InfoSec Consultant

Your Role

We are looking for a GRC Information Security Consultant to join our GRC department. You will take part in stimulating consulting and project assignments under the supervision of our Lead consultants and Practice Leader.
Your missions will consist of:

• Be an integral part of our Governance, Risk and Compliance solutions
• Representing APPROACH and delivering high standard quality deliverables
• Bring high-value solutions to customers in the area of GRC (Business Continuity and Information Security and Risk Mgt, Data Privacy)
• Delivering GRC solutions in various steps of the engagement’s lifecycles (perform security and risk assessment, contribute or manage security project, deliver GRC solution as a service).
• Provide CISO or assistant-CISO services to our customers (i.e. provide strategic and technical advise, organizing the information security related activities, supporting customers to manage security incident(s),
• Provide Data Protection Management and/or DPO service to our customers (i.e. conduct awareness session, DPIA’s, compliance assessment, support in Data Subject Access Request or Data Breach)
• Actively participate in the development of a GRC solution offering including improving GRC assets and writing of resources
• Sharing knowledge and actively contributing to GRC team meetings
• Bringing a positive and “can-do” attitude and energy to the team

By joining this project, you will have the opportunity to:

• Develop your consulting role regarding analytical capacity, ability to see the overall picture, and both written and oral expression.
• Be recognized by the community as being an expert in your area.
• Demonstrate your capability to work in a team and portray a positive attitude.
• Capitalize on the experience acquired within the Practice.
• Utilize or learn the tools or methodologies of the Practice and actively contribute to developing these tools and methodologies.

Your profile

You have:

• More than 3 Years of professional (on the field) experience, including demonstrable experience in Information/IT Security
• University Degree Qualified or equivalent work experience
• Uncompromised integrity: respect for the confidentiality of both client and company information
• Strong understanding of ISO27000 standards, Data Protection, and Risk management
• Strong understanding of regulatory frameworks such as GDPR, NIS, eIDAS, ..
• Ability to define the global information security strategy, the scope and context
• Good understanding of Information Risk Management, including Third party risk management
• Ability to write policies, processes, guidelines, and procedures
• Good understanding of IT and Cloud services
• Contributed to the implementation or operation of ISMS
• Exposure or management of security audit, security incident, and crisis management
• Establish and coordinate business continuity management
• Perform training and awareness activities
• Manage small to medium size projects preferably in ICT and information security
• Exposure toward middle to senior management
• Excellent communication and presentation (oral and written)

Considered as a plus:

• ISO27001 Lead Implementer or lead auditor
• ISO27005, EBIOS
• CISSP
• CISM, CRISC, CISA
• COBIT, ITIL
• CCSK