GRC cybersecurity consultant
ABOUT THE CHALLENGE
You will join a committed security team of 10 Toreonites that is already working with great enthusiasm on different security projects in various industries.
As a GRC consultant, you will be the one who sets up risk management frameworks, identifies risks, and can prioritize them within the risk treatment plan.
You will provide updated action plans that allow us to take other companies to a higher level of security maturity.
In doing so, you will implement and manage information security management systems such as ISMS. By defining technical and process security measures in documented policies, processes, and standards, you will succeed in making organizations more secure and possibly even help them to obtain a security certificate.
To complete your role as a GRC consultant, you will be the one to perform security and privacy compliance assessments according to specified requirements of a security and privacy framework. You will assess organizations for compliance with the requirements of a security standard. You will be able to identify shortcomings quickly and report them immediately to the customer. You will translate these into concrete measures to meet the requirements. With this, you help the organization to meet legal standards.
You are people-oriented and enjoy advising others. You can adapt well to any situation and you can motivate others and give them insights. Showing respect for others is important.
In addition, you take responsibility for your own actions and you act correctly. Discretion in handling sensitive information and self-discipline can be seen in the results of your projects. Within your projects, we can see that you are the best in your field. You make efforts to grow your knowledge but also to share knowledge with others.
- Knowledge about security risk management methodologies such as: ISO27005, ISO31000, and COSO.
- Execute security risk analyses, business impact assessments and control assessments.
- You are able to Implement and do the management of an information security management system (ISMS).
- Knowledge about the security and privacy standards and governance frameworks such as ISO27001/2/12, NIST, CIS20 and GDPR.
- You can format reports for the client about security policies and processes.
- Conducting an audit and formulating an assessment plan (in accordance with ISO190011).
- Validate control measures and report the assessment results.
- If you have a technical background, you have the edge to make a good translation to the business. It will make it easier on yourself if you have experience in one of the following areas:
- Identity, Access, Vulnerability and Patch Management
- Security in the Software Development Life Cycle
- Cloud security (EMS o365, MS Azure, AWS, ...)
- Network Technology: Routing and switching standards, VPN,
- Experience in security domains and standards Cryptography (incl. Key Life Cycle Management) and Public Key Infrastructure.
- You are able to give professional advice in 2 languages like Dutch and English. French is a plus.
You are in possession of a relevant Bachelor or Master's degree within economics, IT or equivalent; engineering, sciences, computer sciences, statistics,…
One of the following certificates would be a plus:
ISO27001 Lead Implementer, ISO27001 Lead Auditor, Certified DPO, CISM, CISSP, and CISA.
WHAT WE HAVE TO OFFER
Toreonites are valued for their expertise, skills and personal contribution.
You will have the opportunity to work in a challenging environment where personal development and growth are constantly encouraged.
We offer an attractive and motivating salary package and you will receive on the job training from highly respected experts and you will be supported in obtaining certificates and other training.
Interested? Don't hesitate to check our website.