IT Risk and Governance 12 months Contract

Job ID
17478

Drive, design and implement cyber and information security governance & risk solutions, including 3rd party risk governance
• Contribute to a data-driven security solutions architecture, and to informed decision taking at governance level.
• Participate to the development of the IT Security policy framework
• Execute in-depth cyber security reviews and risk assessments for projects, critical business applications and 3rd parties
• Liaise with other SMEs in the security team (security architect, IAM, appsec, …)
• Respond to inquiries from external parties (partners, authorities, …) about the cyber security posture of UCB
• Develop reporting on a periodic basis regarding the status and performance of the Information Security Governance process

Team info – what does the team do?
Governing IT projects – policy framework, the guidelines, contracts, governing the initiatives of what we expect from cyber and the baseline which we put on paper in the policies and the contracts
Risk – IT risk management, the third-party risk management
Compliance – compliance with the security standards (internal), regulatory compliance (data privacy)

Current project(s): on what project the candidate will be involved?
• Everything mentioned above
• Running those processes and improving them operationally; and reporting them o
• Focus on data-driven security
• Helping in improving the policies
• Running IT risk management process, third-party risk management

Task / Daily activities:
• Drive, design and implement cyber and information security governance & risk solutions, including 3rd party risk governance
• Contribute to a data-driven security solutions architecture, and to informed decision taking at governance level.
• Participate to the development of the IT Security policy framework
• Execute in-depth cyber security reviews and risk assessments for projects, critical business applications and 3rd parties
• Liaise with other SMEs in the security team (security architect, IAM, appsec, …)
• Respond to inquiries from external parties (partners, authorities, …) about the cyber security posture of UCB
• Develop reporting on a periodic basis regarding the status and performance of the Information Security Governance process

What are the key technical skills that all candidates must attain?
• A degree in Computer Science, Security, Engineering or equivalent through experience. We select on personality, skills, capabilities and experience; not on a degree alone!
• Experience in implementing security governance and risk processes, and supporting those with real-world data
• Broad knowledge of IT Security frameworks and best practices
• About 5 years of similar experience, having pharma experience is a plus.
• Love working with people & technology and eager to contribute to a strong IT organization.
• Fast-paced, changing environment doesn’t scare you. On the contrary, you easily adapt and switch context and can offer pragmatic solutions thanks to your can-do attitude.
• Fluent in English. French and/or Dutch are nice to have. Ability to write well-structured documentation and to present technical topics to a wide audience.
• A team player who is also able to work independently and to deliver results.

Ideal candidate:
max 3 Must have (certification, min years of experience)
1. Governance – knowing the policies/knowing how to use them (policy framework knowledge)
2. Risk – experience with risk management (bank risk management –? not relevant!)
3. Compliance – being able to work with data; doing data analytics; bringing message out of data (reporting experience)
4. English – fluent

Nice to have:
• everything else is nice to have
• a small plus – experience in pharma life companies

Remote working: No remote working accepted

Apply for this position

Allowed Type(s): .pdf, .doc, .docx