Cyber Security Officer
Location:
Zaventem Start Date:
ASAP Duration:
3 months with possible extensions Work Schedule:
Part-time, 3 days per week (2 days on-site) Language Requirements:
English Key Responsibilities:
Technical Risk Decomposition:
Identify security vulnerabilities by deconstructing complex project architectures and data flows. Utilize OWASP Risk Rating Methodology for application-level threats and ISO 27005 for systemic IT risks.
Cross-Functional Collaboration:
Work with Architects and DevOps teams to integrate security controls without affecting delivery speed. Compliance Oversight:
Ensure compliance with internal security policies and regulations, including GDPR and NIS2, throughout the project lifecycle. Architecture Deep-Dives:
Analyze software design, including APIs and micro‑services, to detect flaws as per the OWASP Top 10. Third‑Party Security:
Conduct security reviews of external contracts and assess critical service providers. On‑site Stakeholder Engagement:
Lead workshops with Architects and Product Owners to translate regulatory requirements into technical controls. Reporting:
Convert technical risks into actionable business insights for management and steering committees. Key Performance Indicators:
Assessment Coverage:
Analyze critical projects before production \"Go-Live.\"
Remediation Rate:
Address or formally accept high‑risk findings. Risk Prediction Reliability:
Ensure no major security vulnerabilities are discovered in production that were not identified during the GRC assessment phase. Turnaround Time:
Minimize the duration between project intake and the finalization of the security risk report. Skills Required:
Availability & Location:
Commit to a 3‑day work week with at least 2 days on-site.
Framework Mastery:
Expertise in Cyber frameworks (ISO 27001/27002/27005, NIST) and the NIS2 directive. Technical Risk Expertise:
Proficient in applying OWASP Risk Rating Methodology and performing technical architecture reviews, particularly in Cloud/GCP environments. Analytical Mindset:
Ability to identify risks and find hidden gaps in technical documentation. Communication:
Fluent in English, capable of simplifying complex security issues for non‑technical stakeholders. Experience:
Minimum of 5 years in Cyber Security, specifically in a GRC or Security Architecture role.
#J-18808-Ljbffr