IT Security Risk and Compliance Manager
Umicore
- Hoboken, Anvers
- CDI
- Temps-plein
- Information Security Management System (ISMS)
- Drive the Umicore ISMS in compliance with the ISO/IEC 27001 standard, according to defined scope and objectives
- Define, supervise and contribute to recurrent ISMS activities: e.g. ISMS Activity Calendar
- Plan, prepare and conduct ISMS governance meetings on tactical level (ISMS Board) and operational level (ISMS Review)
- Monitor open actions: e.g. Gap Tracker and Risk Treatment Register
- Report on ISMS performance (e.g. ISMS Dashboard) and escalation matters to relevant governance bodies and obtain required outputs such as approvals, further escalations and actions to follow up.
- Define, drive and contribute to continual improvements
- Select and implement fit-for-purpose tools improving the effectiveness of the ISMS
- Define, manage and contribute to ISMS scope extensions in close collaboration with BU ISMS Managers
- Coordinate Internal and External Audit activities, and process outcome
- Communicate about the ISMS to relevant stakeholders across Umicore
- Act as sounding board for BU ISMS Managers
- Risk Management
- Organise, conduct or periodically review Risk Assessments according to the ISMS Risk Management Methodology and ensure strict consistency across the different Risk Assessments
- Support and challenge Risk Owners in identifying risks and defining risk treatment actions.
- Update and monitor the Risk Assessment files and the Risk Treatment Register and other documentation (e.g. evidences)
- Further mature the risk management processes on operational and tactical level for IT/Information Security
- Compliance Management
- Manage the IT Security policy framework
- Ensure IT Security policies reflect IT Security standards as defined by customers and regulatory instances
- Collect and propose potential policy amendments
- Align with relevant stakeholders about these changes and submit them for approval to the relevant governance bodies
- Lead the periodic review of IT Security policies
- Communicate about the IT Security policies and related updates
- Inspire the IS organization and beyond to strive to adhere to the IT Security policies. This includes raising security awareness where needed.
- Measure, analyse and report through (self-)assessments on the level of adherence to the IT Security Policies
- Support and challenge IT Asset Owners/Managers and Control Owners in identifying gaps and corrective actions as well as support them in designing and implementing adequate controls.
- Update and monitor the Gap Tracker including exceptions
- Fulfil IT security questionnaires on request of customers or business partners
- Contribute to assess the IT security posture of third parties
- Watch for and assess IT Security standards (e.g. NIS2, TISAX, …) and PII legislations (e.g. GDPR, PIPL, PIPA, …) and as a result initiate appropriate actions/projects to ensure compliance
- You hold a Master degree
- You have at least:
- 10 years of experience in IT (Security)
- 5 years of experience in international and global organizations
- 5 years of management experience in a management position or as a senior project manager
- 3 years of experience in security risk assessments, risk management and security controls.
- You have strong analytical and reporting skills
- You have strong oral and written skills to translate complex risk requirements.
- You are disciplined and methodological in your way of working
- You have strong planning and coordination skills
- You have a mature personality with excellent interpersonal skills
- You are able to establish credibility with senior stakeholders
- You have good presentation skills
- You have knowledge and understanding of:
- IT (networking, infrastructure layer, application layer, etc.) and IT Security.
- IT (Security) operations and processes.
- You have strong knowledge and understanding of :
- Information Security standards (e.g. ISO 27001, TISAX)
- PII legislations (e.g. GDPR)
- Risk Management frameworks
- MS office products
- You are fluent in writing and speaking in English
- You obtained professional certifications such as ISO27001 Lead Implementer, CISM, CRISC , or equivalent.
- You keep yourself up-to-date on latest cyber and information security trends and threats