The Security Policy and Compliance Expert contributes to the design, deployment, and governance of Group Security Policy principles tailored to the country, within a local ISMS framework aligned to ISO The role ensures regulatory compliance (GDPR, NIS2, DORA) and drives ISO certification lifecycle for ISO27001 and ISO BCMS), participating to centralized governance to promote resilience and secure operations across the telecom operator's fixed and mobile networks.
Security Policy & Compliance Expert
Location: Evere
* Policy framework development and maintenance Define, update, and enforce group security policy principles aligned with ISO 27001/27005 and country-specific requirements; establish governance processes for policy decisions.
* Compliance enforcement Manage regulatory and contractual compliance (GDPR, NIS2, DORA). Ensure our risk management governance is compliant with our regulatory or ISO 27005 obligations.
* ISMS governance and integration Lead centralized governance of the Information Security Management System, ensuring cohesive integration across functions and driving continuous improvement of security practices.
* ISMS ISO27001 certification lifecycle management and regulatory projects Define and lead projects needed to maintain ISO27001 certification and ensure ongoing compliance with regulatory frameworks (e.g., NIS2); coordinate scope extensions and governance around certifications. Role may be accountable for specific project deliverables as delegated by the manager; overall accountability remains with the Manager.
* BCMS ISO22301 certification maintenance Define and lead governance and activities to maintain ISO22301 certification (Business Continuity Management System); coordinate BCMS scope, audits, and improvements in alignment with ISO22301 requirements.
* Audit, assurance and corrective actions. Coordinate internal and external audits, manage non-conformities, track corrective actions, and monitor performance against security and compliance objectives.
* Master degree (or equivalent) in Computer sciences
* 3 years' experience working in an ITN environment with focus on ITN Security and Continuity within a large and complex organization.
* Professional certifications such as CISSP, CISM, or CompTIA highly desirable.
* Proven experience in a security role, ideally within a complex organization.
Apply