Overview
Security Risk Manager within the CISO Office. You will be responsible for strengthening and operationalising the organisation’s security risk management framework. You will help design scalable processes, drive enterprise-wide awareness, and act as a key liaison between business stakeholders and technical security teams. Your work will support compliance with regulatory standards such as NIS2, ISO 27001, and GDPR, and improve the overall security risk posture. Onsite requirement: 3 days per week.
Key Responsibilities
* Formalise and enhance risk management processes and procedures, ensuring they are pragmatic, scalable, and business-aligned
* Conduct and support security risk assessments (identification, documentation, evaluation) across IT and security domains
* Propose and monitor risk mitigation plans, ensuring they are actionable and effectively tracked
* Follow up on risk response action items to ensure timely implementation and closure
* Maintain and continuously improve the central risk register with up-to-date exposure levels and mitigation status
* Collaborate with security architects to analyse technical risks identified in assessments and project reviews
* Act as a liaison between the CISO Office and the Enterprise Risk Management (ERM) function to ensure governance alignment
* Lead awareness initiatives and promote a risk-aware culture across the organisation
* Support the implementation and reporting of NIS2 controls related to security risk management
Ideal Profile
* 15+ years in IT/security, including 10+ years in Security Risk Management roles
* Proven background in IT risk management, cybersecurity, or security governance
* Solid understanding of risk assessment methodologies, control frameworks, and regulatory standards (NIS2, ISO 27001, GDPR)
* Ability to design and implement structured risk management processes: SOPs, workflows, dashboards
* Strong stakeholder engagement skills across business and technical domains
* Experience managing risk registers, scoring models, and compliance monitoring tools
* Familiarity with enterprise governance and integration with ERM practices
* Expertise in core security domains:
o Network security
o Cryptography
o Identity & Access Management (IAM)
o Cloud security
o Infrastructure security
o Business continuity & backup
* Excellent written and verbal communication, able to engage and influence decision-makers
* Fluent in English; Dutch and/or French is a plus
Seniority level
* Mid-Senior level
Employment type
* Full-time
Job function
* Information Technology
Industries
* Software Development
#J-18808-Ljbffr