Umicore - IT Security Risk and Compliance Manager
il y a 3 semaines
About our Business Supporting Functions (IT and others)
A global organization. It's not just those in our industrial sites and technical centres that are vital to Umicore's growth. Across our business supporting functions we ensure that we continue to grow and evolve - whether it's by making sure our decisions are commercially viable, enhancing our reputation, building new customer relationships or finding the right people who can build on what we've already achieved. The variety of our work means we cannot stand still. We need to find new ways to do things, discover new solutions and develop new ideas. Which is where you come in.
What you will be doing
The IT Security Risk and Compliance Manager is responsible for driving on a daily basis the Umicore Information and Security Management System (ISMS) in compliance with the ISO/IEC 27001 standard. He/she ensures the quality and consistency of the Umicore ISMS, manages the different processes tracked within the ISMS and reports on the performance of the ISMS.
In the context of the ISMS, the IT Security Risk and Compliance Manager is responsible for leading and maturing the risk management processes for IT/Information Security, as well as actively raising the adherence to the Umicore IT Security policy framework and initiating and leading the efforts needed to be compliant with IT Security standards as defined by our customers or regulatory instances.
The IT Security Risk and Compliance Manager performs these roles in close collaboration with the CISO, the IT Security team and all operational and regional teams within the Information Systems department (IS), Corporate Security and other Corporate departments & Sof's and Business ISMS Managers.
The IT Security Risk and Compliance Manager can be located in Brussels or Hoboken and reports to the Senior Manager IT License & Asset - IT Process Improvement.
Responsibilities
Information Security Management System (ISMS)
Drive the Umicore ISMS in compliance with the ISO/IEC 27001 standard, according to defined scope and objectives
Define, supervise and contribute to recurrent ISMS activities: e.g. ISMS Activity Calendar
Plan, prepare and conduct ISMS governance meetings on tactical level (ISMS Board) and operational level (ISMS Review)
Monitor open actions: e.g. Gap Tracker and Risk Treatment Register
Report on ISMS performance (e.g. ISMS Dashboard) and escalation matters to relevant governance bodies and obtain required outputs such as approvals, further escalations and actions to follow up.
Define, drive and contribute to continual improvements
Select and implement fit-for-purpose tools improving the effectiveness of the ISMS
Define, manage and contribute to ISMS scope extensions in close collaboration with BU ISMS Managers
Coordinate Internal and External Audit activities, and process outcome
Communicate about the ISMS to relevant stakeholders across Umicore
Act as sounding board for BU ISMS Managers
Risk Management
Organise, conduct or periodically review Risk Assessments according to the ISMS Risk Management Methodology and ensure strict consistency across the different Risk Assessments
Support and challenge Risk Owners in identifying risks and defining risk treatment actions.
Update and monitor the Risk Assessment files and the Risk Treatment Register and other documentation (e.g. evidences)
Further mature the risk management processes on operational and tactical level for IT/Information Security, and support the CIO/CISO on strategic level
Compliance Management
Manage the IT Security policy framework
Ensure IT Security policies reflect IT Security standards as defined by customers and regulatory instances
Collect and propose potential policy amendments
Align with relevant stakeholders about these changes and submit them for approval to the relevant governance bodies
Lead the periodic review of IT Security policies
Communicate about the IT Security policies and related updates
Inspire the IS organization and beyond to strive to adhere to the IT Security policies. This includes raising security awareness where needed.
Measure, analyse and report through (self-)assessments on the level of adherence to the IT Security Policies
Support and challenge IT Asset Owners/Managers and Control Owners in identifying gaps and corrective actions as well as support them in designing and implementing adequate controls.
Update and monitor the Gap Tracker including exceptions
Fulfil IT security questionnaires on request of customers or business partners
Contribute to assess the IT security posture of third parties
Watch for and assess IT Security standards (e.g. NIS2, Tisax, ) and PII legislations (e.g. GDPR, Pipl, Pipa, ) and as a result initiate appropriate actions/projects to ensure compliance
Who we are looking for
You hold a Master degree
You have at least:
10 years of experience in IT (Security)
5 years of experience in international and global organizations
5 years of management experience in a management position or as a senior Project Manager
3 years of experience in security risk assessments, risk management and security controls.
You have strong analytical and reporting skills
You have strong oral and written skills to translate complex risk requirements.
You are disciplined and methodological in your way of working
You have strong planning and coordination skills
You have a mature personality with excellent interpersonal skills
You are able to establish credibility with senior stakeholders
You have good presentation skills
You have knowledge and understanding of:
IT (networking, infrastructure layer, application layer, etc.) and IT Security.
IT (Security) operations and processes.
You have strong knowledge and understanding of :
Information Security standards (e.g. ISO 27001, Tisax)
Pii legislations (e.g. GDPR)
Risk Management Frameworks
MS office products
You are fluent in writing and speaking in English
You obtained professional certifications such as ISO27001 Lead Implementer, CISM, CRISC , or equivalent.
You keep yourself up-to-date on latest cyber and information security trends and threats
What we offer
We aim to lead the way. Not just for our customers, but for our employees too. That is why we strive to create a collaborative environment in which we can all succeed, and a culture through which we can all share ideas, develop our expertise and advance our careers. As you would expect from a world-leading organization, we will also reward your contribution with a competitive salary and benefits. With all this and more, imagine what you could do?
-
Umicore - Global Information Security & Infrastructure Manager
il y a 2 semaines
Brussel, Belgique Umicore Temps pleinOver Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen? ...
-
Umicore - Project Manager IT
il y a 3 semaines
Brussel, Belgique Umicore Temps pleinOver Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen?...
-
Umicore - Global Information Security & Infrastructure Manager
il y a 3 semaines
Brussel, Belgique Umicore Temps pleinOver Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen?...
-
Randstad Digital
il y a 7 jours
Brussel, Belgique Randstad Digital Temps pleinThe Governance, Risk and Compliance (GRC) team supports IT and Business Units to define, implement and maintain an IT and Information Security Management System, with the ultimate objective to enable sound and formal risk decision making by management. GRC Norms & Control team is very active the development and implementation of IT and Cyber controls in...
-
Centric - IT Privacy & Compliance Support
Il y a 2 mois
Brussel, Belgique Centric Temps pleinFor our client in the region of Brussels, we are searching for IT Privacy and Compliance Support. What you doPlan activities Provide project support and ensure privacy & compliance in IT projectsProvide guidance on deliverables for compliancePrivacy threat & risk analysisPrivacy by design guidance and reviewPrivacy documentation reviewAccess management...
-
Manager Cyber Strategy
Il y a 2 mois
Brussel, Belgique KPMG Temps pleinPosition description Job title Manager Cyber Strategy & Risk Function Advisory - Manager Roles & Responsibilities You analyze complex enterprise information security programs and infrastructure in both public and private sector. You assist with assessments of clients’ IT and security processes, risk, controls and compliance...
-
Manager Cyber Strategy
il y a 2 semaines
Brussel, Belgique KPMG Temps pleinPosition description Job title Manager Cyber Strategy & Risk Function Advisory - Manager Roles & Responsibilities You analyze complex enterprise information security programs and infrastructure in both public and private sector. You assist with assessments of clients’ IT and security processes, risk, controls and compliance...
-
Manager - Forensic & Compliance (Compliance Management & TPRM Focus)
il y a 2 semaines
Brussel, Belgique KPMG Temps pleinPosition description Job title Manager - Forensic & Compliance (Compliance Management & TPRM Focus) Function Advisory - Manager Roles & Responsibilities KPMG Forensic is growing and in order to cope with the expansion of the department, we are currently looking for a Manager to strengthen our enthusiastic team. At our clients, you...
-
IT Security
il y a 20 heures
Brussel, Belgique NN Belgium Temps pleinFunctieomschrijving Als IT Security & Risk Officer speel je een actieve rol in het ondersteunen van de bedrijfsdoelstellingen van ons bedrijf. Onze klanten vertrouwen op ons en jij helpt om dat hoge niveau van vertrouwen te behouden. Jij zorgt ervoor dat alle risicoprocessen en -procedures correct worden gevolgd en uitgevoerd volgens de beleidslijnen binnen...
-
(Senior) Advisor Non Financial Risk and Regulatory
il y a 6 jours
Brussel, Belgique KPMG Temps pleinPosition description Job title (Senior) Advisor Non Financial Risk and Regulatory Function Advisory - Senior Advisor Roles & Responsibilities KPMG's Regulatory Practice provides strategic and technical regulatory and compliance solutions to help financial services providers anticipate and manage their regulatory risk. We help...
-
Cyber security officer
Il y a 2 mois
Brussel, Belgique Randstad Digital BE Temps pleinThe Security Governance & Investigations team protects our client and its interests. They lead Cyber Security efforts, covering governance, architecture, management, and incident response.Within the Cyber Program & Strategic Missions team, we are looking for a highly motivated Cyber Program Security Officer to join and reinforce the team. You will assist in...
-
DigiTribe - Project Manager Security
il y a 1 mois
Brussel, Belgique DigiTribe Temps pleinKorte beschrijving Je komt terecht in het security departement van een grote organisatie. Dit security departement omvat onder andere het Security Operations Center (SOC), Security Architectuur services, IAM services, Governanace, Risk en Compliance services, Deze services worden uitgevoerd op basis van methodes, processen en security solutions die...
-
DigiTribe - Project Manager Security
il y a 2 semaines
Brussel, Belgique DigiTribe Temps pleinKorte beschrijving Je komt terecht in het security departement van een grote organisatie. Dit security departement omvat onder andere het Security Operations Center (SOC), Security Architectuur services, IAM services, Governanace, Risk en Compliance services, Deze services worden uitgevoerd op basis van methodes, processen en security solutions die...
-
Jobfixing - IT Auditor
Il y a 2 mois
Brussel, Belgique Jobfixing Temps pleinWe are seeking a talented and experienced Medior IT Audit Specialist to join our team. The ideal candidate will be responsible for overseeing internal IT audit processes, managing RFP and regulatory audit follow-ups, and developing/maintaining frameworks for audits related to third-party relationships, IT infrastructure, customer data, and regulatory...
-
Jobfixing - IT Auditor
il y a 3 semaines
Brussel, Belgique Jobfixing Temps pleinWe are seeking a talented and experienced Medior IT Audit Specialist to join our team. The ideal candidate will be responsible for overseeing internal IT audit processes, managing RFP and regulatory audit follow-ups, and developing/maintaining frameworks for audits related to third-party relationships, IT infrastructure, customer data, and regulatory...
-
Network Security Architect
il y a 3 semaines
Brussel, Belgique GTT Communications, Inc. Temps pleinPosition Title: Network Security Architect Location: US or Europe About GTT: GTT provides secure global connectivity, improving network performance and agility for your people, places, applications, and clouds. We operate a global Tier 1 internet network and provide a comprehensive suite of cloud networking and managed solutions that utilize advanced...
-
Cream Consulting
Il y a 2 mois
Brussel, Belgique Cream Consulting Temps pleinWhat is a CyberSecurity Analyst at Cream? Within the Infrastructure's practice together with Paul, embrace your role and be responsible for ensuring security of infrastructure or application technology through the implementation of security services, risk assessments, requirements setting and active participation in project delivery lifecycle, as well...
-
Cream Consulting
il y a 3 semaines
Brussel, Belgique Cream Consulting Temps pleinWhat is a CyberSecurity Analyst at Cream? Within the Infrastructure's practice together with Paul, embrace your role and be responsible for ensuring security of infrastructure or application technology through the implementation of security services, risk assessments, requirements setting and active participation in project delivery lifecycle, as well...
-
Sopra Steria
il y a 7 jours
Brussel, Belgique Sopra Steria Temps pleinSopra Steria Group, a major player in consulting, technology services and software publishing in Europe, assists its clients in the successful transformation of their business and information systems. By combining value and innovation in the solutions proposed, and delivering utmost quality and performance in the services provided, Sopra Steria Group...
-
Brainbridge - Security Architect
Il y a 2 mois
Brussel, Belgique Brainbridge Temps pleinAre you an experienced Security Architect who thrives in the ever-changing world of Information Technology? Then we have exciting opportunities for you! We are looking for multiple freelance professionals for different projects. Your personal passion, interests and experience will be decisive in setting the right accents and determining your personal...