For a client, we are seeking an experienced IT and Cyber Risk Management Professional to join a dedicated Governance, Risk, and Compliance team. This role is critical in supporting IT and Business Units to develop and implement robust operational IT and Cyber risk management practices, with a particular focus on Information Security.

Start Date: 18/11/2024
End Date: 31/07/2025
Work Location: Brussel (Expectation: 50% on-site & 50% homeworking)

Responsibilities:

• Conduct IT and security risk assessments within IT and business contexts, including applications, business solutions, and third-party organizations.
• Execute information security and IT control plans for third parties, ensuring compliance with contracts.
• Coordinate and perform IT and security audits on third parties.
• Develop concise risk reports and one-pagers for management.
• Establish end-to-end IT and security management processes for third parties.
• Provide consulting on IT and Cyber risk management to internal customers.
• Manage customer relationships and act as the Single Point Of Contact for delivered risk management services.
• Contribute to the definition and enhancement of risk management methods and tools.
• Draft processes and procedures for risk management activities for both expert and non-expert audiences.
• Review IT and security contractual clauses for supplier agreements.

Required Qualifications and Experience:

• Bachelor/Master degree or equivalent by experience.
• Professional experience in information security (5+ years).
• Experience in process design and business analysis.
• Proven track record in third-party IT and security assessments.
• Demonstrated experience in risk management.
• Experience in delivering presentations and training.

Technical Experience:

• Operational/security risks management (mandatory).
• Working with cloud services such as SaaS, HSP, AWS (mandatory).
• Proficiency in MS Office (Excel, Word, PowerPoint).
• Knowledge of software development security best practices.
• Familiarity with release management, change management, incident management, and testing.

Preferred Experience:

• Security certifications (CISSP, CISM, CIPP, CCSK).
• Experience with RSA Archer and/or ServiceNow GRC.
• Experience in vulnerability management and penetration testing.
• Knowledge of control frameworks and audit methodologies.

Business Experience:

• Understanding of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.).
• Strong IT background, particularly in cloud-based solutions.
• Experience in working within large companies.
• Experience in reviewing and amending IT and Cyber Third-party clauses in contracts.

Soft Skills:

• High performer with autonomy, commitment, and perseverance.
• Quick self-starter with a pro-active attitude and team player mindset.
• Results-oriented with responsibility for tasks and resourcefulness.
• Excellent English writing skills.
• Strong communication and influencing skills.
• Good analytical and synthesis skills, with the ability to produce structured and concise documents.
• Ability to work in a dynamic and multi-cultural environment.
• Accurate and control-minded, yet flexible.
• Ability to mentor and coach colleagues.

Language Requirements:

• Dutch: Fluent
• French: Fluent (Mandatory)
• English: Fluent (Mandatory)