IT and Cyber Third-party Risk Assessor

College Recruiter, Inc
Wezembeek-Oppem, Belgium
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
Dutch, English, French
Experience level
Senior

Job location

Wezembeek-Oppem, Belgium

Tech stack

Amazon Web Services (AWS)
Software as a Service
Control Objectives for Information and Related Technology (COBIT)
Computer Security
Databases
Identity and Access Management
Open Web Application Security
Release Management
Cloud Services
Software Engineering
Information Security Management System

Job description

  • You execute IT and security risk assessments in IT and business, scoping projects or legacy assets (applications, business solutions, 3rd-parties organization, processes…). Maintenance of identified risks in the risk registry database
  • You ensure that information security and IT requirements are included in third party's contracts.
  • You execute the information security and IT control plans on third parties to ensure that they are performing accordingly with the contract.
  • You coordinate and perform IT and security audits on third parties.
  • You set up processes and procedures for an end to end IT and security management for third-parties.
  • You deliver consulting on risk management to internal customers (IT and Business)
  • You report risks and overall risk posture regarding Third-parties to Information Security, IT or Business Management
  • You manage customer relationship and are the Single Point Of Contact for the risk management services you delivered. You customize services to meet customer needs or expectations while ensuring compliance with risk management methodologies and guidelines of the client.
  • You contribute to definition and improvement of risk management methods and tools supporting those activities (risk identification guide, risk evaluation matrix, industrialization of risk monitoring and reporting framework and deliverables) taking into account your field experience as well as best practices coming from the client or other sources like regulators, Basel II, CobIT, ISO27000/31000 ...
  • You contribute to writing processes and procedures supporting risk management activities outlined above, for both an expert and non-expert audience. Experience on linking different ISMS processes is a must.
  • You are the single point of contact for security matters related to the CIAT of our assets: business support, maintenance of procedures and tooling, regular reporting, integration of the security asset management in the overall asset management processes of the bank.
  • You review IT and security contractual clauses for suppliers servicing bank activities

Requirements

  • Fluent in French and English. Dutch is a plus
  • Master or equivalent by experience
  • Security certifications like CISSP, CISM, CIPP, CCSK
  • Professional experience in information security (5+ years)
  • Experience in process design and improvement
  • Experience in Third-party IT and security assessments
  • Experience in Data protection, Business continuity, Access management
  • Experience in delivering presentations and training
  • Significant experience in operational/security risks management
  • Knowledge of control frameworks and audit methodologies
  • Significant experience in working with cloud services (SaaS, HSP, AWS)
  • Knowledge of software development security best practices
  • Experience in release management, change management, incident management, testing.
  • Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.)
  • Professional experience in information security (5+ years), particularly in Third-party management
  • Strong IT background
  • Professional experience in Financial Services. used to work in large companies
  • Experience in reviewing and amending Third-party security clauses in contracts

Apply for this position