We are seeking a Cybersecurity GRC Manager to join our client in Brussels, responsible for driving governance, risk, and compliance initiatives across the organization. This role will play a critical part in strengthening the company's cybersecurity posture by ensuring robust governance frameworks, effective risk management practices, and adherence to industry standards and regulatory requirements.
A variety of soft skills and experience may be required for the following role Please ensure you check the overview below carefully.
Key Responsibilities
* Cybersecurity Governance
* Define, implement, and continuously improve cybersecurity governance frameworks, policies, standards, and procedures aligned with industry best practices.
* Ensure security governance is embedded across business and IT processes.
* Maintain alignment with enterprise security strategy and regulatory requirements.
* Risk Management
* Lead end-to-end cyber risk management activities, including identification, assessment, treatment, and monitoring of risks.
* Maintain and continuously update the enterprise risk register.
* Perform risk analysis for new projects, systems, vendors, and changes in the environment.
* Define and track risk mitigation plans in collaboration with technical and business stakeholders.
* Compliance & Regulatory Management
* Ensure compliance with key security and privacy frameworks such as ISO 27001, NIST Cybersecurity Framework, SOC 2, and applicable EU/regional regulations (e.G., GDPR where relevant).
* Support readiness for certifications, audits, and regulatory inspections.
* Translate compliance requirements into actionable security controls and processes.
* Audit & Assurance
* Coordinate internal and external security audits end-to-end.
* Act as the main point of contact for auditors and ensure timely provision of evidence.
* Track audit findings, ensure remediation plans are defined, and follow up on closure.
* Third-Party Risk Management
* Oversee security assessments of suppliers, vendors, and external partners.
* Define and enforce third-party security requirements and contractual obligations.
* Monitor ongoing vendor risk and ensure continuous compliance.
* Reporting & Stakeholder Management
* Develop and present executive-level dashboards and reports on cybersecurity risk, compliance posture, and key metrics.
* Communicate risk posture clearly to both technical and non-technical stakeholders, including senior leadership. xphnsxz
* Support decision-making by providing clear risk-based recommendations.
Required Skills
* 7–10 years of professional experience in cybersecurity, with strong focus on GRC
* Fluent in English and Dutch
* Solid hands-on experience in:
* Cyber risk assessments and risk management frameworks
* Compliance frameworks such as ISO 27001, NIST, SOC 2, etc.
* Strong ability to engage and manage senior stakeholders across IT and business functions
* Excellent communication, reporting, and documentation skills
* Strong analytical mindset with attention to detail and structured thinking
Nice to Have:
* Experience in the railway or transportation sector, or similarly regulated industries
* Relevant certifications such as:
* CISM (Certified Information Security Manager)
* CISA (Certified Information Systems Auditor)
* CRISC (Certified in Risk and Information Systems Control)
* CISSP (Certified Information Systems Security Professional)
* ISO 27001 Lead Implementer / Lead Auditor
* Experience working in large enterprise or multi-stakeholder environments
* Familiarity with audit-heavy or highly regulated environments
Please note that applicants must have the right to work in Belgium, as sponsorship is not available