IT Security Risk and Compliance Manager > Antwerpen > Joboolo BE :
Société : Umicore Lieu : Antwerpen Flanders Site source : Talent BE
With ambitions like this, imagine what you could do?About our Business Supporting Functions (IT and others)A global organization.
It’s not just those in our industrial sites and technical centres that are vital to Umicore’s growth.
Across our business supporting functions we ensure that we continue to grow and evolve – whether it’s by making sure our decisions are commercially viable, enhancing our reputation, building new customer relationships or finding the right people who can build on what we’ve already achieved.
The variety of our work means we cannot stand still.
We need to find new ways to do things, discover new solutions and develop new ideas.
Which is where you come in.What you will be doingThe IT SecurityRisk and ComplianceManager is responsible for driving on a daily basis the Umicore Information and Security Management System (ISMS) in compliance with the ISO/IEC standard.
He/she ensures the quality and consistency of the Umicore ISMS, manages the different processes tracked within the ISMS and reports on the performance of the ISMS.In the context of the ISMS, the IT SecurityRisk and ComplianceManager is responsible for leading and maturing the risk management processes for IT/Information Security, as well as actively raising the adherence to the Umicore IT Security policy framework and initiating and leading the efforts needed to be compliant with IT Security standards as defined by our customers or regulatory instances.The IT SecurityRisk and ComplianceManager performs these roles in close collaboration with the CISO, the IT Security team and all operational and regional teams within the Information Systems department (IS), Corporate Security and other Corporate departments & SOF’s and Business ISMS Managers.The IT SecurityRisk and ComplianceManager can be located in Brussels or Hoboken and reports to the Senior Manager IT License & Asset - IT Process Improvement.
RESPONSIBILITIESInformation Security Management System (ISMS)Drive the Umicore ISMS in compliance with the ISO/IEC standard, according to defined scope and objectives Define, supervise and contribute to recurrent ISMS activities:
e.g.
ISMS Activity CalendarPlan, prepare and conduct ISMS governance meetings on tactical level (ISMS Board) and operational level (ISMS Review)Monitor open actions:
e.g.
Gap Tracker and Risk Treatment RegisterReport on ISMS performance (e.g.
ISMS Dashboard) and escalation matters to relevant governance bodies and obtain required outputs such as approvals, further escalations and actions to follow up.Define, drive and contribute to continual improvementsSelect and implement fit-for-purpose tools improving the effectiveness of the ISMSDefine, manage and contribute to ISMS scope extensions in close collaboration with BU ISMS ManagersCoordinate Internal and External Audit activities, and process outcomeCommunicate about the ISMS to relevant stakeholders across UmicoreAct as sounding board for BU ISMS Managers Risk ManagementOrganise, conduct or periodically review Risk Assessments according to the ISMS Risk Management Methodology and ensure strict consistency across the different Risk AssessmentsSupport and challenge Risk Owners in identifying risks and defining risk treatment actions.Update and monitor the Risk Assessment files and the Risk Treatment Register and other documentation (e.g.
evidences)Further mature the risk management processes on operational and tactical level for IT/Information Securityupport the CIO/CISO on strategic levelCompliance ManagementManage the IT Security policy frameworkEnsure IT Security policies reflect IT Security standards as defined by customers and regulatory instancesCollect and propose potential policy amendmentsAlign with relevant stakeholders about these changes and submit them for approval to the relevant governance bodiesLead the periodic review of IT Security policiesCommunicate about the IT Security policies and related updatesInspire the IS organization and beyond to strive to adhere to the IT Security policies.
This includes raising security awareness where needed.Measure, analyse and report through (self-)assessments on the level of adherence to the IT Security Policies Support and challenge IT Asset Owners/Managers and Control Owners in identifying gaps and corrective actions as well as support them in designing and implementing adequate controls.Update and monitor the Gap Tracker including exceptionsFulfil IT security questionnaires on request of customers or business partnersContribute to assess the IT security posture of third partiesWatch for and assess IT Security standards (e.g.
NIS2, TISAX, …) and PII legislations (e.g.
GDPR, PIPL, PIPA, …) and as a result initiate appropriate actions/projects to ensure complianceWho we are looking forYou hold a Master degreeYou have at least:
10 years of experience in IT (Security)5 years of experience in international and global organizations5 years of management experience in a management position or as a senior project manager3 years of experience in securityrisk assessments, risk management and security controls.You have strong analytical and reporting skills You have strong oral and written skills to translate complex risk requirements.You are disciplined and methodological in your way of workingYou have strong planning and coordination skillsYou have a mature personality with excellent interpersonal skillsYou are able to establish credibility with senior stakeholdersYou have good presentation skillsYou have knowledge and understanding of:
IT (networking, infrastructure layer, application layer, etc.) and IT Security.IT (Security) operations and processes.You have strong knowledge and understanding of :
Information Security standards (e.g.
ISO , TISAX)PII legislations (e.g.
GDPR)Risk Management frameworks MS office productsYou are fluent in writing and speaking in EnglishYou obtained professional certifications such as ISO Lead Implementer, CISM, CRISC , or equivalent.You keep yourself up-to-date on latest cyber and information security trends and threatsWhat we offerWe aim to lead the way.
Not just for our customers, but for our employees too.
That is why we strive to create a collaborative environment in which we can all succeed, and a culture through which we can all share ideas, develop our expertise and advance our careers.
As you would expect from a world-leading organization, we will also reward your contribution with a competitive salary and benefits.
With all this and more, imagine what you could do?If our pioneering approach can make us a leader in sustainability, IMAGINE WHAT YOU COULD DO?Apply Umicore AntwerpenFlanders
