Job description
IT Risk Officer responsibilities:
Risk:
1. Develop the organization’s IT risk management strategy.
2. Advocate risk management practices with IT management and business owners.
3. Identify and assess cybersecurity-related threats, vulnerabilities, and risks in IT systems, applications and services.
4. Document and analyze uncovered risks, identify the appropriate owner, and propose the most suitable risk treatment options.
5. Guide, document and keep track of risk acceptance decisions.
6. Follow up and report on risks throughout the complete risk management cycle.
7. Monitor the effectiveness of security controls and risk levels.
IT Security Officer responsibilities:
General:
8. Implement and operate the Information Security Management System (ISMS)
9. Support IT and business projects with cybersecurity expertise, insights and advice.
Awareness:
10. Develop and deliver cybersecurity educational materials.
11. Maintain the organization’s security awareness platform and solutions.
12. Promote cybersecurity awareness and security practices within the organization.
Policies & standards
13. Develop and maintain security policies and other documents within the policy framework.
14. Support the documentation of security standards and operating procedures.
15. Manage, document and keep track of requests for exceptions.
Third party security
16. Assess the security maturity of critical suppliers and partners
17. Support business contacts with providing security assurance to customers and other third parties.
Your profile
18. Excellent leadership skills to drive change.
19. Excellent analytical skills to identify and assess risks in a complex and diverse environment.
20. Broad technical background to collaborate with subject matter experts in different domains.
21. Strong verbal and written communication skills to communicate abstract topics to a non-technical audience.
22. Experience with identifying and addressing cyber threats and vulnerabilities in an international and industrial environment.
23. Experience with developing, communicating and enforcing security policies, guidelines and procedures.
24. Experience with cybersecurity awareness and training.
25. Knowledge of and experience with cybersecurity-related frameworks, such as ISO27001, ISO 27005, CIS, NIS2 and CyberFundamentals.
26. Knowledge of cybersecurity-related technologies and controls.
27. Knowledge of cybersecurity related regulations and legislation.
Required experience4 years We offer
28. You will be welcomed by a team full of enthusiastic experts who will support you and the projects in the best possible way you can imagine.
29. A no-nonsense culture where entrepreneurial skills are embraced.
30. A long-term employment with an emphasis on personal development.
31. Hybrid working according to a 3/2 regime (3 days office/home)
32. Competitive remuneration depending on relevant knowledge and experience.
33. Freelance or contract (possibility for extra-legal benefits such as meal vouchers, hospitalization insurance, company car,...)