Skip to Content

IT and Cyber Governance, Risk and Compliance Expert - SRQ150731

--Leuvense--

Apply Now!
The bank has a mature IT and Cyber Governance, Risk and Compliance (“GRC”) practice, supported by a centralized platform. Within the GRC capacity, the Processes and Tools team is looking for a motivated IT and Cyber GRC Expert to:
  • Deliver and improve IT GRC services, processes, and tools.
  • Understand, identify and challenge GRC process interconnections.
  • Drive evolutions, stakeholder support, and user adoption.
The ideal candidate is a cybersecurity enthusiast with fluent English and French, strong analytical skills, and a consulting mindset.

Mission description
The GRC Expert plays a critical role in ensuring that the bank's IT and Cyber GRC activities are aligned with industry’s best practices and regulatory requirements:
  • Contributes to the management of GRC processes and tools operations in line with the strategic vision of the Group and respecting local regulations.
  • Brings GRC evolutions and changes into production with strong focus on quality and user experience.
  • Provides guidance and support to Fortis IT and business units in effectively implementing IT and Cyber Governance, Risk and Compliance in their scope.
  • Collaborates with internal clients to clarify expectations and address blocking points, ensuring adequate understanding and buy-in.
The mission implies taking on different roles: service delivery, process design, requirement analysis, priority definition, task planning and organization, stakeholder management, user training and communication.

Core responsibilities
Processes and tools
  • Contribute to design and maintenance of Agile GRC processes within the Group’s framework.
  • Monitor GRC tools performance, resolve incidents and escalate issues promptly.
  • Simplify GRC processes and tools while preserving critical interdependencies.
Stakeholder and change leadership
  • Translate local/Group requirements into efficient, pragmatic GRC solutions.
  • Work with local/Group teams to align solutions architecture with global GRC strategy.
  • Contribute to and influence as much as possible the Group GRC program.
  • Help teams define their requirements and challenge them for an effective implementation in the GRC tool.
  • Lead Opus/Feature/User Story implementation and resolve interdependencies of different agile constructs.
User support and reporting
  • Design effective reporting/dashboards to support decision-making.
  • Onboard Tribes and Control functions in GRC tools; maintain documentation and training material.
  • Organize agile ceremonies with all stakeholders to ensure transparency.
Required experience
  • Strong IT background.
  • Significant experience in working with cloud services (SaaS, HSP, AWS, Microsoft 365).
  • Knowledge of software development security best practices, network/OS security, PAM, containerization.
  • Working experience with a GRC suite.
  • Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.), regulations (e.g. EBA guidelines on risks and outsourcing, PSD2, GDPR, DORA) and market standards (e.g. PCI-DSS).
  • Knowledge of control frameworks and audit methodologies.
  • Exposure to risk management, third-party security, compliance control.
  • Work experience in financial services and large corporate environments.
Preferable
  • Experience in vulnerability management and penetration testing.
  • Hands-on experience with Service Now GRC.
  • Experience with Agile methodologies applied to cyber security and risk management practices.
  • Prior audit experience (internal, external, or regulator-facing)

Apply Now!