GRC Expert (CISO Level)

Job Description

Job Description

Responsibilities:

Depending on the assigned mission or project being able too:

• Develop and execute a comprehensive Governance, Risk and Compliance (GRC) strategy in order to align information security practices with organizational goals, regulatory requirements, and industry best practices.
• Lead the implementation of a Governance, Risk, and Compliance framework, ensuring integration with business operations and IT systems.
• Being able to Implement, oversee and manage the organization's compliance with applicable laws, standards, and frameworks, including ISO 27001, NIST, GDPR, DORA, NIS2, etc.
• Identify and evaluate information security risks, proposing and executing mitigation strategies to safeguard organizational assets and reputation.
• Establish and monitor a robust risk management program, including periodic risk assessments, incident tracking, and reporting.
• Act as a key advisor to the executive team and board of directors, providing regular updates on security posture, risks, and compliance metrics.
• Develop, implement, and maintain policies, procedures, and controls to manage IT and cybersecurity risks effectively.
• Lead and coordinate internal and external security audits and pentesting, ensuring findings are addressed and improvements are implemented.
• Collaborate with cross-functional teams to embed security and compliance principles into organizational culture and processes.
• Ability to drive the development and testing of business continuity and disaster recovery plans to ensure operational resilience.
• Perform security assessments and propose remediation measures.
• Oversee third-party risk management processes to ensure vendors and partners meet security and compliance requirements.
• Managing and contribute to security incidents.

Technical Skills and Knowledge:

• Strong understanding of IT governance and architectural frameworks (e.g., TOGAF, SABSA).
• Expertise in compliance frameworks and regulations, including PCI DSS and OWASP.
• Familiarity with modern security concepts, such as Zero Trust Architecture, cloud security, DevSecOps (Basic), and identity and access management (IAM).
• Technical background in IT infrastructure, networking, and cloud environments (e.g., Azure, AWS, Google Cloud) is advantageous.
• Proficiency in analyzing and presenting risk data using visualization tools.
• Good knowledge of the following technologies and products: SD-WAN, Zscaler, SIEM, IAM, Deffie Hellmann…
• Experience in accreditation and homologation is a plus.

Certifications and Education:

• Bachelor’s or Master’s degree in Computer Science/Engineering or equivalent professional experience (minimum 5 years in IT/Security, preferably in Azure environments).
• Certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor are essential.
• Additional certifications in privacy, risk management, compliance or pentesting (e.g., CCSK, DPO, GPEN) are beneficial.

Professional Attributes:

• Passion for the Governance part of security.
• Strong analytical skills to assess complex risks and translate them into strategic business decisions.
• Able to translate governance and compliance requirements into high level technical needs
• Exceptional communication and interpersonal skills, with the ability to influence stakeholders at all levels, including C-suite and board members.
• Being able to the balance business priorities in accordance to the regulatory and security requirements.
• Resilient and adaptable, thriving in a fast-evolving regulatory and technological landscape.
• Being able to handle pressure during security incidents or breaches, maintaining composure, and responding effectively.
• Fluency in French and Dutch and a good command of English.

Communication:

• Act as a trusted advisor, fostering a culture of security awareness and accountability across the organization.
• Deliver clear, concise, and actionable reports on GRC initiatives and performance metrics to stakeholders, including non-technical audiences.
• Able to engage with regulators, auditors, and external stakeholders to demonstrate the organization's commitment to governance, risk, and compliance excellence.
• Effectively presenting findings, reports, and recommendations to executives, teams, or clients to gain buy-in for security strategies.