Job Application Form
Job
IT and Cyber Governance, Risk and Compliance Expert - SRQ150731
Location
--Leuvense--
Department
IT Governance, Risk & Compliance(GRC)
The bank has a mature IT and Cyber Governance, Risk and Compliance (“GRC”) practice, supported by a centralized platform. Within the GRC capacity, the Processes and Tools team is looking for a motivated IT and Cyber GRC Expert to:
- Deliver and improve IT GRC services, processes, and tools.
- Understand, identify and challenge GRC process interconnections.
- Drive evolutions, stakeholder support, and user adoption.
The ideal candidate is a cybersecurity enthusiast with fluent English and French, strong analytical skills, and a consulting mindset.
Mission description
The GRC Expert plays a critical role in ensuring that the bank's IT and Cyber GRC activities are aligned with industry’s best practices and regulatory requirements:
- Contributes to the management of GRC processes and tools operations in line with the strategic vision of the Group and respecting local regulations.
- Brings GRC evolutions and changes into production with strong focus on quality and user experience.
- Provides guidance and support to Fortis IT and business units in effectively implementing IT and Cyber Governance, Risk and Compliance in their scope.
- Collaborates with internal clients to clarify expectations and address blocking points, ensuring adequate understanding and buy-in.
The mission implies taking on different roles: service delivery, process design, requirement analysis, priority definition, task planning and organization, stakeholder management, user training and communication.
Core responsibilities
Processes and tools
- Contribute to design and maintenance of Agile GRC processes within the Group’s framework.
- Monitor GRC tools performance, resolve incidents and escalate issues promptly.
- Simplify GRC processes and tools while preserving critical interdependencies.
Stakeholder and change leadership
- Translate local/Group requirements into efficient, pragmatic GRC solutions.
- Work with local/Group teams to align solutions architecture with global GRC strategy.
- Contribute to and influence as much as possible the Group GRC program.
- Help teams define their requirements and challenge them for an effective implementation in the GRC tool.
- Lead Opus/Feature/User Story implementation and resolve interdependencies of different agile constructs.
User support and reporting
- Design effective reporting/dashboards to support decision-making.
- Onboard Tribes and Control functions in GRC tools; maintain documentation and training material.
- Organize agile ceremonies with all stakeholders to ensure transparency.
Required experience
- Strong IT background.
- Significant experience in working with cloud services (SaaS, HSP, AWS, Microsoft 365).
- Knowledge of software development security best practices, network/OS security, PAM, containerization.
- Working experience with a GRC suite.
- Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.), regulations (e.g. EBA guidelines on risks and outsourcing, PSD2, GDPR, DORA) and market standards (e.g. PCI-DSS).
- Knowledge of control frameworks and audit methodologies.
- Exposure to risk management, third-party security, compliance control.
- Work experience in financial services and large corporate environments.
Preferable
- Experience in vulnerability management and penetration testing.
- Hands-on experience with Service Now GRC.
- Experience with Agile methodologies applied to cyber security and risk management practices.
- Prior audit experience (internal, external, or regulator-facing)