Senior Security Governance Specialist

The mission of Security Governance & Investigations is to protect Proximus, its customers, its business, its operations and reputation against external and internal threats. We oversee all cyber security matters across the company and its affiliates, with a whole set of activities covering governance, enterprise security architecture, security management and incident response (CSIRT). You will be fascinated by a highly dynamic environment, the cross-departmental collaboration and some deep technical aspects.

Within the Security Management team, we are looking for a highly motivated analyst to join and reinforce the team.
- You will be involved in the execution of the cybersecurity governance processes to ensure that the company’s information assets are properly protected, the level of risk is acceptable and that the corporate governance is respected.
- You will work closely with other teams within Security Governance and Investigations, Proximus Ada, business units’ security officers, commercial and technical business units, commercial and technical stakeholders, as well as with departments such as Legal, Internal Audit, Enterprise Risk Management, Communications, etc.

**Tasks to be performed by the Security Specialist include**:

- Define and update security policies and the security framework, with the aim to manage risk, to meet legal and regulatory requirements while ensuring that the business strategy and objectives can be implemented through the cybersecurity strategy.
- Define and document appropriate security controls, security guidelines and baselines for new technologies and environments in collaboration with enterprise security architects and security officers.
- Participate in the definition and execution of the implementation of cybersecurity processes and methodologies (e.g., risk management, compliance management,).
- Report on business risks and make recommendations to the Risk Management Committee.
- Monitor compliance and act on non-compliances. Guide stakeholders in their request for exceptions to security policies and report to the adequate decision body (PLT’s and Risk Management Committee).
- Oversee the cybersecurity processes and compliance of Proximus subsidiaries at Group level, measure KPIs and provide guidance on improvement opportunities. Report high risks of subsidiaries to the Proximus Risk Management Committee
- Develop and maintain regulatory and legal knowledge with Group Corporate Affairs colleagues and ensure proactive auditability (BIPT, ISO27001, etc.).
- Drive the execution of projects from the Cyber Security program (as delegate of the Business Sponsor).
- Provide support to the end users, upon request, during the implementation of security requirements.

**Profile**
- You are passionate about cybersecurity and how it enables business strategy.
- You understand Proximus business and have the ability to understand business products and related processes.
- You have strong interpersonal skills, mixing collaboration & communication skills, constructive assertiveness, and negotiation skills to convince other stakeholders.
- You are open minded, bring security in a positive manner and are always trying to find solutions. Your approach is cartesian and pragmatic. You can build a helicopter view and dig in the details whenever required.
- You can work autonomously, take responsibilities, and manage (sometimes changing) priorities. You have a high learning agility.
- You have an extensive understanding of security concepts, security domains and security tools, their implementation/usage in large IT and Telco environments (on-premises or in the cloud).
- You have a strong ability to detect security risks, propose/assess how to minimize them and communicate them clearly to non-technical stakeholders.
- Certification(s) like CISSP, CISM, CISA, SABSA, ISO27k Lead Auditor, ISO27k Lead Implementer,is(are) a plus.
- Language skills:

- Fluent in English with a good knowledge of French and/or Dutch.
- Excellent writing skills in English to be able to deliver clear and concise artefacts.