Information Security Compliance Officer

Be the organization's GRC knowledge base
Go back to all jobs

The implementation of a suitable ISMS requires to define an integrated normative and control framework. To measure if policies and standards are applied and effective, compliance monitoring needs to be ensured. It will provide reasonable assurance on the achievement and realization, and enable sound and formal risk decision making by our customer’s management.

As an Information Security Compliance Officer , you will:

  • Acquire and maintain knowledge of GS information security policies, their evolution and alignment with Authoritative sources, other frameworks and legislation.
  • Perform gap analysis to ensure that missing elements are integrated when & where relevant in the Information Security Policies by proposing the necessary change requests text.
  • Provide a compliance view (KPIs/ indicators of conformity)
  • Maintain a traceable inventory of changes related to the information security policy changes and updates in GS normative framework.
  • Assure completeness of security policies and ensure that they are completely enforced in the Organisation
  • Support the business and IT in Security Standards writing and update by providing guidance and performing Quality Assurance.
  • Identify affected assets and processes upon policy & alignments changes;
  • Attribute for security requirements the implementation responsibilities;
  • Get implementers’ acceptance on the attributed implementation responsibilities.
  • You will create memos and report to senior management.

To apply for this role, you:

  • Have a university degree in IT or science or an engineering degree, with a IT background or proven equivalent experience
  • Speak and write either Dutch or French fluently (mandatory).
  • Speak and write English fluently (mandatory)
  • Are a quick self-starter with pro-active attitude, and a team player.
  • Have good communication and influencing skills; you have the ability to capture and adapt to stakeholder expectations.
  • Have good analytical and synthesis skills, the ability to produce structured and concise documents, you are precise and methodological.
  • Work autonomously, with a commitment and perseverance in personal organization.
  • Ability to work in a dynamic and multi-cultural environment.
  • Will coordinate / collaborate with external resources.
  • Are results-oriented; a high performer.
  • You are capable of quickly understanding end-to-end process flows and control needs

Technical skills:

  • You’ve got 2-5 year experience in IT security technology and processes (secure networking, web infrastructure, Wintel, UNIX, Mainframe, ATM, etc.);
  • You have a good knowledge of Excel (pivot tables, formulas) or Access DB.
  • You have certifications in ISO27k series, Information Systems Security Professional CISSP, CISA;…
  • You have 2 years’ experience in developing and maintaining policies and / or processes (preferably in IT area).
  • You are familiar with regulatory requirements, ISO/IEC standards (e.g.: 27001 Information Security Management Standard,…), laws and regulations
  • You are a certified ISO27001 Lead Implementer.
  • You have knowledge of NIST control framework.
  • You have knowledge of PCI DSS.

Contact us

Drop us a line or pay us a visit - always welcome for coffee. +32 2 315 50 10