Cyber Security Risk Management Advisor
- Terhulpensesteenweg 120, 1000 Brussel, Belgium
Onepoint is a growng digital consulting and services company: in less than 15 years, onepoint has become one of the major players in the digital transformation, with nearly 2,500 employees. Our job is as much to think about change as to lead it using adapted tools and the agility of an innovative company: onepoint is a growth accelerator for the entire economy.
Onepoint has become an international group, present throughout Northwestern Europe, Canada, the United States, Australia, Tunisia and China.
- you execute security risk assessments in IT and business, scoping projects or legacy assets (applications, business solutions, 3rd-parties organization, processes…). Maintenance of identified risks in the risk registry database.
- you setup processes and procedures for an end to end security management for assets and Third-parties.
- you perform security risk quality assurance from the creation to the closure.
- you deliver consulting on risk management to internal customers (IT and Business) :
- Proposition or validation of measures to mitigate risks.
- Creation of detailed or synthetic risk report, structured and formulated in line with BNP Paribas Group and Information Security Risk Management best practices.
- Support in increasing risk control maturity by providing a valuable follow up and reporting.
- you report risks and overall risk posture to Information Security, IT or Business Management
- Correlate risks across a portfolio of projects or activities; identify and propose transversal risk mitigating actions.
- Create risk dashboards and reports for a management audience, in line with the defined risk appetite for the company.
- Create one-pagers and synthetic risk reports for a management audience.
- you manage customer relationship and are the Single Point Of Contact for the risk management services you deliver. You customize services to meet customer needs or expectations while ensuring compliance with risk management methodologies and guidelines.
- you contribute to definition and improvement of risk management methods and tools supporting those activities (risk identification guide, risk evaluation matrix, industrialization of risk monitoring and reporting framework and deliverables) taking into account your field experience as well as best practices.
- you contribute to writing procedures and processes supporting risk management activities outlined above, for both an expert and non-expert audience. Experience on linking different ISMS processes is a must.
- you are the single point of contact for security matters related to the CIAT of our assets: business support, maintenance of procedures and tooling, regular reporting, integration of the security asset management in the overall asset management processes of the bank
- Trilingual FR/NL/EN
- Professional experience in information security (5+ years)
- Experience in project management, process design and improvement
- Experience in Data protection, Business continuity, Access management
- Experience in Security Assessments on assets and Third-parties
- Experience in delivering presentations and training
- Significant experience in operational/security risks management.
- Knowledge of control frameworks and audit methodologies.
- Significant experience in working with cloud services (SaaS, HSP, AWS)
- Knowledge of software development security best practices
- Experience in release management, change management, incident management, testing
- Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.)
- Professional experience in information security (5+ years), particularly in Third-party management
- Strong IT background.
- Professional experience in Financial Services; used to work in large companies.
- Preferably experience in reviewing and amending Third-party security clauses in contracts
- Company car
- Fuel Card
- Mobile subscription
- Meal Vouchers
- Trainings & certifcations
Mission open to freelancers