FULL_TIME

IT Risk Officer - Ypto

Brussels & home office BE
2022-01-25
2024-03-28

You are responsible for guarding the vision, the development of strategy and the implementation of the Information Security Risk and IT Risk Management programme within the NMBS-SNCB organisation (including its affiliates).

You identify, analyse and report information security risks for different NMBS-SNCB Business Units. You provide Information Security requirements for IT projects. You will follow up on the implementation status of agreed controls.   

You identify, analyse and report on the internal IT risks, and take care of the follow-up. You maintain the risk register and take care of the management reporting.

You participate in the implementation of an ISMS. You define risk policies, standards, procedures and guidelines. You take care of their communication and awareness at the respective audiences. You follow up and report on their implementation and status.

The influence of the IT Risk Officer extends across the entire enterprise. You report to the Teamlead IT Risk Office.

Information Risk Management

  • Setting up and maintaining an Information Risk Management framework, based on ISF IRAM.
  • Defining, organizing and applying "information risk analysis", "information risk treatment" and “information risk monitoring” processes, policies and standards.
  • Defining and managing the approval and evaluation processes of these new processes and standards.
  • Incorporation of information risk management processes in the existing business and IT processes.
  • Execute, formulate practically and pragmatically, monitor and adjust information risk analysis for new projects and existing situations.
  • Setting up and maintaining an information risk registry.
  • Unambiguous reporting of risks as well as follow-up of mitigating actions towards the business owners.

IT Risk Management

  • Maintaining an IT risk management framework, based on ISF IRAM.
  • Applying information risk analysis, information risk treatment and information risk monitoring processes, policies and standards.
  • Execute, formulate practically and pragmatically, monitor and adjust information risk analysis for new projects and existing situations.
  • Maintaining an information risk registry.
  • Unambiguous reporting of risks as well as follow-up of mitigating actions towards the business owners.

In both of these domains, you will work closely with IT PMO to align with existing IT processes, with IT project managers and operational managers to identify or mitigate risks, with NMBS-SNCB and YPTO Data Protection Officers to guard privacy, with IT Compliance Officers, with the CyberSecurity team, and with IT Service Continuity Officers to align on risks and BIA’s.

Your profile:

  • Bachelor's degree or equivalent experience
  • 3 to 10 years of relevant experience in risk management and / or information security
  • Knowledge of ISO2700x, ISO31000, COBIT5, ITIL, …
  • Experience in assessing and managing IT and/or Information Risk
  • Broad knowledge of IT processes and technology
  • Knowledge of security architectures and controls
  • Knowledge of ISF IRAM is a plus
  • Experience in managing and overseeing security in third party service providers.
  • Certifications: CISSP, CISM, CISA or CRISC is a plus
  • Problem analysis and conflict management
  • Customer focus and able to handle in an organisation-sensitive way
  • Record of responsibility
  • Spoken and written fluency in English and Dutch or French; passive understanding of Dutch and French