Cyber GRC Technical Consultant

Posted 8 hours 35 minutes ago by LCA Consulting Services

Contract
Not Specified
Other
Brussel, Belgium
Job Description

IT and Cyber GRC Technical Consultant

The ideal candidate is a Cybersecurity enthusiast with fluent English and French, strong analytical skills, and a consulting mindset.

Mission description
The GRC Expert plays a critical role in ensuring that IT and Cyber GRC activities are aligned with industry's best practices and regulatory requirements:

  • Contributes to the management of GRC processes and tools operations in line with the strategic vision
  • Brings GRC evolutions and changes into production with strong focus on quality and user experience.
  • Provides guidance and support to IT and business units in effectively implementing IT and Cyber Governance, Risk and Compliance in their scope.
  • Collaborates with internal clients to clarify expectations and address blocking points, ensuring adequate understanding and buy-in.

The mission implies taking on different roles: service delivery, process design, requirement analysis, priority definition, task planning and organization, stakeholder management, user training and communication.

Core responsibilities
Processes and tools

  • Contribute to design and maintenance of Agile GRC processes within the Group's framework.
  • Monitor GRC tools performance, resolve incidents and escalate issues promptly.
  • Simplify GRC processes and tools while preserving critical interdependencies.

Stakeholder and change leadership

  • Translate local/Group requirements into efficient, pragmatic GRC solutions.
  • Work with local/Group teams to align solutions architecture with global GRC strategy.
  • Contribute to and influence as much as possible the Group GRC program.
  • Help teams define their requirements and challenge them for an effective implementation in the GRC tool.
  • Lead Opus/Feature/User Story implementation and resolve interdependencies of different agile constructs.

User support and reporting

  • Design effective reporting/dashboards to support decision-making.
  • Onboard Tribes and Control functions in GRC tools; maintain documentation and training material.
  • Organize agile ceremonies with all stakeholders to ensure transparency.

Certification

Optional: (ISC)2CISSP or CGRC; ISACA CISA, CISM or CGEIT or relevant equivalents.

Languages Requirement

French

Required knowledge/Experience

Experience

To succeed in this role the candidate will demonstrate a solid background in cybersecurity and a broad understanding of its fundamental concepts, the risks and security issues inherent to corporate IT environments and how to manage them.
Additionally, 5+ years of professional experience in GRC, encompassing cyber risk, third-party security, compliance control, project management, process design and improvement, delivering presentations and training to diverse audiences.

Technical Experience

Mandatory

  • Strong IT background.
  • Significant experience in working with cloud services (SaaS, HSP, AWS, Microsoft 365).
  • Knowledge of software development security best practices, network/OS security, PAM, containerization.
  • Working experience with a GRC suite.

Preferable

  • Experience in vulnerability management and penetration testing.
  • Hands-on experience with Service Now GRC.

Business Experience

Mandatory

  • Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.), regulations (eg EBA guidelines on risks and outsourcing, PSD2, GDPR, DORA) and market standards (eg PCI-DSS).
  • Knowledge of control frameworks and audit methodologies.
  • Exposure to risk management, third-party security, compliance control.
  • Work experience in financial services and large corporate environments.