AISB-837 IT & Cyber Governance, Risk & Compliance Expert

We are looking for an experienced professional to strengthen a Governance, Risk & Compliance (GRC) function within a complex international IT environment. The role focuses on enhancing cyber and information security risk management practices, improving control frameworks, and ensuring alignment with regulatory and organizational standards.

Mission Overview

You will contribute to the continuous improvement and operational execution of IT and Cyber GRC activities across a large-scale enterprise environment. The scope includes risk identification, control effectiveness, third-party risk oversight, and the evolution of GRC processes and tools.

You will act as a key advisor in managing IT and cyber risks across applications, infrastructure, projects, and external suppliers, ensuring risks are properly assessed, documented, and mitigated in line with internal policies and regulatory expectations.

Key Responsibilities

• Support operational GRC activities, including ICT control execution and third-party technology risk assessments
• Evaluate supplier and vendor security postures, including cloud-based solutions (SaaS, IaaS, PaaS)
• Contribute to the design, monitoring, and continuous improvement of GRC processes and tools
• Analyze complex risk scenarios and translate them into clear, actionable insights for both technical teams and senior stakeholders
• Review and validate vulnerability assessments, penetration test results, and external audit findings
• Contribute to the negotiation and review of IT and cyber-related contractual clauses with third parties
• Coordinate with internal stakeholders across IT, security, procurement, legal, data privacy, and continuity functions
• Simplify and optimize GRC processes while ensuring compliance and operational effectiveness
• Support awareness, communication, and training activities on risk and security topics

Profile & Experience

• 8+ years of experience in Governance, Risk & Compliance within IT and Cyber environments
• Strong background in IT and Cyber Risk Management, including third-party risk assessments
• Proven experience with cloud security environments and service models (SaaS, IaaS, PaaS)
• Hands-on experience with application security, vulnerability management, penetration testing, and audit methodologies
• Solid understanding of frameworks and standards such as ISO 27001, SOC 2, NIST, OWASP, and PCI-DSS
• Familiarity with regulatory environments including GDPR and DORA
• Experience in financial services or large corporate environments is highly valued
• Exposure to ServiceNow GRC and Agile methodologies is an advantage

Key Skills

• Strong analytical and synthesis capabilities, with the ability to simplify complex technical risks
• Excellent communication and stakeholder management skills across technical and business audiences
• Ability to influence, negotiate, and build trusted relationships at all levels
• Structured, autonomous, and proactive approach with strong delivery focus
• Ability to manage multiple priorities in a fast-paced, multicultural environment
• Strong presentation and training capabilities
• Coaching and mentoring mindset

Languages

• English: Fluent
• French: Fluent
• Dutch: Optional, appreciated

Education & Certifications

• Master’s degree or equivalent through experience
• Certifications such as CISSP, CISM, CISA, CIPP, or CCSK are considered an asset

Interested? We invite you to apply and join a team where your expertise will directly strengthen cyber resilience and risk governance.