Senior IT & Cyber GRC Expert
Role Overview
We are seeking a highly experienced Governance, Risk, and Compliance (GRC) Expert to join our dedicated risk management team. In this role, you will support both IT and various business units in developing and maintaining robust solutions for operational IT and Cyber risk management.
You will balance daily operational maintenance with strategic initiatives to enhance the maturity of GRC processes and tools. This position requires a proactive individual capable of navigating complex regulatory landscapes while ensuring alignment with organizational objectives and operational excellence.
Core Missions
* Risk Identification: Assessing IT and Cyber risks across assets, applications, internal projects, and third-party relationships.
* Strategic Advisory: Monitoring and reporting on risk mitigation strategies to optimize cost-efficiency while significantly reducing exposure.
* GRC Implementation: Managing the local execution of global GRC strategies in accordance with internal information security policies and regional regulations.
Key Responsibilities
* Operational Support: Reinforce activities related to ICT control execution and Third-Party Technology Risk Management (conducting assessments, negotiating contractual security clauses, and organizing audits).
* Process Optimization: Continuously monitor and adjust GRC tools and processes to improve performance and simplify workflows without losing critical interconnections.
* Stakeholder Communication: Analyze complex GRC problem statements and propose concrete, actionable solutions for both technical and non-technical Senior Management.
* Quality Assurance: Ensure the high-quality transition of GRC process changes into production, specifically focusing on control frameworks and vendor risk.
Experience & Qualifications
Technical Requirements:
* 10+ years of professional experience in IT & Cyber Risk Management.
* Deep expertise in Third-Party Risk Assessments and Cloud Security (SaaS, IaaS, PaaS).
* Strong knowledge of application security, vulnerability management, and penetration testing reports.
* Proficiency in frameworks and regulations such as ISO 27001, NIST, GDPR, DORA, and SOC 2.
* Familiarity with GRC tools (experience with ServiceNow GRC is a plus).
Business & Soft Skills:
* Significant experience in Financial Services or large-scale corporate environments.
* Proven ability in process design, business analysis, and project management.
* Strong analytical skills: Ability to distill complex technical risks into clear insights for leadership.
* Excellent negotiation skills, particularly regarding IT and Cyber clauses in legal contracts.
* Mentorship: Ability to coach team members and lead by example.
Education & Certifications:
* Master’s degree or equivalent professional experience.
* Preferred: CISSP, CISM, CIPP, CCSK, or CISA.
Language & Logistics
* Languages: Fluency in English and French is mandatory. Knowledge of Dutch is an asset.
* Work Arrangement: Hybrid model (50% on-site, 50% remote).