- You execute security and IT risk assessments in IT and business, scoping projects or legacy assets (applications, business solutions, 3rd-parties organization, processes ). Maintenance of identified risks in the risk registry database
- You ensure that information security and IT requirements are included in third party's contracts.
- You execute the information security and IT control plan on third parties to ensure that they are performing accordingly with the contract.
- You coordinate and perform security audits on third parties.
- You set up processes and procedures for an end to end IT and security management for third-parties.
- You deliver consulting on risk management to internal customers (IT and Business) :
- Proposition or validation of measures to mitigate risks.
- Creation of detailed or synthetic risk report, structured and formulated in line with customer and Information Security Risk Management best practices.
- Support in increasing risk control maturity by providing a valuable follow up and reporting.
- You report risks and overall risk posture regarding Third-parties to Information Security, IT or Business Management
- Correlate risks across a portfolio of projects or activities; identify and propose transversal risk mitigating actions.
- Create risk dashboards and reports for a management audience.
- Create one-pagers and synthetic risk reports for a management audience.
- You manage customer relationship and are the Single Point Of Contact for the risk management services you delivered. You customize services to meet customer needs or expectations while ensuring compliance with risk management methodologies and guidelines of the our customer
- You contribute to definition and improvement of risk management methods and tools supporting those activities (risk identification guide, risk evaluation matrix, industrialization of risk monitoring and reporting framework and deliverables) taking into account your field experience as well as best practices coming from the customer or other sources like regulators, Basel II, COBIT, ISO27000/31000
- You contribute to writing processes and procedures supporting risk management activities outlined above, for both an expert and non-expert audience.
You will also carry on the activities listed below
- Develop, Implement and Maintain Information Security Controls
- In order to ensure that the organization, processes, and assets are managed in accordance with the IT and security policies, and that therefore the risks are controlled
- Support first-line in the definition and implementation of IT and security controls;
- Coordinate and monitor the execution of first-line controls;
- Follow-up and report to management and second line of defence the results of first-line controls and status of remediation actions;
- Provide advice on improvement of existing IT and Cyber security controls.
- Contribute to the tasks wrt Information Security Normative Framework
- Acquire and maintain knowledge of Information security policies, their evolution and alignment with Authoritative sources, other frameworks and legislation;
- Perform gap analysis to ensure that missing elements are integrated when & where relevant in the Information Security Policies by proposing the necessary change requests texts;
- Provide a multidimensional compliance view;
- Language skills Perfect in French and English
- You are the single point of contact for security matters related to the CIAT of our assets: business support, maintenance of procedures and tooling, regular reporting, integration of the security asset management in the overall asset management processes of the bank.
Experience on linking different ISMS processes is a must.
- The misssion is locate in the center of brussel
- Long term mission
- employee or freelance
- good salary package
- company car + fuel card
- health insurance DKV
- remote- 2,5 days week