Umicore - IT Security Risk and Compliance Manager

il y a 3 semaines

Brussel, Belgique Umicore Temps plein


About our Business Supporting Functions (IT and others)

A global organization. It's not just those in our industrial sites and technical centres that are vital to Umicore's growth. Across our business supporting functions we ensure that we continue to grow and evolve - whether it's by making sure our decisions are commercially viable, enhancing our reputation, building new customer relationships or finding the right people who can build on what we've already achieved. The variety of our work means we cannot stand still. We need to find new ways to do things, discover new solutions and develop new ideas. Which is where you come in.

What you will be doing

The IT Security Risk and Compliance Manager is responsible for driving on a daily basis the Umicore Information and Security Management System (ISMS) in compliance with the ISO/IEC 27001 standard. He/she ensures the quality and consistency of the Umicore ISMS, manages the different processes tracked within the ISMS and reports on the performance of the ISMS.

In the context of the ISMS, the IT Security Risk and Compliance Manager is responsible for leading and maturing the risk management processes for IT/Information Security, as well as actively raising the adherence to the Umicore IT Security policy framework and initiating and leading the efforts needed to be compliant with IT Security standards as defined by our customers or regulatory instances.

The IT Security Risk and Compliance Manager performs these roles in close collaboration with the CISO, the IT Security team and all operational and regional teams within the Information Systems department (IS), Corporate Security and other Corporate departments & Sof's and Business ISMS Managers.

The IT Security Risk and Compliance Manager can be located in Brussels or Hoboken and reports to the Senior Manager IT License & Asset - IT Process Improvement.

Responsibilities

Information Security Management System (ISMS)

Drive the Umicore ISMS in compliance with the ISO/IEC 27001 standard, according to defined scope and objectives

Define, supervise and contribute to recurrent ISMS activities: e.g. ISMS Activity Calendar

Plan, prepare and conduct ISMS governance meetings on tactical level (ISMS Board) and operational level (ISMS Review)

Monitor open actions: e.g. Gap Tracker and Risk Treatment Register

Report on ISMS performance (e.g. ISMS Dashboard) and escalation matters to relevant governance bodies and obtain required outputs such as approvals, further escalations and actions to follow up.

Define, drive and contribute to continual improvements

Select and implement fit-for-purpose tools improving the effectiveness of the ISMS

Define, manage and contribute to ISMS scope extensions in close collaboration with BU ISMS Managers

Coordinate Internal and External Audit activities, and process outcome

Communicate about the ISMS to relevant stakeholders across Umicore

Act as sounding board for BU ISMS Managers

Risk Management

Organise, conduct or periodically review Risk Assessments according to the ISMS Risk Management Methodology and ensure strict consistency across the different Risk Assessments

Support and challenge Risk Owners in identifying risks and defining risk treatment actions.

Update and monitor the Risk Assessment files and the Risk Treatment Register and other documentation (e.g. evidences)

Further mature the risk management processes on operational and tactical level for IT/Information Security, and support the CIO/CISO on strategic level

Compliance Management

Manage the IT Security policy framework

Ensure IT Security policies reflect IT Security standards as defined by customers and regulatory instances

Collect and propose potential policy amendments

Align with relevant stakeholders about these changes and submit them for approval to the relevant governance bodies

Lead the periodic review of IT Security policies

Communicate about the IT Security policies and related updates

Inspire the IS organization and beyond to strive to adhere to the IT Security policies. This includes raising security awareness where needed.

Measure, analyse and report through (self-)assessments on the level of adherence to the IT Security Policies

Support and challenge IT Asset Owners/Managers and Control Owners in identifying gaps and corrective actions as well as support them in designing and implementing adequate controls.

Update and monitor the Gap Tracker including exceptions

Fulfil IT security questionnaires on request of customers or business partners

Contribute to assess the IT security posture of third parties

Watch for and assess IT Security standards (e.g. NIS2, Tisax, ) and PII legislations (e.g. GDPR, Pipl, Pipa, ) and as a result initiate appropriate actions/projects to ensure compliance

Who we are looking for

You hold a Master degree

You have at least:

10 years of experience in IT (Security)

5 years of experience in international and global organizations

5 years of management experience in a management position or as a senior Project Manager

3 years of experience in security risk assessments, risk management and security controls.

You have strong analytical and reporting skills

You have strong oral and written skills to translate complex risk requirements.

You are disciplined and methodological in your way of working

You have strong planning and coordination skills

You have a mature personality with excellent interpersonal skills

You are able to establish credibility with senior stakeholders

You have good presentation skills

You have knowledge and understanding of:

IT (networking, infrastructure layer, application layer, etc.) and IT Security.

IT (Security) operations and processes.

You have strong knowledge and understanding of :

Information Security standards (e.g. ISO 27001, Tisax)

Pii legislations (e.g. GDPR)

Risk Management Frameworks

MS office products

You are fluent in writing and speaking in English

You obtained professional certifications such as ISO27001 Lead Implementer, CISM, CRISC , or equivalent.

You keep yourself up-to-date on latest cyber and information security trends and threats

What we offer

We aim to lead the way. Not just for our customers, but for our employees too. That is why we strive to create a collaborative environment in which we can all succeed, and a culture through which we can all share ideas, develop our expertise and advance our careers. As you would expect from a world-leading organization, we will also reward your contribution with a competitive salary and benefits. With all this and more, imagine what you could do?

  • Umicore - Global Information Security & Infrastructure Manager

    il y a 2 semaines

    Brussel, Belgique Umicore Temps plein

    Over Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen? ...

  • Umicore - Project Manager IT

    il y a 3 semaines

    Brussel, Belgique Umicore Temps plein

    Over Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen?...

  • Umicore - Global Information Security & Infrastructure Manager

    il y a 3 semaines

    Brussel, Belgique Umicore Temps plein

    Over Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen?...

  • Randstad Digital

    il y a 7 jours

    Brussel, Belgique Randstad Digital Temps plein

    The Governance, Risk and Compliance (GRC) team supports IT and Business Units to define, implement and maintain an IT and Information Security Management System, with the ultimate objective to enable sound and formal risk decision making by management. GRC Norms & Control team is very active the development and implementation of IT and Cyber controls in...

  • Centric - IT Privacy & Compliance Support

    Il y a 2 mois

    Brussel, Belgique Centric Temps plein

    For our client in the region of Brussels, we are searching for IT Privacy and Compliance Support. What you doPlan activities Provide project support and ensure privacy & compliance in IT projectsProvide guidance on deliverables for compliancePrivacy threat & risk analysisPrivacy by design guidance and reviewPrivacy documentation reviewAccess management...

  • Manager Cyber Strategy

    Il y a 2 mois

    Brussel, Belgique KPMG Temps plein

    Position description Job title Manager Cyber Strategy & Risk Function Advisory - Manager Roles & Responsibilities You analyze complex enterprise information security programs and infrastructure in both public and private sector. You assist with assessments of clients’ IT and security processes, risk, controls and compliance...

  • Manager Cyber Strategy

    il y a 2 semaines

    Brussel, Belgique KPMG Temps plein

    Position description Job title Manager Cyber Strategy & Risk Function Advisory - Manager Roles & Responsibilities You analyze complex enterprise information security programs and infrastructure in both public and private sector. You assist with assessments of clients’ IT and security processes, risk, controls and compliance...

  • Manager - Forensic & Compliance (Compliance Management & TPRM Focus)

    il y a 2 semaines

    Brussel, Belgique KPMG Temps plein

    Position description Job title Manager - Forensic & Compliance (Compliance Management & TPRM Focus) Function Advisory - Manager Roles & Responsibilities KPMG Forensic is growing and in order to cope with the expansion of the department, we are currently looking for a Manager to strengthen our enthusiastic team. At our clients, you...

  • IT Security

    il y a 20 heures

    Brussel, Belgique NN Belgium Temps plein

    Functieomschrijving Als IT Security & Risk Officer speel je een actieve rol in het ondersteunen van de bedrijfsdoelstellingen van ons bedrijf. Onze klanten vertrouwen op ons en jij helpt om dat hoge niveau van vertrouwen te behouden. Jij zorgt ervoor dat alle risicoprocessen en -procedures correct worden gevolgd en uitgevoerd volgens de beleidslijnen binnen...

  • (Senior) Advisor Non Financial Risk and Regulatory

    il y a 6 jours

    Brussel, Belgique KPMG Temps plein

    Position description Job title (Senior) Advisor Non Financial Risk and Regulatory Function Advisory - Senior Advisor Roles & Responsibilities KPMG's Regulatory Practice provides strategic and technical regulatory and compliance solutions to help financial services providers anticipate and manage their regulatory risk. We help...

  • Cyber security officer

    Il y a 2 mois

    Brussel, Belgique Randstad Digital BE Temps plein

    The Security Governance & Investigations team protects our client and its interests. They lead Cyber Security efforts, covering governance, architecture, management, and incident response.Within the Cyber Program & Strategic Missions team, we are looking for a highly motivated Cyber Program Security Officer to join and reinforce the team. You will assist in...

  • DigiTribe - Project Manager Security

    il y a 1 mois

    Brussel, Belgique DigiTribe Temps plein

    Korte beschrijving Je komt terecht in het security departement van een grote organisatie. Dit security departement omvat onder andere het Security Operations Center (SOC), Security Architectuur services, IAM services, Governanace, Risk en Compliance services, Deze services worden uitgevoerd op basis van methodes, processen en security solutions die...

  • DigiTribe - Project Manager Security

    il y a 2 semaines

    Brussel, Belgique DigiTribe Temps plein

    Korte beschrijving Je komt terecht in het security departement van een grote organisatie. Dit security departement omvat onder andere het Security Operations Center (SOC), Security Architectuur services, IAM services, Governanace, Risk en Compliance services, Deze services worden uitgevoerd op basis van methodes, processen en security solutions die...

  • Jobfixing - IT Auditor

    Il y a 2 mois

    Brussel, Belgique Jobfixing Temps plein

    We are seeking a talented and experienced Medior IT Audit Specialist to join our team. The ideal candidate will be responsible for overseeing internal IT audit processes, managing RFP and regulatory audit follow-ups, and developing/maintaining frameworks for audits related to third-party relationships, IT infrastructure, customer data, and regulatory...

  • Jobfixing - IT Auditor

    il y a 3 semaines

    Brussel, Belgique Jobfixing Temps plein

    We are seeking a talented and experienced Medior IT Audit Specialist to join our team. The ideal candidate will be responsible for overseeing internal IT audit processes, managing RFP and regulatory audit follow-ups, and developing/maintaining frameworks for audits related to third-party relationships, IT infrastructure, customer data, and regulatory...

  • Network Security Architect

    il y a 3 semaines

    Brussel, Belgique GTT Communications, Inc. Temps plein

    Position Title: Network Security Architect Location: US or Europe About GTT: GTT provides secure global connectivity, improving network performance and agility for your people, places, applications, and clouds. We operate a global Tier 1 internet network and provide a comprehensive suite of cloud networking and managed solutions that utilize advanced...

  • Cream Consulting

    Il y a 2 mois

    Brussel, Belgique Cream Consulting Temps plein

    What is a CyberSecurity Analyst at Cream? Within the Infrastructure's practice together with Paul, embrace your role and be responsible for ensuring security of infrastructure or application technology through the implementation of security services, risk assessments, requirements setting and active participation in project delivery lifecycle, as well...

  • Cream Consulting

    il y a 3 semaines

    Brussel, Belgique Cream Consulting Temps plein

    What is a CyberSecurity Analyst at Cream? Within the Infrastructure's practice together with Paul, embrace your role and be responsible for ensuring security of infrastructure or application technology through the implementation of security services, risk assessments, requirements setting and active participation in project delivery lifecycle, as well...

  • Sopra Steria

    il y a 7 jours

    Brussel, Belgique Sopra Steria Temps plein

    Sopra Steria Group, a major player in consulting, technology services and software publishing in Europe, assists its clients in the successful transformation of their business and information systems. By combining value and innovation in the solutions proposed, and delivering utmost quality and performance in the services provided, Sopra Steria Group...

  • Brainbridge - Security Architect

    Il y a 2 mois

    Brussel, Belgique Brainbridge Temps plein

    Are you an experienced Security Architect who thrives in the ever-changing world of Information Technology? Then we have exciting opportunities for you! We are looking for multiple freelance professionals for different projects. Your personal passion, interests and experience will be decisive in setting the right accents and determining your personal...