Cybersecurity Risk Expert/Senior Analyst

Vast contract, Freelancer

Namur

Gedeeltelijk telewerk

Senior
Hero image

Profile : senior cybersécurity risk analyst

Full time Hybrid very long term mission (extendable with for max 3y)

Expected start date: asap

Location: Wallonie

Teleworking allowed for 50%

Context

The security division of our client is responsible for ensuring IT security. This division oversees various areas such as Governance, Risk and Compliance (GRC), solution security, security architecture, and operational security. It implements preventive or corrective security measures to protect the organization from cyber threats. To achieve its goals, the security division seeks to strengthen its team with a consultant specializing in cybersecurity risk management.

Job Description

Objectives

The main objective is to manage (identify, analyze, evaluate, estimate, mitigate) cybersecurity risks related to applications, infrastructures, systems, and IT services. The initial task will be to establish a strategy and methodology for managing IT security risks. The ultimate goal is to maintain risks at an acceptable level for the organization by selecting appropriate mitigation and control measures.

Activities and Deliverables

- Develop a cybersecurity risk management methodology based on a recognized risk management approach.

- Standardize information system risk management and analysis within the organization's processes.

- Conduct security risk analyses and develop an action plan to address the identified risks (reduction, avoidance, transfer, acceptance).

- Identify and assess IT system threats.

- Identify cybersecurity risks and their impacts.

- Initiate and plan risk management implementation using the chosen methodology and best practices.

- Evaluate cybersecurity risks and propose the most appropriate risk treatment options for the organization.

- Use GRC-type risk management tools (OneTrust, ServiceNow, Egerie...).

- Monitor the effectiveness of cybersecurity controls and risk levels.

- Develop, maintain, report, and communicate the complete risk management cycle.

- Enhance best practices and security measures to meet organizational standards.

- Monitor the effectiveness of both technical and organizational security measures, including improvement recommendations.

- Support teams, especially during compliance audits.

- Master cybersecurity frameworks to meet regulatory compliance such as NIS2.

- Perform any other activities related to IT security as needed.

Required Profile

Professional Experience

- At least 10 years of professional experience in IT services, with a minimum of 6 years in a related role or equivalent position.

- Proven and recent experience (< 3 years) in IT risk management, analysis, and mitigation.

Skills

- Mastery of cybersecurity risk management methodologies and tools.

- Demonstrate knowledge and expertise in the necessary domains, technical standards, methodologies, best practice frameworks, and technological tools for the role of Risk Manager/Risk Analyst.

- Implement cybersecurity risk management methodologies and standards.

- Ensure compliance with regulations and standards.

- Analyze and consolidate the organization's risk management practices.

- Enable executives and other stakeholders to make informed risk-related decisions.

- Raise cybersecurity risk awareness within the organization.

- Communicate, present, and report to relevant stakeholders.

- Implement risk management recommendations and best practices.

- Ability to conduct training based on the selected method.

- Monitor, test, and evaluate the effectiveness of cybersecurity controls.

- Knowledge of IT infrastructure domains (network, client/server, databases, middleware, IS, IAM, monitoring).

- Leadership and decision-making abilities.

- Excellent communication skills in French, both oral and written.

Expected Qualities

- Assertiveness and ability to be proactive.

- Autonomous but enjoys teamwork.

- Excellent communicator, client, and results-oriented.

- Positive and caring attitude, active listening.

- Ability to teach and simplify technical aspects.

- Rigorous and methodical.

- Consider change management.