Vacature

IT and Cyber Control & Compliance Officer

Brussel

Solliciteer

The Governance, Risk and Compliance (GRC) team supports IT and Business Units to define, implement and maintain an IT and Information Security Management System, with the ultimate objective to enable sound and formal risk decision making by management.

GRC Norms & Control team is very active the development and implementation of IT and Cyber controls (coming from the Group and/or locally designed controls) in order to mitigate ICT risks, demonstrate compliance internally or toward the regulator.

To support these activities, The Governance, Risk and Compliance team is looking for an IT and Cyber Control & Compliance Officer.

Function  description  Develop, Implement and Maintain ICT Controls (with a particular focus on conformity with regulations and or standards)

Tasks

  • Ensure the deployment of ICT Controls (Analysis, Identification and design of controls);

  • Coordinate and monitor the execution of ICT controls;

  • Assure the quality (completeness and adequacy) of the provided evidence;

  • Test the effectiveness of controls (sample of exhaustive) and provide an advice on the remediation;

  • Report to management, to stakeholders (including the Internal Audit) the results of ICT controls;

  • Follow-up the status of remediation actions related to these controls;

  • Contribute to creating/ updates processes and procedures

Ideal Profile

  • Language requirements: Dutch - Good speaking and writing (optional); French - Fluent speaking and writing; English - Fluent speaking and writing

  • Education: Master degree in IT or science or an engineering degree, with a strong ICT control background or proven equivalent experience / skills in the area; or Audit certification: ICT Audit/ ICT controls.

Certification        

Preferable

  • Certifications in ISO27k series, Certification in Information System Audit CISA, Information Systems Security Professional CISSP...

Required experience / knowledge           

  • At least 5 years of experience in Information Security and in IT process controls management.

Technical experience 

Mandatory             

  • 5 years experience in IT and Security controls;

  • Knowledge of IT/ Security procedures and standards;

  • Experience in Metrics definition and dashboarding;

  • Experience in designing and implementing (deployment) ICT process controls;

  • Skills in coordination of / collaboration with different teams and external resources;

  • Experienced with regulatory requirements, ISO/IEC standards (e.g.: 27001 Information Security Management Standard…), laws and regulations (CHAPS, CIS, ANSSI);

Preferable 

  • Project Management/coordination skills;

  • Knowledge of Agile Methodology.

Business experience  

Mandatory             

  • Ability to understand end-to-end ICT process flows and control needs;

  • Ability to explain to business the importance of ICT needs/ controls;

  • Experience in Reports and Memo drafting, and reports ad presentations addressed to senior management.

Preferable 

  • Experience in banking environment.

Soft skills  

  • Pro-active attitude;

  • Ability to deliver within deadlines;

  • Able to prioritize;

  • Strong analytical skills and detail oriented;

  • Ability to Challenge;

  • Ability to produce structured and concise documents;

  • Excellent English writing skills;

  • Ability to work in a dynamic and multi-cultural environment; team player.