IT Security Risk and Compliance Manager
il y a 2 semaines
Belgium - Hoboken
Information Systems
Information Technology
Posted on 27-01-2025
About Umicore
Reducing harmful vehicle emissions. Giving new life to used metals. Powering the cars of the future. As a global materials and technology group, we apply our specialist knowledge to offer materials and solutions that are needed to everyday life. We strive to be a clear world leader in materials for clean mobility and recycling and have turned our sustainability approach into an even greater competitive advantage. With ambitions like this, imagine what you could do?
About our Business Supporting Functions (IT and others)
A global organization. It’s not just those in our industrial sites and technical centres that are vital to Umicore’s growth. Across our business supporting functions we ensure that we continue to grow and evolve – whether it’s by making sure our decisions are commercially viable, enhancing our reputation, building new customer relationships or finding the right people who can build on what we’ve already achieved. The variety of our work means we cannot stand still. We need to find new ways to do things, discover new solutions and develop new ideas. Which is where you come in.
What you will be doing
The IT Security Risk and Compliance Manager is responsible for driving on a daily basis the Umicore Information and Security Management System (ISMS) in compliance with the ISO/IEC 27001 standard. He/she ensures the quality and consistency of the Umicore ISMS, manages the different processes tracked within the ISMS and reports on the performance of the ISMS.
In the context of the ISMS, the IT Security Risk and Compliance Manager is responsible for leading and maturing the risk management processes for IT/Information Security, as well as actively raising the adherence to the Umicore IT Security policy framework and initiating and leading the efforts needed to be compliant with IT Security standards as defined by our customers or regulatory instances.
The IT Security Risk and Compliance Manager performs these roles in close collaboration with the CISO, the IT Security team and all operational and regional teams within the Information Systems department (IS), Corporate Security and other Corporate departments & SOF’s and Business ISMS Managers.
The IT Security Risk and Compliance Manager can be located in Brussels or Hoboken and reports to the Senior Manager IT License & Asset - IT Process Improvement.
RESPONSIBILITIES
- Information Security Management System (ISMS)
- Drive the Umicore ISMS in compliance with the ISO/IEC 27001 standard, according to defined scope and objectives
- Define, supervise and contribute to recurrent ISMS activities: e.g. ISMS Activity Calendar
- Plan, prepare and conduct ISMS governance meetings on tactical level (ISMS Board) and operational level (ISMS Review)
- Monitor open actions: e.g. Gap Tracker and Risk Treatment Register
- Report on ISMS performance (e.g. ISMS Dashboard) and escalation matters to relevant governance bodies and obtain required outputs such as approvals, further escalations and actions to follow up.
- Define, drive and contribute to continual improvements
- Select and implement fit-for-purpose tools improving the effectiveness of the ISMS
- Define, manage and contribute to ISMS scope extensions in close collaboration with BU ISMS Managers
- Coordinate Internal and External Audit activities, and process outcome
- Communicate about the ISMS to relevant stakeholders across Umicore
- Act as sounding board for BU ISMS Managers
- Organise, conduct or periodically review Risk Assessments according to the ISMS Risk Management Methodology and ensure strict consistency across the different Risk Assessments
- Support and challenge Risk Owners in identifying risks and defining risk treatment actions.
- Update and monitor the Risk Assessment files and the Risk Treatment Register and other documentation (e.g. evidences)
- Further mature the risk management processes on operational and tactical level for IT/Information Security , and s upport the CIO/CISO on strategic level
- Compliance Management
- Manage the IT Security policy framework
- Ensure IT Security policies reflect IT Security standards as defined by customers and regulatory instances
- Collect and propose potential policy amendments
- Align with relevant stakeholders about these changes and submit them for approval to the relevant governance bodies
- Lead the periodic review of IT Security policies
- Communicate about the IT Security policies and related updates
- Inspire the IS organization and beyond to strive to adhere to the IT Security policies. This includes raising security awareness where needed.
- Measure, analyse and report through (self-)assessments on the level of adherence to the IT Security Policies
- Support and challenge IT Asset Owners/Managers and Control Owners in identifying gaps and corrective actions as well as support them in designing and implementing adequate controls.
- Update and monitor the Gap Tracker including exceptions
- Fulfil IT security questionnaires on request of customers or business partners
- Contribute to assess the IT security posture of third parties
- Watch for and assess IT Security standards (e.g. NIS2, TISAX, …) and PII legislations (e.g. GDPR, PIPL, PIPA, …) and as a result initiate appropriate actions/projects to ensure compliance
- Manage the IT Security policy framework
Who we are looking for
- You hold a Master degree
- You have at least:
- 10 years of experience in IT (Security)
- 5 years of experience in international and global organizations
- 5 years of management experience in a management position or as a senior project manager
- 3 years of experience in security risk assessments, risk management and security controls.
- You have strong analytical and reporting skills
- You have strong oral and written skills to translate complex risk requirements.
- You are disciplined and methodological in your way of working
- You have strong planning and coordination skills
- You have a mature personality with excellent interpersonal skills
- You are able to establish credibility with senior stakeholders
- You have good presentation skills
- You have knowledge and understanding of:
- IT (networking, infrastructure layer, application layer, etc.) and IT Security.
- IT (Security) operations and processes.
- You have strong knowledge and understanding of :
- Information Security standards (e.g. ISO 27001, TISAX)
- PII legislations (e.g. GDPR)
- Risk Management frameworks
- MS office products
- You are fluent in writing and speaking in English
- You obtained professional certifications such as ISO27001 Lead Implementer, CISM, CRISC , or equivalent.
- You keep yourself up-to-date on latest cyber and information security trends and threats
What we offer
We aim to lead the way. Not just for our customers, but for our employees too. That is why we strive to create a collaborative environment in which we can all succeed, and a culture through which we can all share ideas, develop our expertise and advance our careers. As you would expect from a world-leading organization, we will also reward your contribution with a competitive salary and benefits. With all this and more, imagine what you could do?
If our pioneering approach can make us a leader in sustainability, IMAGINE WHAT YOU COULD DO?
#J-18808-Ljbffr-
IT Security Consultant
il y a 3 semaines
belgium Projective Temps pleinAre you an Information Security Officer, IT Risk Officer, or IT Auditor eager to support our clients in managing IT risks?Do you want to make a significant impact at various financial institutions by managing both the run & change of their IT GRC?Then keep on reading and find out more about the role of IT Security Consultant at Projective Group in Belgium...
-
Cybersecurity Governance or Risk Officer
il y a 3 semaines
belgium SYNCTIV Temps pleinAbout the RoleAs a Cybersecurity Governance or Risk Officer, you will play a key role in ensuring that our client's cybersecurity policies, risk management frameworks, and compliance measures align with regulatory requirements such as NIS2, GDPR, and ISO 27001. Reporting to the Chief Information Security Officer (CISO), you will be responsible for driving...
-
Cyber Security Risk Manager
il y a 2 semaines
belgium Devoteam Temps pleinCompany DescriptionDevoteam is a leading consulting firm focused on digital strategy, tech platforms and cybersecurity. By combining creativity, tech and data insights, we empower our customers to transform their business and unlock the future. With 25 years' experience and 10,000 employees across Europe, the Middle East and Africa, Devoteam promotes...
-
Cyber Security Consultant
il y a 3 semaines
belgium Argus Temps pleinMission ContextAxepta BNP Paribas is launching a program to become compliant with the DORA (Digital Operational Resilience Act) regulation.DORA introduces a five-pillar framework of ICT Risk Management, Incident Reporting, Operational Resilience Testing, Third-Party Risk Management (TPRM) and information-sharing, ensuring a consistent provision of services...
-
IT Security Officer/ Belgium
il y a 2 semaines
belgium Gemmaone Temps pleinTemporary employment: PROJECT-BASED CONTRACTYour role:Review, propose changes, and approve Requests for Changes (RFCs) for classified Communication and Information Systems (CCISs).Conduct IT security inspections to ensure compliance with the defined security posture.Actively participate in change management and serve on the Change Control Board for...
-
OT Security Lead
il y a 3 semaines
vlaanderen, belgium SR2 | Socially Responsible Recruitment | Certified B Corporation Temps pleinWe are seeking an experienced OT Security Lead Consultant to support our client's cybersecurity initiatives. This role requires a highly skilled professional with deep expertise in OT (Operational Technology) security, who can lead security projects, develop strategies, and implement solutions in a large-scale industrial environment.The ideal candidate will...
-
Information Security Manager
il y a 3 semaines
belgium LotusBakeries Temps pleinAs Information Security Manager you will take charge of guaranteeing Lotus Bakeries' compliance with the NIS2 regulations and ISO 27001 security standards. Join us at Lotus Bakeries and embark on a thrilling journey to fortify our digital stronghold while shaping the future of information security in the food industry! You'll be the linchpin in embedding...
-
Security Compliance Analyst – French Speaker @ Marigold
il y a 2 semaines
belgium Cyber Crime Temps pleinSecurity Compliance Analyst - French SpeakerMarigold helps brands acquire customers through multiple channels, engage existing customers with curated offers, and turn customers into superfans.The Company:Marigold helps brands foster customer relationships through the science and art of connection. Marigold Relationship Marketing is a suite of world-class...
-
Risk Manager
il y a 2 semaines
belgium Gentis Temps pleinGentis is a Belgian recruitment company headquartered in Brussels, offering permanent recruitment solutions and project sourcing services worldwide across various sectors.As a Risk Manager for our partner in the logistic sector, you will :Play a key role in identifying, assessing, and managing risks.Manage risk to ensure both internal compliance and client...
-
Chief Information Security Officer
il y a 2 semaines
belgium Thales Temps pleinLocation: Tubize, BelgiumThales people architect solutions at the heart of the defence-security continuum. Interoperable and secure information and telecommunications systems for defence, security, and civil operators, are based upon innovative use of radiocommunications, networks, and cybersecurity. We are ground breaking new digital technologies such as...
-
Application Security Engineer
il y a 3 semaines
belgium Argus Temps pleinMission ContextOur client is looking for an Application Security Engineer to join the fast-evolving field of distributed (Java/mobile) development technologies and tools. You will be part of the Application Security & Vulnerability Management team and play a critical role in ensuring the security of applications developed within IT.Major...
-
Application Security Engineer
il y a 2 semaines
belgium Argus Solutions Temps pleinMission ContextOur client is looking for an Application Security Engineer to join the fast-evolving field of distributed (Java/mobile) development technologies and tools. You will be part of the Application Security & Vulnerability Management team and play a critical role in ensuring the security of applications developed within IT.Major...
-
Information Security Manager
il y a 3 semaines
belgium, belgique WhatJobs Temps pleinAs Information Security Manager you will take charge of guaranteeing Lotus Bakeries’ compliance with the NIS2 regulations and ISO 27001 security standards. Join us at Lotus Bakeries and embark on a thrilling journey to fortify our digital stronghold while shaping the future of information security in the food industry! Responsibilities You'll be the...
-
Covestro Network and IT Security Engineer
il y a 2 semaines
belgium Covestro AG Temps pleinWe are Covestro. We are curious. We are courageous. We are colorful. We refine chemical material solutions with game-changing products. Let us empower you to push boundaries. Join us and our 18,000 colleagues now and together we will make the world a brighter place.What are your goalsAs our local IT security engineer/champion, you will be responsible for...
-
Corporate Risk Manager
il y a 2 semaines
belgium Dixon & Company Temps pleinFor an international leading global company specializing in innovative imaging systems, IT solutions, and green technologies, we are searching for a Corporate Risk Manager. The company has a strong international presence, with operations spanning over 40 countries, supported by a dedicated workforce committed to excellence mainly in the printing and...
-
Security Architect
il y a 2 semaines
belgium DXC Technology Temps pleinJob Description:DXC Technology (NYSE: DXC) is the world's leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70...
-
Chief Information Security Officer
il y a 3 semaines
belgium, belgique WhatJobs Temps pleinLocation: Tubize, BelgiumThales people architect solutions at the heart of the defence-security continuum. Interoperable and secure information and telecommunications systems for defence, security, and civil operators, are based upon innovative use of radiocommunications, networks, and cybersecurity. We are ground breaking new digital technologies such as...
-
Compliance - Data Correspondent
il y a 2 semaines
belgium Edenred Belgium SA Temps pleinCompliance - Data CorrespondentLocations: Belgique - BruxellesTime Type: Temps pleinPosted On: Offre publiée il y a 30 jours ou plusJob Requisition ID: JR014330Faites un pas en avant et laissez-vous surprendre par Edenred. Chaque jour, nous fournissons des solutions innovantes pour améliorer la vie de millions de personnes, en connectant les employés, les...
-
Senior Application Security Specialist
il y a 3 semaines
belgium SWIFT Temps pleinAbout the RoleAre you passionate about application security and cyber security challenges? Do you want to leverage your expertise securing the design and implementation of Swift core applications and services? As a Senior member of the team, your core responsibility will be to support Agile and DevSecOps teams in delivering secure applications. Additionally,...
-
Security engineer
il y a 3 semaines
belgium Aikido Security Temps pleinCompany DescriptionWe're taking on the crusty global cyber market, the "no-BS" sec platform for devs.In the past, only large enterprises needed to worry about security. Today, every startup holds significant customer data, and cybersecurity has become the top concern of 75% of all CEOs.This means all developers need to ensure their platforms are secure, but...
