Information Security Governance Risk & Compliance Advisor

Information Security Governance Risk & Compliance Advisor
Posted 2 years ago
Start Date – ASAP
Duration – 6 months (renewable)
Location – Brussels
Function Description: As an Information Security Advisor you will carry on the activities listed below:
Perform Legal & Regulatory Watch.
  • Ensure that all Information Security related authoritative sources are captured.
  • Perform gap analysis to ensure that missing elements are integrated when & where relevant in the Information Security Policies by proposing the necessary change requests text.
  • In collaboration with Legal determine the applicability of the source to the bank.
  • Maintain a traceable inventory.
Ensure appropriate Statement Of Applicability
Based on a good knowledge of the bank normative framework that you will need to acquire, and particularly, onyour own experience:
  • Identify affected assets and processes upon policy changes;
  • Attribute implementation responsibilities;
  • Get implementers’ acceptance on the attributed implementation responsibilities;
Maintain a traceable inventory the alignment between Technical Standards (e.g. Windows, Mainframe, Network, other IT activities) and the Information Security Policies :
  • You will be the BNP Paribas Fortis Global Security SPOC for IT stakeholders in Belgium and France.
  • You will analyse the IT technical standards and perform a mapping to BNPPF policy framework.
  • Traceability being key, you will keep track of deviations and use your influence skills to convince stakeholders for a pragmatic resolution.
  • You will report on the compliance status between policies and technical standards to Global Security, IT and Senior Management.
Execute security risk assessments in IT and business, scoping projects or legacy assets (applications, business solutions, 3rd-parties organization, processes …). Maintenance of identified risks in the risk registry database.
Education: University degree in IT or science or an engineering degree, with a strong IT background or proven equivalent experience / skills in the area.
Certification: Certifications in ISO27k series, Information Systems Security Professional CISSP, CISA; …is preferable
Languages: French Fluent speaking and writing (mandatory), Dutch Good speaking and writing, English Fluent speaking and writing (mandatory)
Experience: 3-5 years of experience in Information Security and in IT process management.
Mandatory Technical Experience:
  • 2-5 year experience in IT security technology and processes (secure networking, web infrastructure, Wintel, UNIX, Mainframe, ATM, etc.);
  • Metrics definition and dashboards.
  • Significant experience in operational/security risk management.
Preferable: Certifications in ISO27k series, Information Systems Security Professional CISSP, CISA; ..
Mandatory Functional Experience:
  • 2 years’ experience in developing and maintaining policies and / or processes (preferably in IT area).
  • Experienced with regulatory requirements, ISO/IEC standards (eg:27001 Information Security Management Standard,…), laws and regulations
  • Hand-on experience in the performance of security risk assessments on Third-parties and applications.
  • Knowledge of Information Security and Risk Management frameworks
  • Tools: advanced knowledge and use of Office suite, SharePoint,…
  • Coordination of / collaboration with externals resources.


  • Certified ISO27001 Lead Implementer.
  • Experience in designing and implementing controls.
  • Knowledge of GRC Tools such as RSA Archer eGRC Suite.
  • Working experience with colleagues of BNPP Group (Paris) & ready to travel on ad hoc basis.
  • Project Management /coordination skills (Ability to run projects averaging 100-150 days mostly intra-team).
Business Experience:
  • 2-5 years’ experience in IT, Information Security environments.
  • Capability to quickly understand end-to-end process flows and control needs.
  • Experience in creating memos to the attention of senior management level.
  • If possible, preference will be given to candidate that have a good knowledge / practical experience of different bank entities / processes if possible.
Soft skills
  • Quick self-starter, pro-active attitude, team player.
  • Excellent English writing skills.
  • Good Communication and influencing skills; ability to capture and adapt to stakeholder expectations.
  • Good analytical and synthesis skills; ability to produce structured and concise documents
  • Autonomy, commitment and perseverance in personal organization..
  • Ability to work in a dynamic and multi-cultural environment.
  • Results-oriented; high performer.

If you think that your profile fits to these requirements, please send us your CV by email at, with the job title as reference in your email subject; or send it online.

Apply Online

A valid email address is required.
A valid phone number is required.
error: Content is protected !!