection Board is appointed by the ENISA Executive Director. The name of the Selection Board members (and/or observers, if applicable) are published on the ENISA website, once the Selection Board is established. It is strictly forbidden for the candidates to make any contact with the Selection Board, either directly or indirectly. Any infringement to this rule will disqualify the candidate from the competition.

The selection procedure comprises of three consecutive phases:

6.1 Phase 1 – Preparatory phase & screening of applications

Each Selection Board member (including the observer(s), should there be any one) signs a declaration with regard to confidentiality. The Selection Board's work and deliberations are bound by the principle of confidentiality as per Article 6 of Annex III of Staff Regulations. The Selection Board adheres strictly to the conditions of admission laid down in the vacancy notice.

Before having access to candidates' applications, the Selection Board pre-decides on the assessment methodology under each stage of the selection process: expected indicators and marks on how candidates' applications will be assessed, interview and written test questions and duration, expected indicators and thresholds for the respective assessments, along with the reserve list ceiling.

Once having access to applications, the members of the Selection Board fill in a declaration with reference to conflict of interest and confirm that they have no conflict of interest or bias whatsoever in regard to the individual candidates.

All applications received are checked against the eligibility criteria set out in the vacancy notice.

enisa

European Union Agency for Cybersecurity (ENISA)

Agememnonos 14 | Chalandri 15231 | Attiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

6.2 Phase 2 – Evaluation of applications

Only eligible candidates will be further assessed by the Selection Board against the selection criteria and competences outlined in the vacancy. Candidates admitted to a previous selection procedure will not be automatically eligible.

The selection process will be based on the assessment of candidates' merits against the criteria and competences outlined in the vacancy. Therefore, candidates are recommended to give evidence of their knowledge and professional experience by using specific examples and/or detailed professional experience, specific skills, knowledge and competences in their application, in order to be evaluated in the best possible way. Selection will be made solely on the basis of the candidate's information provided in the application and the talent screening questions.

The Selection Board will carry out an objective assessment of the candidates' merits. Should the Selection Board discover at any stage in the procedure that the candidate does not meet one or more of the general or special conditions for admission to the selection procedure, or that the information on the application form does not correspond to the supporting documents, the candidate will be disqualified.

6.3 Phase 3 – Shortlisting

The applicants, who obtained the highest number of evaluation points in phase 2, are invited to undertake a written test or assignment and interview, aimed at assessing the practical application of the experience and knowledge of the candidates.

Candidates shall be informed that interviews and written tests or assignments may be organised online¹². Specific instructions will be provided to shortlisted candidates.

An outcome notification will be provided to all candidates who are not invited to the next phase.

The written assignments and interviews are conducted in English. In case English is the mother tongue of an applicant, some interview questions may be asked in the language they indicate on the application form as their second EU language. Candidates invited for an interview will be required to submit electronically relevant supporting documentation demonstrating their educational qualifications and work experience. Shortlisted candidates may also be required to provide work-related references upon request of the Agency.

6.4 Reserve list

The activity of the Selection Board ends with the drawing of a reserve list of suitable applicants to occupy the position advertised. The reserve list is unranked and is drawn alphabetically. Candidates should note that inclusion in the reserve list does not guarantee recruitment.

In addition, reserve listed candidates may be asked to undergo a second interview prior to any recruitment, for which they will be informed in advance. The interview will focus on the specific match of the candidate for the specific post covering the related motivation, and relevant technical and behavioural competencies.

¹² Additionally, candidates shall be informed that the written test may be organised by a third party online and/or may be proctored.

enisa

European Union Agency for Cybersecurity (ENISA)

Agememnonos 14 | Chalandri 15231 | Attiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

The reserve list will be valid until 31/12/2029. Candidates invited to an interview will be informed by e-mail whether or not they have been placed on the reserve list. Upon completion of the selection procedure, all candidates will receive an outcome letter. It may be that other EU Institutions, Agencies or Bodies approach ENISA to request for the CVs of candidates on the reserve list. Candidates, who are on the reserve list, will be informed by HR to request if they are interested in a similar post in another agency. If so, they will be invited to send their (updated) resume/CV to the requesting agency. The requesting agency will then contact the candidate for their vacancy.

The Authority Empowered to Conclude Contracts (ED) will ultimately decide on the successful candidate to be appointed to the post, based on the needs of the Agency. The appointed candidates will be asked to fill a specific form informing the Appointing Authority of any actual or potential conflict of interest¹³.

If an offer letter is issued, the candidate must undergo a compulsory medical examination to establish that they meet the standard of physical fitness necessary to perform the duties involved and the candidate must provide original or certified copies of all relevant documents that prove the educational and professional qualifications stated in their application.

6.5 Selection Procedure timelines

The Agency manages its selection procedures depending on the availability of the Selection Board members and its resource capacity. It is envisaged that the interviews and potential other written assignments will take place in Q3 2026. Please note that the selection process may take some time to be completed and that no information will be released during this period. The selection procedure status will be displayed on ENISA's career page and applicants are requested to visit regularly the page for update on the procedure.

Due to the Agency's operational requirements, the successful candidate will be required to be available at the shortest possible notice.

7. Conditions of employment

The successful candidate(s) will be recruited as member(s) of the Temporary Staff, pursuant to Article 2(f) of the Conditions of Employment of Other Servants of the European Union. The initial contract will be (or it is estimated to be) concluded for a period of 4 years. The contract may be renewed, in principle, for a period of 4 years. Any further renewal shall be for an indefinite duration. The appointment will be in grade AST6.

Successful candidates, who are offered a contract of employment, will be graded on entry into service in step 1 or 2 of grade AST6. The step will be determined in accordance with the number of years of professional experience of the successful candidate. In addition, successful candidates, who are recruited, shall undergo an initial probation period of 9 months.

Due to the Agency's operational requirements, the successful candidate will be required to be available at the shortest possible notice.

¹³ In compliance with Article 11 of the Staff Regulations of Officials and Conditions of Employment of Other Servants of the European Union.

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Attiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

The candidates included in this reserve list may be offered an engagement under the conditions stipulated in Article 3a of the CEOs for Contract Staff, and/or may be offered an employment contract of a shorter duration and/or in a different location (Athens or Brussels) than the one stated in the vacancy notice, in accordance with the business needs and subject to agreement with the candidate. In this case, the Agency will contact the candidate in the reserve list and ask their interest.

The summary of the financial entitlements is available under "BENEFITS" here.

The salaries of staff members are subject to a community tax deducted at source. They are exempt from national tax on salary and are members of the Community social security and pension schemes.

For additional information about salaries, deductions and allowances please consult the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Union.

Successful candidates who have been recruited to a post at ENISA are required to furnish a valid certificate of good conduct before the start of their employment. The certificate of good conduct must be provided to ENISA prior to the signature of the employment contract. The certificate of good conduct must be issued by the relevant authorities of the country of nationality of the candidate and must not be older than three months at the time of submission to ENISA. ENISA reserves the right not to proceed with the signature of the contract based on the content of the certificate or if the candidate fails to provide the certificate to ENISA.

For specific posts the successful candidate(s) will be required to hold, or be in a position to obtain, a valid Personnel Security Clearance Certificate (national or EU PSC at SECRET UE/EU SECRET level). Personnel Security Clearance Certificate (PSCC) means a certificate issued by a competent authority establishing that an individual is security cleared and holds a valid national or EU PSC, and which shows the level of EUCI to which that individual may be granted access (SECRET UE/EU SECRET), the date of validity of the relevant PSC and the date of expiry of the certificate itself. Note that the necessary procedure for obtaining a PSCC can be initiated on request of the employer only, and not by the individual candidate.

Kindly note that the necessary procedure for obtaining a PSCC can be initiated by request of the employer only, and not by the individual candidate.

Failure to obtain the required security clearance certificate from the candidate's National Security Authority, either during or after the expiration of the probationary period, will give ENISA the right to terminate any applicable employment contract where the security clearance is a requirement.

8. Equal Opportunity

As a European Union Agency, ENISA is committed to providing equal opportunities to all its employees and applicants for employment. As an employer, ENISA is committed to ensuring gender equality and to preventing discrimination on any grounds. It actively welcomes applications from all qualified candidates from diverse backgrounds, across all abilities, without any distinction on any ground such as sex, race, color, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age, marital status or other family situation or sexual orientation, and from the broadest possible geographical basis amongst the

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Adiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

EU Member States. In particular, ENISA encourages the applications of women for the positions where they are currently under-represented.

If you have a disability or medical condition that may hinder ability to sit the interview or written test, please indicate this in your application and let us know the type of special arrangements you need. If the disability or medical condition is developed after the deadline for the applications, you must notify us via email to applications@enisa.europa.eu.

Overall, ENISA strives to select recruit, develop and retain, diverse talent workforce.

9. Requests, Complaints and appeals

Candidates, who consider that their interests have been prejudiced by any decision related to the selection procedure, can take the following actions:

9.1 Requests for feedback

Candidates to a selection procedure can request feedback regarding their results within ten (10) calendar days from the communication of their results. They should expect to receive an answer from ENISA at the latest within fifteen (15) working days from the request. Please note that the request for feedback does not extend the deadlines to submit a request for internal review or administrative complaint under Article 90(2) of the Staff Regulations.

Candidates should send an email to the following email address applications@enisa.europa.eu clearly indicating on the subject line: "Request for feedback of (name of candidate) for the vacancy notice reference number (vacancy notice reference number)" and clearly stating their request on the content of the email.

9.2 Requests for internal review of the decisions taken by the Selection Board

Candidates, who feel that an error has been made in relation to their non-admission to the selection procedure (i.e., not eligible) or to their exclusion from the selection procedure (i.e., not invited for an interview/written test) may request a review within ten (10) calendar days from the date on which they are notified about the decision. Requests for internal review may be based on one or more of the following reasons:

i) a material irregularity in the competition process;
ii) non-compliance, by the Selection Board or ENISA, with the Staff Regulations and relevant implementing rules, the vacancy notice, its annex and/or case-law.

Please note that candidates are not allowed to challenge the validity of the Selection Board's assessment concerning the quality of their performance in a test or the relevance of their qualifications and professional experience. This assessment is a value judgment made by the Selection Board and disagreement with the Selection Board evaluation of the tests, experience and/or qualifications does not prove that it has made an error. Requests for review submitted on this basis will not lead to a positive outcome.

Candidates should send an email to the email address applications@enisa.europa.eu, clearly indicating on the subject line: "Request for internal review (name of candidate) for the vacancy notice reference

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Attiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

number (vacancy notice reference number)". The candidates shall clearly indicate the decision they wish to contest and on what grounds. Requests received after the deadlines will not be taken into account.

Candidates having requested a review will receive an acknowledgment of receipt within fifteen (15) working days. The instance, which took the contested decision (either the Selection Board or ENISA), will analyse and decide on the requests and candidates will receive a reasoned reply in accordance with ENISA's Code of good administrative behaviour as soon as possible. If the outcome is positive, candidates will be re-entered in the selection procedure at the stage at which they were excluded, regardless of how far the selection has progressed in the meantime.

9.3 Administrative complaints

Candidates to a selection procedure, who consider they have been adversely affected by a particular decision of the Selection Board, have the right to lodge an administrative complaint, within the time limits provided for, under Article 90(2) of the Staff Regulations to the Executive Director of ENISA. A complaint can be submitted against any decision, or lack thereof, that directly and immediately affects the legal status as a candidate. Candidates should note that a complaint to the Executive Director against a decision of the Selection Board cannot result in overturning a value judgment made by the latter related to the scores given to candidates' assessment of the relevance of their qualifications and professional experience and of their performance in a test.

Candidates shall submit an email to the following email address applications@enisa.europa.eu clearly indicating on the subject line: "Complaint under Article 90(2) of the SR of (name of candidate) for the vacancy notice reference number (vacancy notice reference number)". Complaints shall be addressed to the Executive Director of ENISA, Ethnikis Antistaseos 72 & Agamemnonos 14, Chalandri 15231, Attiki, Greece. The complainant shall indicate clearly the decision they wish to contest and on what grounds. Complaints received after the deadline will not be taken into account.

9.4 Judicial Appeals

Should the complaint under article 90(2) be rejected, candidates to a selection procedure have the right to submit a judicial appeal to the General Court, under Article 270 of the Treaty of the Functioning of the European Union and Article 91 of the Staff Regulations of Officials and Conditions of Employment of Other Servants of the European Union. Please note that appeals against decisions taken by ENISA will not be admissible before the General Court, unless an administrative complaint under Article 90(2) of the Staff Regulations has first been submitted and rejected by express decision or by implied decision.

The General Court has consistently held that the wide discretion enjoyed by Selection Boards is not subject to review by The General Court, unless rules, which govern the proceedings of Selection Boards, have been infringed. For details on how to submit an appeal, please consult the website of the Court of Justice of the European Union: http://curia.europa.eu.

9.5 European Ombudsman

All EU citizens and residents can make a complaint to the European Ombudsman pursuant to Article 228 (1) of the Treaty on the Functioning of the European Union, as well as the Statute of the Ombudsman and the implementing Provisions adopted by the Ombudsman under Article 14 of the

enisa

European Union Agency for Cybersecurity (ENISA)

Agamemnonos 14 | Chalandri 15231 | Adiki | Greece | info@enisa.europa.eu | www.enisa.europa.eu

Statute. Before submitting a complaint to the Ombudsman, candidates must first make the appropriate administrative approaches to the institutions and bodies concerned.

Please note that complaints made to the Ombudsman have no suspensive effect on the period laid down in Articles 90 (2) and 91 of the Staff Regulations for lodging complaints or for submitting appeals to the General Court pursuant to Article 270 of the Treaty of the Functioning of the European Union. Please note also that under Article 2(4) of the General conditions governing the performance of the Ombudsman's duties, any complaint lodged with the Ombudsman must be preceded by the appropriate administrative approaches to the institutions and bodies concerned.

For details of how to submit a complaint, please consult the website of the European Ombudsman: http://www.ombudsman.europa.eu.

10. Data protection

All personal data shall be processed in accordance with Regulation (EU) No 2018/1725 of the European Parliament and of the Council (OJ L 295, 21.11.2018, p. 39–98) on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. ENISA is supervised by EDPS, http://www.edps.europa.eu. For any further enquiries you may contact the Data Protection Officer at: dataprotection@enisa.europa.eu.

Candidates are invited to consult the privacy statement, which explains how ENISA processes personal data in relation to recruitment selections.

E

Electronically signed on 09/04/2026 10:27 (UTC+02) in accordance with Article 11 of Commission Decision (EU) 2021/2121