Purpose of the Job

Key Accountabilities

• Risk Analysis: Conduct comprehensive risk assessments to identify vulnerabilities, threats, and potential impacts on organizational assets. Support the IT Team in carrying out a Risk Analysis. Identify mitigation measures and support the team to implement it.
• Risk Monitoring: Track and monitor identified risks, ensuring that appropriate mitigation strategies are in place and regularly updated. Oversee RCSA process, facilitating discussions and follow-ups to ensure effective risk management and control measures
• Audits Follow-Up: Coordinate and follow up on internal and external audit findings, ensuring timely resolution of issues and implementation of recommended actions.
• ERI Points Follow-Up: Manage the follow-up on Enterprise Risk Items (ERI) points, ensuring that all identified risks are addressed and mitigated appropriately, including a strong follow-up with the stakeholders. Develop, implement and maintain comprehensive policies, procedures and guideline about this process. Draft and review waivers once needed.
• Due Diligence Review: Review due diligence documentation/SOC-2 reports for third-party vendors to assess their risk posture and compliance with security policies.
• Procedure Review: Conduct regular reviews of Cybersecurity procedures and processes to ensure alignment with best practices, regulatory requirements and Quintet policies
• DORA Regulation Alignment: Ensure compliance with the Digital Operational Resilience Act (DORA) by aligning internal processes and controls with its requirements.
• Reporting: Prepare and present regular reports on risk status (ERI), compliance, and governance initiatives to stakeholders and senior management.
• Collaboration: Work closely with IT and other departments to foster a culture of security awareness and ensure alignment of security practices with business objectives. Provide expert guidance to IT on Information Security best practises. Ensure link between the Group CISO and DPO Team.
  

Knowledge and Experience

• Master’s degree in Information Security, Computer Science, or a related field.
• Minimum of 5 years of experience in risk management, security governance, or a related area, preferably within the banking or financial services sector.
• Strong knowledge of risk assessment methodologies (e.g. risk framework 27005), security frameworks (e.g., NIST, ISO 27001) and Compliance regulations (GDPR, DORA, etc.)
• Familiarity with security technologies and tools (firewalls, intrusion detection systems, SIEM, etc.).
• IT Risks reporting
• Cybersecurity Hygiene
• Relevant certifications (CISSP, CISM, CCNP Security, etc.) are highly desirable.
• Big4’s or Audit/Consulting firm experience is a plus
• Ability to collaborate effectively with cross-functional teams
  

Attributes and Qualities

• Well organized, self-motivated and proactive
• High reactivity, flexibility, stress resistance
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders. (oral/written)
• Clients and services oriented , problem-solving skills.
• Excellent analytical and organizational skills
• Interacting with business
• Networking
• Project management
• Sense of innovation

Technical Skills

• Risk Assessment and Management. Skills in conducting risk assessments and developing mitigation strategies.
• Good knowledge Firewall Next Generation (VPN, IPS, Anti-malware, Sandbox, URL Filtering, ...); Mail & Web gateways;
• Familiarity with VPN and Remote access solutions, Endpoints Security (antivirus, antimalware), Threat Intelligence and Vulnerability Management, Cloud Security, Project Management methodologies (Agile, ITIL).

Languages Skills

• French C1/C2
• English C1/C2
• Dutch or German is an advantage.