IT Risk Officer

  • You will be responsible for guarding the vision, the development of strategy and the implementation of the Information Security Risk and IT Risk Management program within our clients’ organization, including its affiliates;
  • You will identify, analyze and report information security risks for different Business Units;
  • You will provide Information Security requirements for IT projects;
  • You will follow up on the implementation status of agreed controls;
  • You will identify, analyze and report on the internal IT risks, and take care of the follow-up;
  • You will maintain the risk register and take care of the management reporting;
  • You will participate in the implementation of an ISMS;
  • You will define risk policies, standards, procedures and guidelines;
  • You will set up and maintain an Information Risk Management framework, based on the ISF IRAM methodology;
  • You will define, organize and apply information risk analysis, you will set up and maintain an information risk registry, and you will set up and maintain an IT risk register;
  • You will guide business about their availability requirements versus disaster recovery capabilities, in cooperation with the Service Continuity Officers;
  • You will align risk assessments and controls with the Data Protection Officers;
  • You will set up and maintain an IT risk management framework, based on ISO 31000, COBITv5 and the actual Enterprise Risk Management framework;
  • You will set up and maintain relationships and act as point of contact with internal audit and other risk departments;
  • In both IT Risk Management and Information Risk Management you will work closely with IT PMO to align with existing IT processes, with IT Project Managers and operational managers to identify or mitigate risks, with DPO to guard privacy, with IT Compliance Officers, with the CyberSecurity team, and with IT Service Continuity Officers to align on risks and BIA’s.
  • You have a Bachelor's degree or you are equivalent by relevant working experience;
  • You have at least some years of relevant experience in risk management and / or information security;
  • You have knowledge of ISO2700x, ISO31000, COBIT5, ITIL, …;
  • You have experience in assessing and managing IT and/or Information Risk;
  • You have broad knowledge of IT processes and technology;
  • You have knowledge of security architectures and controls;
  • Having knowledge of ISF IRAM is a strong plus;
  • You have experience in managing and overseeing security in third party service providers;
  • Having 1 or multi certifications (CISSP, CISM, CISA or CRISC) is a strong plus;
  • You are fluent in Dutch or French, you have at least passive knowledge of Dutch and French, being fluent in Dutch and French is a plus.
  • A challenging job in a fast growing and dynamic IT organization;
  • An employer with a clear social benefit and a well-defined strategy;
  • An intellectual challenge, including the possibility to follow relevant training courses, both internally and externally;
  • A competitive salary package included several fringe benefits such as a company car, group- & health insurance, etc.;
  • A healthy work-life balance.