IT and Cyber Risk Management Advisor

仕事内容

Experience:

IT and Cyber Risk Management Advisor

Work Location:
Brussels

Contract Duration:

Start Date: 12/08/2024
End Date: 12/08/2025

Hybrid:

Expectation: 50% on-site & 50% homeworking.

Mission Context:

The Governance, Risk, and Compliance (GRC) team supports IT and Business Units in developing robust solutions for operational risk management practices, with a specific focus on Information Security. The team’s core missions include identifying operational IT and Cyber risks, advising on risk treatment, and developing strategies to reduce overall risk exposure.

Key Responsibilities:

Security Risk Quality Assurance:

• Perform security risk quality assurance from the creation to the closure of risks.

Risk Management Support:

• Deliver advice and support on risk management to internal IT and Business customers by:
• Accompanying and challenging IT risk assessments performed by different entities.
• Proposing or validating mitigation measures derived from risk assessments, security scans, penetration tests, and other controls.
• Creating risk reports in line with the companies IT/Cyber Risk Management best practices.
• Providing valuable follow-up and reporting to increase risk control maturity.

Risk Reporting:

• Report risks and the overall risk posture to Information Security, IT, or Business Management.
• Create risk dashboards and reports for a management audience.
• Identify and propose transversal risk mitigation actions.

Customer Relationship:

• Act as the Single Point of Contact (SPOC) for the risk management services provided to customers.

Process Improvement:

• Contribute to improving risk management methods and tools, incorporating field experience and best practices and regulatory bodies like Basel II, CobIT, ISO27k/31000.

Documentation and Support:

• Write procedures and processes for risk management for both expert and non-expert audiences.
• Serve as the SPOC for security matters related to the Information Asset and the CIAT rating of assets.
• Provide business support and maintain procedures while integrating security asset management into the bank’s overall asset management processes.

Required Experience/Knowledge:

• At least 8 years of acknowledged experience in the technical and/or functional domain.
• Experience linking different ISMS and IT Risk processes.
• Knowledge of control frameworks and audit methodologies.
• Significant experience working with cloud services (SaaS, HSP, AWS).
• Knowledge of software development security best practices.
• Experience in release management, change management, incident management, and testing.
• Technical Certifications:
• CISSP, CISM, CIPP, CCSK certifications are preferred.

Language Requirements:

• English: Sound knowledge of English is required.
• Dutch/French: A plus.

Education and Certifications:

• Master’s Degree in a relevant field.
• Security certifications such as CISSP, CISM, CIPP, CCSK.

Soft Skills:

• Anticipating technological change.
• Methodical and organized approach.
• Understanding of company operations.
• Availability and proactive attitude.

If you are interested in applying, please submit your CV ASAP.

Job Types: Full-time, Freelance

Experience:

• Governance, Risk and Compliance: 8 years (Preferred)

License/Certification:

• CISSP (Preferred)
• CISM (Preferred)

Location:

• Brussels (Preferred)

Work Location: In person