As an Information Security Compliance Officer , you will:
- Acquire and maintain knowledge of GS information security policies, their evolution and alignment with Authoritative sources, other frameworks and legislation.
- Perform gap analysis to ensure that missing elements are integrated when & where relevant in the Information Security Policies by proposing the necessary change requests text.
- Provide a compliance view (KPIs/ indicators of conformity)
- Maintain a traceable inventory of changes related to the information security policy changes and updates in GS normative framework.
- Assure completeness of security policies and ensure that they are completely enforced in the Organisation
- Support the business and IT in Security Standards writing and update by providing guidance and performing Quality Assurance.
- Identify affected assets and processes upon policy & alignments changes;
- Attribute for security requirements the implementation responsibilities;
- Get implementers’ acceptance on the attributed implementation responsibilities.
- You will create memos and report to senior management.
To apply for this role, you:
- Have a university degree in IT or science or an engineering degree, with a IT background or proven equivalent experience
- Speak and write either Dutch or French fluently (mandatory).
- Speak and write English fluently (mandatory)
- Are a quick self-starter with pro-active attitude, and a team player.
- Have good communication and influencing skills; you have the ability to capture and adapt to stakeholder expectations.
- Have good analytical and synthesis skills, the ability to produce structured and concise documents, you are precise and methodological.
- Work autonomously, with a commitment and perseverance in personal organization.
- Ability to work in a dynamic and multi-cultural environment.
- Will coordinate / collaborate with external resources.
- Are results-oriented; a high performer.
- You are capable of quickly understanding end-to-end process flows and control needs
Technical skills:
- You’ve got 2-5 year experience in IT security technology and processes (secure networking, web infrastructure, Wintel, UNIX, Mainframe, ATM, etc.);
- You have a good knowledge of Excel (pivot tables, formulas) or Access DB.
- You have certifications in ISO27k series, Information Systems Security Professional CISSP, CISA;…
- You have 2 years’ experience in developing and maintaining policies and / or processes (preferably in IT area).
- You are familiar with regulatory requirements, ISO/IEC standards (e.g.: 27001 Information Security Management Standard,…), laws and regulations
- You are a certified ISO27001 Lead Implementer.
- You have knowledge of NIST control framework.
- You have knowledge of PCI DSS.