YPTO

As a GRC Officer within the CISO team, you will be responsible for managing and improving the Governance, Risk and Compliance processes of our organization. You will work closely with various internal and external stakeholders to ensure a seamless integration of risk management and compliance within all layers of the organization.

Your main task is to ensure that our organization complies with relevant laws and regulations, including NIS2 and GDPR, and that our internal processes and procedures are constantly adapted to the latest developments in information security and risk management.

Contributing to or co-developing, implementing, and maintaining an effective Information Security Management System (ISMS) and risk management program to protect the organization's sensitive information, ensure compliance with relevant regulations, and minimize security risks is also part of this.

 

DOMAIN-RELATED:

Governance:

  •      Develop and maintain an effective GRC Framework that ensures the organization complies with legal, regulatory and internal requirements.

  •      Collaborate with the Enterprise Risk Management team to align risk management strategies with business objectives.

Risk:

  •      Identifying, assessing and managing risks within the organization, with a special focus on IT, cyber [JH1] and information security risks.

  •      Prepare risk assessment reports and ensure timely and effective communication of risks to the relevant stakeholders.

  •      Monitoring and reporting on the effectiveness of risk management measures.

Compliance:

  •      Ensure compliance with relevant laws and regulations such as NIS2 and GDPR.

  •      Develop, implement, and manage compliance programs and controls within the organization.

  •      Maintaining relationships with regulatory bodies and ensuring that the organization responds to regulatory changes in a timely and effective manner.

ROLE-RELATED:

  •      Implementation

  •      Monitoring and Reporting

  •      Advice and guidance

  •      Improvement of processes

  •      Response to incidents

 

TASK-RELATED:

ISMS Development and Deployment:

  •      Support the ISMS domain lead in developing, implementing, and maintaining the organization's ISMS framework in accordance with international standards (e.g., ISO 27001).

  •      Identify and classify information assets, assess risks, and establish appropriate security controls.

Risk Analysis and Risk Management:

  •      Support the Risk domain lead in the implementation of new methodologies.

  •      Conduct regular risk assessments to identify vulnerabilities and threats to the organization's information systems and data.

  •      Prioritizing risks based on their potential impact and probability, and developing mitigation strategies.

  •      Integrate with projects and implementations to provide timely and accurate recommendations as preventive risk measures.[JH2] 

  •      Supporting the Risk domain lead in the implementation of new methodologies.

Compliance with Policies and Procedures:

  •      Create and update security policies, procedures, and guidelines in line with industry best practices and regulatory requirements.

  •      Communicate and inform employees about security policies and procedures.

  •      Follow-up of policies and monitoring compliance with them

Project Management:

  •      Lead and support GRC-related projects from start to finish, leveraging advanced project management skills.

  •      Collaborate with internal teams such as Security Architects, Cybersecurity, and Identity, Credential and Access Management (ICAM) to achieve project objectives.

  •      Ensure timely delivery of projects within scope, budget, and set timelines.

Stakeholder Management:

  •      Act as a Subject Matter Expert (SME) for all GRC topics within the organization.

  •      Communicate and collaborate effectively with different teams and departments to achieve GRC objectives.

Vereisten

  • Master or Bachelor’s degree in Computer Science, Business Administration, Law or a related field

  • Relevant information security and risk certificates, such as CISSP, CRISC, CISM, or other

  • Relevant project management certificates such as PMP, Prince2 or other project management certificate

  • ISO 27001-27005, NIST Cybersecurity Frameworks, Risk Management Frameworks (FAIR)

  • Extensive knowledge of NIS2, GDPR and other relevant laws and regulations

  • Knowing and protecting compliance with applicable policies and legislation

  • Knowledge of Information Security Management Systems, Information Security Principles and Standards, Information Security Governance, Policies & Awareness

  • Knowledge of Information Security Risk Management

  • Knowledge of cybersecurity and privacy standards, frameworks, policies, regulations, legislation, certifications and best practices

  • Familiarity with GRC tooling, CISO Security Solutions & Services

  • Familiarity with auditing an ISMS and IT compliance along with best practices for responding to audit findings

  • Keeping records, processing data and ensuring their quality and completeness

 

Required:

  • Strong analytical skills and the ability to solve complex problems

  • Excellent communication skills, both written and verbal

  • Excellent analytical and problem-solving skills

  • Fluent in English and at least fluent in one of the national languages Dutch or French, with some knowledge of the other

 

Additional plusses:

  • Knowledge of Management Practices & Resource Management

  • Knowledge of Cybersecurity Measures and Cybersecurity Maturity Models

  • Knowledge of IT data flow documentation

  • Knowledge of the structure and internal (work) procedures of the organization

  • Knowledge of current and company-specific software

                                                                                                                                                                  

Our offer

Within our open corporate culture, you contribute to the digital transformation of SNCB. You will have a job with social impact and ample opportunity to make your own contribution. In addition to a good work-life balance and a competitive salary, you will receive the following benefits:

  • the possibility to work remotely + flexible working hours;

  • 35 days of leave;

  • a company car + a public transport season ticket;

  • a target bonus;

  • a comprehensive insurance package (affiliation without own contribution, excl. outpatient costs for family members);

    • hospitalisation and dental care for the whole family;

    • outpatient costs (= medical costs separate from hospitalisation);

    • group insurance: supplementary pension, work disability and death (cafeteria plan);

    • accidents at work (extralegal);

  • meal vouchers and eco-vouchers;

  • net allowances for remote working and carwash + internet budget.

Solliciteer voor deze vacature
Solliciteer voor deze vacature
Locatie icoon

Near Brussels Midi Station

Departement icoon

IT Security

Contract type icoon

fulltime_permanent

Nog een vraag?
Contacteer onze HR Business partner

Jihan Kaichouh
Neem contact op

Deel deze vacature

FacebookWhatsAppEmailLinkedIn

3 redenen om te kiezen voor Ypto

Icoon uitdagingen: bergtop

Uitdagende projecten

Bij Ypto sta je nooit stil. Elke dag brengt afwisseling en een uitdaging om te innoveren en zo tot de beste oplossing te komen voor onze klant. 

Maatschappelijke impact icoon

Maatschappelijke impact

Je werkt mee aan de toekomst van de Belgische spoorwegen, en creëert een voelbare impact op miljoenen mensen.  

Doorgroeimogelijkheden icoon

Groeimogelijkheden

Initiatief, vertrouwen en zelf-sturing staan centraal. Je krijgt de steun van collega’s om jezelf te ontwikkelen en de mogelijkheid om te groeien. 

Sollicitatieprocedure

Heb je gesolliciteerd bij Ypto? Of ben je benieuwd naar hoe onze sollicitatieprocedure verloopt? De vier stappen hieronder worden telkens gevolgd. Afhankelijk van de functie kan er nog een gesprek of assessment bijkomen.

1

CV-screening

We  bekijken je cv grondig en gaan na of die aansluit bij het gezochte profiel. Het is mogelijk dat we je kort opbellen om te vragen naar je motivatie en ervaring. 

2

Gesprekken & vragenlijst

Na een positieve screening word je uitgenodigd voor een (video)gesprek met je rechtstreeks leidinggevende en je HR Business Partner. Tijdens deze gesprekken praten we over je motivatie, kennis, ervaring, vaardigheden en de inhoud van de functie. Ook bespreken we de online vragenlijst die je voorafgaand aan het gesprek hebt ingevuld. 

3

Referentieonderzoek

Tenslotte nemen we contact op met de door jou opgegeven referenties. Op die manier kunnen we ons een nog beter beeld vormen van jou.

4

We hebben een match: welkom bij Ypto!

Ben je geselecteerd? Dan maken we graag een aantrekkelijk voorstel op zodat we je met veel plezier kunnen verwelkomen in onze organisatie. 

Gerelateerde vacatures

Cyber Defense Coordinator

Locatie icoon

Near Brussels Midi Station

Departement icoon

IT Security

Contract type icoon

fulltime_permanent

Domain Lead ICAM

Locatie icoon

Near Brussels Midi Station

Departement icoon

IT Security

Contract type icoon

fulltime_permanent

Experienced Project Manager IAM

Locatie icoon

Near Brussels Midi Station

Departement icoon

IT Security

Contract type icoon

fulltime_permanent

Cyber Security Incident Response Team (CSIRT) Officer

Locatie icoon

Near Brussels Midi Station

Departement icoon

IT Security

Contract type icoon

fulltime_permanent
Bekijk alle vacatures

Solliciteer spontaan

Wil je samen met ons werken aan de toekomst van NMBS, maar vind je niet meteen de juiste vacature? Solliciteer dan spontaan en wie weet behoor jij binnenkort wel tot ons team!