Umicore - IT Security Risk and Compliance Manager
il y a 7 jours
About our Business Supporting Functions (IT and others)
A global organization. It's not just those in our industrial sites and technical centres that are vital to Umicore's growth. Across our business supporting functions we ensure that we continue to grow and evolve - whether it's by making sure our decisions are commercially viable, enhancing our reputation, building new customer relationships or finding the right people who can build on what we've already achieved. The variety of our work means we cannot stand still. We need to find new ways to do things, discover new solutions and develop new ideas. Which is where you come in.
What you will be doing
The IT Security Risk and Compliance Manager is responsible for driving on a daily basis the Umicore Information and Security Management System (ISMS) in compliance with the ISO/IEC 27001 standard. He/she ensures the quality and consistency of the Umicore ISMS, manages the different processes tracked within the ISMS and reports on the performance of the ISMS.
In the context of the ISMS, the IT Security Risk and Compliance Manager is responsible for leading and maturing the risk management processes for IT/Information Security, as well as actively raising the adherence to the Umicore IT Security policy framework and initiating and leading the efforts needed to be compliant with IT Security standards as defined by our customers or regulatory instances.
The IT Security Risk and Compliance Manager performs these roles in close collaboration with the CISO, the IT Security team and all operational and regional teams within the Information Systems department (IS), Corporate Security and other Corporate departments & Sof's and Business ISMS Managers.
The IT Security Risk and Compliance Manager can be located in Brussels or Hoboken and reports to the Senior Manager IT License & Asset - IT Process Improvement.
Responsibilities
Information Security Management System (ISMS)
Drive the Umicore ISMS in compliance with the ISO/IEC 27001 standard, according to defined scope and objectives
Define, supervise and contribute to recurrent ISMS activities: e.g. ISMS Activity Calendar
Plan, prepare and conduct ISMS governance meetings on tactical level (ISMS Board) and operational level (ISMS Review)
Monitor open actions: e.g. Gap Tracker and Risk Treatment Register
Report on ISMS performance (e.g. ISMS Dashboard) and escalation matters to relevant governance bodies and obtain required outputs such as approvals, further escalations and actions to follow up.
Define, drive and contribute to continual improvements
Select and implement fit-for-purpose tools improving the effectiveness of the ISMS
Define, manage and contribute to ISMS scope extensions in close collaboration with BU ISMS Managers
Coordinate Internal and External Audit activities, and process outcome
Communicate about the ISMS to relevant stakeholders across Umicore
Act as sounding board for BU ISMS Managers
Risk Management
Organise, conduct or periodically review Risk Assessments according to the ISMS Risk Management Methodology and ensure strict consistency across the different Risk Assessments
Support and challenge Risk Owners in identifying risks and defining risk treatment actions.
Update and monitor the Risk Assessment files and the Risk Treatment Register and other documentation (e.g. evidences)
Further mature the risk management processes on operational and tactical level for IT/Information Security, and support the CIO/CISO on strategic level
Compliance Management
Manage the IT Security policy framework
Ensure IT Security policies reflect IT Security standards as defined by customers and regulatory instances
Collect and propose potential policy amendments
Align with relevant stakeholders about these changes and submit them for approval to the relevant governance bodies
Lead the periodic review of IT Security policies
Communicate about the IT Security policies and related updates
Inspire the IS organization and beyond to strive to adhere to the IT Security policies. This includes raising security awareness where needed.
Measure, analyse and report through (self-)assessments on the level of adherence to the IT Security Policies
Support and challenge IT Asset Owners/Managers and Control Owners in identifying gaps and corrective actions as well as support them in designing and implementing adequate controls.
Update and monitor the Gap Tracker including exceptions
Fulfil IT security questionnaires on request of customers or business partners
Contribute to assess the IT security posture of third parties
Watch for and assess IT Security standards (e.g. NIS2, Tisax, ) and Pii legislations (e.g. GDPR, Pipl, Pipa, ) and as a result initiate appropriate actions/projects to ensure compliance
Who we are looking for
You hold a Master degree
You have at least:
10 years of experience in IT (Security)
5 years of experience in international and global organizations
5 years of management experience in a management position or as a senior Project Manager
3 years of experience in security risk assessments, risk management and security controls.
You have strong analytical and reporting skills
You have strong oral and written skills to translate complex risk requirements.
You are disciplined and methodological in your way of working
You have strong planning and coordination skills
You have a mature personality with excellent interpersonal skills
You are able to establish credibility with senior stakeholders
You have good presentation skills
You have knowledge and understanding of:
IT (networking, infrastructure layer, application layer, etc.) and IT Security.
IT (Security) operations and processes.
You have strong knowledge and understanding of :
Information Security standards (e.g. ISO 27001, Tisax)
Pii legislations (e.g. GDPR)
Risk Management Frameworks
MS office products
You are fluent in writing and speaking in English
You obtained professional certifications such as ISO27001 Lead Implementer, CISM, CRISC , or equivalent.
You keep yourself up-to-date on latest cyber and information security trends and threats
What we offer
We aim to lead the way. Not just for our customers, but for our employees too. That is why we strive to create a collaborative environment in which we can all succeed, and a culture through which we can all share ideas, develop our expertise and advance our careers. As you would expect from a world-leading organization, we will also reward your contribution with a competitive salary and benefits. With all this and more, imagine what you could do?
-
Umicore - Global Information Security & Infrastructure Manager
il y a 4 semaines
Brussel, Belgique Umicore Temps pleinOver Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen? ...
-
Umicore - Project Manager IT
il y a 4 semaines
Brussel, Belgique Umicore Temps pleinOver Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen?...
-
Umicore - Global Information Security & Infrastructure Manager
il y a 4 semaines
Brussel, Belgique Umicore Temps pleinOver Umicore Vermindering van schadelijke voertuigemissies. De auto's van de toekomst van energie voorzien. Een nieuw leven geven aan gebruikte metalen. Wij zijn het toonaangevende bedrijf voor circulaire materiaaltechnologie dat zijn missie vervult om materialen te creëren voor een beter leven. Met zulke ambities, stel je voor wat jij zou kunnen doen?...
-
Randstad Digital
il y a 3 semaines
Brussel, Belgique Randstad Digital Temps pleinThe Governance, Risk and Compliance (GRC) team supports IT and Business Units to define, implement and maintain an IT and Information Security Management System, with the ultimate objective to enable sound and formal risk decision making by management. GRC Norms & Control team is very active the development and implementation of IT and Cyber controls in...
-
GRC / Compliance Expert
il y a 6 jours
Brussel, Belgique DigiTribe Temps pleinContext:The primary mission of the GRC (Governance, Risk, and Compliance) team is to effectively and efficiently support the achievement of organizational goals in the context of cyber risks and uncertainties.One of the main responsibilities of the GRC Norms & Control team is to deploy a Cyber Security Normative Framework (procedures and requirements)...
-
Manager Cyber Strategy
il y a 4 semaines
Brussel, Belgique KPMG Temps pleinPosition description Job title Manager Cyber Strategy & Risk Function Advisory - Manager Roles & Responsibilities You analyze complex enterprise information security programs and infrastructure in both public and private sector. You assist with assessments of clients’ IT and security processes, risk, controls and compliance...
-
DigiTribe - GRC / Compliance Expert
il y a 5 jours
Brussel, Belgique DigiTribe Temps pleinThe primary mission of the GRC (Governance, Risk, and Compliance) team is to effectively and efficiently support the achievement of organizational goals in the context of cyber risks and uncertainties.One of the main responsibilities of the GRC Norms & Control team is to deploy a Cyber Security Normative Framework (procedures and requirements) derived from...
-
Manager - Forensic & Compliance (Compliance Management & TPRM Focus)
il y a 3 semaines
Brussel, Belgique KPMG Temps pleinPosition description Job title Manager - Forensic & Compliance (Compliance Management & TPRM Focus) Function Advisory - Manager Roles & Responsibilities KPMG Forensic is growing and in order to cope with the expansion of the department, we are currently looking for a Manager to strengthen our enthusiastic team. At our clients, you...
-
Umicore - Data Analytics Global Delivery Lead
il y a 7 jours
Brussel, Belgique Umicore Temps pleinAbout Umicore Reducing harmful vehicle emissions. Giving new life to used metals. Powering the cars of the future. As a global materials and technology group, we apply our specialist knowledge to offer materials and solutions that are essential to everyday life. We aim to be a clear world leader in materials for clean mobility and recycling and have turned...
-
IT Security
il y a 2 semaines
Brussel, Belgique NN Belgium Temps pleinFunctieomschrijving Als IT Security & Risk Officer speel je een actieve rol in het ondersteunen van de bedrijfsdoelstellingen van ons bedrijf. Onze klanten vertrouwen op ons en jij helpt om dat hoge niveau van vertrouwen te behouden. Jij zorgt ervoor dat alle risicoprocessen en -procedures correct worden gevolgd en uitgevoerd volgens de beleidslijnen binnen...
-
(Senior) Advisor Non Financial Risk and Regulatory
il y a 3 semaines
Brussel, Belgique KPMG Temps pleinPosition description Job title (Senior) Advisor Non Financial Risk and Regulatory Function Advisory - Senior Advisor Roles & Responsibilities KPMG's Regulatory Practice provides strategic and technical regulatory and compliance solutions to help financial services providers anticipate and manage their regulatory risk. We help...
-
DigiTribe - Project Manager Security
il y a 4 semaines
Brussel, Belgique DigiTribe Temps pleinKorte beschrijving Je komt terecht in het security departement van een grote organisatie. Dit security departement omvat onder andere het Security Operations Center (SOC), Security Architectuur services, IAM services, Governanace, Risk en Compliance services, Deze services worden uitgevoerd op basis van methodes, processen en security solutions die...
-
Jobfixing - IT Auditor
il y a 1 mois
Brussel, Belgique Jobfixing Temps pleinWe are seeking a talented and experienced Medior IT Audit Specialist to join our team. The ideal candidate will be responsible for overseeing internal IT audit processes, managing RFP and regulatory audit follow-ups, and developing/maintaining frameworks for audits related to third-party relationships, IT infrastructure, customer data, and regulatory...
-
Network Security Architect
il y a 4 semaines
Brussel, Belgique GTT Communications, Inc. Temps pleinPosition Title: Network Security Architect Location: US or Europe About GTT: GTT provides secure global connectivity, improving network performance and agility for your people, places, applications, and clouds. We operate a global Tier 1 internet network and provide a comprehensive suite of cloud networking and managed solutions that utilize advanced...
-
Randstad Digital
il y a 3 jours
Brussel, Belgique Randstad Digital Temps pleinThe IT department is working in Agile mode, which offers a challenging and motivating environment where teams and employees are empowered to manage their own technical domain.You will work in the IT Security Production Tribe, within the squad Windows Security. The Windows Security squad manages the support and services in following risk- and...
-
Sopra Steria
il y a 3 semaines
Brussel, Belgique Sopra Steria Temps pleinSopra Steria Group, a major player in consulting, technology services and software publishing in Europe, assists its clients in the successful transformation of their business and information systems. By combining value and innovation in the solutions proposed, and delivering utmost quality and performance in the services provided, Sopra Steria Group...
-
Brainbridge - Security Architect
il y a 1 mois
Brussel, Belgique Brainbridge Temps pleinAre you an experienced Security Architect who thrives in the ever-changing world of Information Technology? Then we have exciting opportunities for you! We are looking for multiple freelance professionals for different projects. Your personal passion, interests and experience will be decisive in setting the right accents and determining your personal...
-
Security Governance Manager
il y a 2 semaines
Brussel, Belgique Smals Temps pleinUw rol Als ISO 27001 Information Security Governance Manager ben je verantwoordelijk voor het beheer en het continu verbeteren van het Information Security Management System (ISMS) om de informatiebeveiliging binnen onze organisatie te waarborgen. Je zorgt ervoor dat ons ISMS voldoet aan de ISO 27001 standaard en ondersteunt de bedrijfsdoelstellingen door...
-
Identity & access management security officer
il y a 1 mois
Brussel, Belgique Randstad Digital BE Temps pleinThe Access Management department serves the purpose of managing on a global level how the company deals with the management of user access permissions and reduces security risks by offering adequate solutions and services for Logical Access Management.your jobYou will guarantee the respect of asset information security and ensure correct implementation of...
-
Belfius Bank
il y a 4 semaines
Brussel, Belgique Belfius Bank & Verzekeringen Temps pleinJe bent eindverantwoordelijk en het aanspreekpunt voor het Security Management team binnen het Digital Security Office. Samen met de andere team managers realiseer je de doelen van het Digital Security Office. Door jou wordt Belfius nóg veiliger voor klanten en collega's.De job in een notendop Je beheert IT risico's. Je monitort security compliance KPI's...
