Vacature

IT & Cyber Risk Management Professional

Brussel

Solliciteer

The company’s Governance, Risk and Compliance team supports IT and Business Units to develop adequate solutions on operational IT and Cyber risk management practices, with specific focus on Information Security.

Their main missions are:

  • Identify operational IT and Cyber risks on assets/applications, projects and 3rd-parties.

  • Advice, consult, monitor and report on risk treatment in order to reduce the overall risk exposure of IT and Business at an optimized cost.

  • Elaborate and manage the implementation of a flexible strategy to reduce IT and Cyber risks in accordance with the IT and Information Security policies of the Group.

Tasks             

  • you execute IT and security risk assessments in IT and business contexts (applications, business solutions, 3rd-parties organization, processes…).

  • you execute information security and IT control plans on third parties to ensure that they are performing according to signed contracts.

  • you coordinate and perform IT and security audits on third parties.

  • you create one-pagers and synthetic risk reports for a management audience

  • you set up processes and procedures for an end to end IT and security management for third-parties.

  • you deliver consulting on IT and Cyber risk management to internal customers (IT and Business) :Proposition or validation of measures to mitigate risks. Creation of detailed or synthetic risk report. Support in increasing risk control maturity by providing a valuable follow up and reporting.

  • you manage customer relationship and are the Single Point Of Contact for the risk management services you delivered.

  • you contribute to definition and improvement of risk management methods and tools on the third-party management area.

  • you contribute to writing processes and procedures supporting risk management activities outlined above, for both an expert and non-expert audience. Experience on linking different ISMS processes is a must.

  • you are knowledgeable on CIAT topic and able to adapt to the way this is applied in the bank for third-party suppliers.

  • you review IT and security contractual clauses for suppliers servicing bank activities. 

Ideal Profile

  • Education: Bachelor/Master or equivalent by experience

  • Certification: (Optional) CISSP, CISM, CIPP, CCSK, ISO27001...

Required experience / knowledge  

  • Professional experience in information security (5+ years)

  • Experience in process design and Business analysis

  • Experience in Third-party IT and security assessments

  • Experience in risk management

  • Experience in delivering presentations and training

Technical experience                

Mandatory      

  • Significant experience in operational/security risks management.

  • Significant experience in working with cloud services (SaaS, HSP, AWS)

  • Strong MS Office Skills (Excel, word, Powerpoint)

  • Knowledge of software development security best practices

  • Experience in release management, change management, incident management, testing

Preferable        

  • Security certifications like CISSP, CISM, CIPP, CCSK.

  • Experience with RSA Archer and/or ServiceNow GRC.

  • Experience in vulnerability management and penetration testing

  • Knowledge of control frameworks and audit methodologies.

Business experience     

Mandatory      

  • Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.)

  • Professional experience in information security (5+ years), particularly in cloud based solutions

  • Strong IT background.

  • Professional experience in Financial Services. used to work in large companies.

  • Experience in reviewing and amending IT and Cyber Third-party clauses in contracts

Preferable        

  • Experience in banking environment.

Soft skills   

  • High performer

  • Autonomy, commitment, and perseverance in personal organization.

  • Quick self-starter, pro-active attitude, team player.

  • Results-oriented, responsible for his/her tasks, resourceful.

  • Excellent English writing skills.

  • Good communication and influencing skills.

  • Good analytical and synthesis skills, ability to produce structured and concise documents, be precise and methodological.

  • Ability to work in a dynamic and multi-cultural environment.

  • Accurate & control minded, but flexible.

  • Ability to capture and adapt to stakeholder expectations while respecting processes in place.

  • Ability to mentor/coach people.

Steven Van de Zande

Interesse in deze vacature?

Samenwerken?

We're in control of IT!

Contacteer Steven