Security Risk and Compliance Analyst

at  Proximus Group

The mission of the Security Management section within Proximus Ada is to protect Proximus SA, its affiliates, customers, business, operations, and its reputation against external and internal cybersecurity threats. We oversee all cyber security matters across the company and its affiliates, ensuring that necessary security controls are implemented on IT and telecommunication systems, in accordance with the related risks and in line with security regulations, standards, and policies.
We are seeking a motivated and enthusiastic colleague to join our Vendor Risk Management team. If you are well-versed in cybersecurity, have a knack for adhering to rules and an interest in legal matters, can bring a creative flair that enhances team efficiency, and a can-do attitude in a high paced work environment, you are the perfect fit.

QUALIFICATIONS

• 2+ years’ experience in third/party risk management, information security risk management, compliance, or a background in cybersecurity.
• Familiarity with information security processes, including risk assessment, vulnerability management, and incident response.
• Understanding of regulatory requirements (e.g. GDPR, NIS2, DORA)
• Proficiency in risk management, cybersecurity control frameworks and standards (e.g. NIST RMF, ISO 27001, ISO 28000, CyFun, CCM)
• Excellent analytical and problem-solving skills, with the ability to interpret complex risk data and make informed decisions.
• Attention to detail and proven ability to initiate and drive projects.
• Experience in aligning team processes with broader organizational goals.
• A collaborative mindset and a positive attitude towards working with a diverse team.
• Relevant certifications such as CISA, CISSP, CISM, ISO/IEC 27001Lead Implementer/Auditor, ISO/IEC 28000 Lead Implementer/Auditor, Security+.
• Capable of conducting professional business communications and effectively handling information security aspects of contract negotiations.
• Strong written and verbal communication skills in English. Capability to articulate complex risk concepts to technical and non-technical audiences.
• Relevant certifications such as CISA, CISSP, CISM, ISO/IEC 27001Lead Implementer/Auditor, ISO/IEC 28000 Lead Implementer/Auditor, Security+.
• Advanced knowledge of Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) to create professional documentation, presentations, dashboards, prepare statistics calculations, and optimize workflows.

Preferred additional skills

• Knowledge of emerging technologies and their associated risks, especially in AI and cloud computing.
• Experience of using a Governance, Risk, and Compliance (GRC) tool
• Experience in the telecommunication domain.
• Proficiency in French or Dutch.

• Conduct comprehensive audits of third-party information security policies, procedures, and controls.
• Participate in contract negotiations concerning the third-party information security annex.
• Lead online and in-person meetings with third parties.
• Analyse submitted security questionnaires and documentation to identify and assess potential vulnerabilities and risks. Raise issues promptly and provide mitigation options based on security issues identified.
• Prepare detailed risk assessment reports for senior leadership, providing insights and recommendations for third-party risk reduction.
• Contribute to the continuous improvement of the team’s processes based on experience in third-party risk assessment, industry best practices, and internal policies and frameworks.
• Produce clear and structured documentation of processes, meetings, and other relevant activities.
• Initiate and lead improvement projects aimed at enhancing the efficiency and effectiveness of the Vendor Risk Management team.
• Collaborate with other sections within the company to ensure alignment of processes.
• Stay up-to-date with emerging technologies, threats, vulnerabilities, and industry best practices.