Senior Security Governance Specialist

<p>Are you passionate about #AI or #cybersecurity? You love working with high profile teams with a sure taste for challenge and variety? You dream to join a fast-growing company with start-up mentality? Eager to learn continuously? Join <strong>Proximus Ada</strong> !</p>
<p>Within this Proximus’ newly created centre of excellence for AI and Cybersecurity, the mission of the Security Management and CSIRT teams is to protect Proximus, its customers, its business, its operations and reputation against external and internal threats. You will be fascinated by a highly dynamic environment, the strong collaboration and some deep technical aspects.</p>
<p>Within the Security Management team, we are looking for a <strong>Senior Security Governance Specialist </strong>to reinforce the team.</p>
<p><strong>Your Role:</strong></p>
<ul>
<li>You will be involved in the execution of the cybersecurity governance processes to ensure that the company’s information assets are properly protected, the level of risk is acceptable and that the corporate governance is respected.</li>
<li>You will work closely with other teams within Proximus Group Security Governance, Proximus Ada, business units’ security officers, commercial and technical business units, commercial and technical stakeholders, as well as with departments such as Legal, Internal Audit, Enterprise Risk Management, Communications, etc.</li>
</ul>
<p><strong>Tasks to be performed by the Security Specialist include:</strong></p>
<ul>
<li>Define and update security policies and the security framework, with the aim to manage risk, to meet legal and regulatory requirements while ensuring that the business strategy and objectives can be implemented through the cybersecurity strategy.</li>
<li>Define and document appropriate security controls, security guidelines and baselines for new technologies and environments in collaboration with enterprise security architects and security officers.</li>
<li>Participate in the definition and execution of the implementation of cybersecurity processes and methodologies (e.g., risk management, compliance management, …).</li>
<li>Report on business risks and make recommendations to the Risk Management Committee.</li>
<li>Monitor compliance and act on non-compliances. Guide stakeholders in their request for exceptions to security policies and report to the adequate decision body (CISO, Proximus Leadership Team and Risk Management Committee).</li>
<li>Oversee the cybersecurity processes and compliance of Proximus subsidiaries at Group level, measure KPIs and provide guidance on improvement opportunities. Report high risks of subsidiaries to the Proximus Risk Management Committee</li>
<li>Develop and maintain regulatory and legal knowledge with Group Corporate Affairs colleagues and ensure proactive auditability (BIPT, ISO27001, etc.).</li>
<li>Drive the execution of projects from the Cyber Security program (as delegate of the Business Sponsor).</li>
<li>Develop and maintain an extensive network of relationships with external stakeholders (government authorities, telecom industry authorities, telecom sector, other sectors, subject matter experts, suppliers, etc.).</li>
<li>Provide support to the end users, upon request, during the implementation of security requirements.</li></ul><br/><p><strong>Your Profile:</strong></p>
<ul>
<li>You are passionate about cybersecurity and how it enables business strategy.</li>
<li>You understand Proximus business and have the ability to understand business products and related processes.</li>
<li>You have strong interpersonal skills, mixing collaboration & communication skills, constructive assertiveness, and negotiation skills to convince other stakeholders.</li>
<li>You are open minded, bring security in a positive manner and are always trying to find solutions. Your approach is cartesian and pragmatic. You can build a helicopter view and dig in the details whenever required.</li>
<li>You can work autonomously, take responsibilities, and manage (sometimes changing) priorities. You have a high learning agility.</li>
<li>You have a Bachelor or Master’s degree in computer science or in Cyber Security (or equivalent combination of education and experience) with more than 10 years of hands-on experience in security dealing with multiple security domains (technologies, applications, services) and activities (concepts, policies, practices, procedures) preferably in a large organization.</li>
<li>You have an extensive understanding of security concepts, security domains and security tools, their implementation/usage in large IT and Telco environments (on-premises or in the cloud).</li>
<li>You have a strong ability to detect security risks, propose/assess how to minimize them and communicate them clearly to non-technical stakeholders.</li>
<li>Certification(s) like CISSP, CISM, CISA, CRISC, SABSA, ISO27k Lead Auditor, ISO27k Lead Implementer, … is(are) a plus.</li>
<li>Hands-on knowledge of GRC tools (e.g. ServiceNow IRM, Eramba, …) is a plus.</li>
</ul>
<p> </p>
<p><strong>Language skills:</strong></p>
<ul>
<li>Fluent in English with a good knowledge of French and/or Dutch.</li>
</ul>
<p>Excellent writing skills in English to be able to deliver clear and concise artefacts</p>