InfoSec Consultant

We are looking for a GRC Information Security Consultant to join our GRC department. You will take part in stimulating consulting and project assignments under the supervision of our Lead consultants and Practice Leader.

Your missions will consist of:

• Being an integral part of our Governance, Risk and Compliance solutions
• Representing APPROACH and delivering high standard quality deliverables
• Bringing high-value solutions to customers in the area of GRC (Business Continuity and Information Security and Risk Mgt, Data Privacy)
• Delivering GRC solutions in various steps of the engagement's lifecycles (perform security and risk assessments, contribute or manage security projects, deliver GRC solutions as a service).
• Providing CISO or assistant-CISO services to our customers (i.e. provide strategic and technical advise, organise the information security related activities, support customers to manage security incident(s)
• Providing Data Protection Management and/or DPO service to our customers (i.e. conduct awareness sessions, DPIAs, compliance assessments, support in Data Subject Access Request or Data Breach)
• Actively participating in the development of a GRC solution offering including improving GRC assets and writing of resources
• Sharing knowledge and actively contributing to GRC team meetings
• Bringing a positive and “can-do” attitude and energy to the team

Your profile

You have:

• More than 3 Years of professional (on the field) experience, including demonstrable experience in Information/IT/OT Security
• University Degree Qualified or equivalent work experience
• Understanding of ISO 27000 standards, Data Protection, and Risk management
• Strong understanding of regulatory frameworks such as GDPR, NIS, eIDAS, ..
• Ability to define the global information security strategy, the scope and context
• Good understanding of Information Risk Management, including Third party risk management
• Ability to write policies, processes, guidelines, and procedures
• Good understanding of IT and Cloud services
• Contributed to the implementation or operation of ISMS
• Exposure or management of security audit, security incident, and crisis management
• Establish and coordinate business continuity management
• Perform training and awareness activities
• Manage small to medium size projects preferably in ICT and information security
• Exposure toward middle to senior management
• Excellent communication and presentation (oral and written)
• Uncompromised integrity: respect for the confidentiality of both client and company information

Considered as a plus:

• ISO 27001 Lead Implementer or lead auditor
• ISO 27005, EBIOS
• CISSP
• CISM, CRISC, CISA
• COBIT, ITIL
• CCSK