Cyber Security OfficerLocation: ZaventemStart Date: ASAPDuration: 3 months with possible extensionsWork Schedule: Part-time, 3 days per week (2 days on-site)Language Requirements: EnglishKey Responsibilities:Technical Risk Decomposition: Identify security vulnerabilities by deconstructing complex project architectures and data flows. Utilize OWASP Risk Rating Methodology for application-level threats and ISO 27005 for systemic IT risks.Cross-Functional Collaboration: Work with Architects and DevOps teams to integrate security controls without affecting delivery speed.Compliance Oversight: Ensure compliance with internal security policies and regulations, including GDPR and NIS2, throughout the project lifecycle.Architecture Deep-Dives: Analyze software design, including APIs and micro‑services, to detect flaws as per the OWASP Top 10.Third‑Party Security: Conduct security reviews of external contracts and assess critical service providers.On‑site Stakeholder Engagement: Lead workshops with Architects and Product Owners to translate regulatory requirements into technical controls.Reporting: Convert technical risks into actionable business insights for management and steering committees.Key Performance Indicators:Assessment Coverage: Analyze critical projects before production \"Go-Live.\"Remediation Rate: Address or formally accept high‑risk findings.Risk Prediction Reliability: Ensure no major security vulnerabilities are discovered in production that were not identified during the GRC assessment phase.Turnaround Time: Minimize the duration between project intake and the finalization of the security risk report.Skills Required:Availability & Location: Commit to a 3‑day work week with at least 2 days on-site.Framework Mastery: Expertise in Cyber frameworks (ISO 27001/27002/27005, NIST) and the NIS2 directive.Technical Risk Expertise: Proficient in applying OWASP Risk Rating Methodology and performing technical architecture reviews, particularly in Cloud/GCP environments.Analytical Mindset: Ability to identify risks and find hidden gaps in technical documentation.Communication: Fluent in English, capable of simplifying complex security issues for non‑technical stakeholders.Experience: Minimum of 5 years in Cyber Security, specifically in a GRC or Security Architecture role.
#J-18808-Ljbffr