NK 287 Information Risk analyst BANKING, BRUSSELS
The Business Continuity and Assurance team within the Cyber Security Department defines, establishes and provides information assurance. The team manages regulatory adherence for security, supports security response to external RfPs, manages client queries regarding security policies/controls, provides assurance in response to client due diligence, and manages the first-line internal controls framework. These sub-functions collaborate across security capabilities, with IT and business teams and functions such as HR, Risk Management and Compliance.
BCP and Information Security Risks assessments of third parties
Support collaboration with senior management to coordinate a consistent framework and approach to security risk planning, regulatory awareness, adherence, testing, due diligence responses, and reporting on KPIs and KRIs.
Support the development of inputs and outputs for relevant governance bodies, and prepare reports for the business.
Maintain the database of client-issued RfP's and RfI's; respond to internal and external database knowledge requests.
Support engagement with business stakeholders, business/application/solution architecture, IT and operational teams.
Support 'proof of concepts' within BCP and Information Assurance; provide cost/benefit reports to security management.
Support collaboration with key business stakeholders to ensure appropriate consideration is given to security requirements in periods of business change and product development.
Handles standard situation by relying on existing procedures and methods, covering several but known domains of expertise.
Relies on existing processes and policies to take decisions.
Focuses on execution in his/her domain, according to defined processes and methods. Runs and maintains the operational process.
Works autonomously on standard activities or non-complex demands. Organises, co-ordinates and plans activities independently. Priorities are set by the job. Uses expertise to challenge the goals and scope of new requests and evaluates the impact of these new requirements.
Knowledge of security risk management, risk governance.
Strong oral and written skills to translate complex risk requirements.
Experience with security and controls frameworks, such as ISO 27001, COBIT5, SANS Top 20 Controls and NIST Cybersecurity Framework.
Experience with audit good practice.
Knowledge of onsite risk assessments, and managing targeted risk remediation activities.
Rate: 500-550 euros per day
Duration: 3 months extendable