Careers

Duties and responsibilities

• ICT/Cyber risk universe monitoring (new projects and technologies, adjusted release practice, regulatory changes, emerging risks and incidents) and priority / risk level scoring
• The formulation of appropriate audit review cycle plans and defining (risk/control/testing) audit programmes
• Managing and performing end-to-end audit review missions (planning, scoping, fieldwork, business owner debriefing, reporting and internal / external stakeholder informing)
• Steering and coaching of Internal Auditors participating in groupwide ICT / Cyber audits and / or covering specific ICT / Cyber topics within their respective business process audit missions
• Raising awareness and providing training on ICT / Cyber risks within the groupwide IAF
• Conducting follow-up on recommendation and action plan realisation
• Taking part in major IT initiatives and projects in an advisory or sounding board capacity, as well as partake in reviews of security systems and internal controls under development, and interact with ICT / Business Process Operators, Experts, Line Management;  Executive Management and control functions (Risk/Compliance/ITSO); and Audit Committee Members and Regulators                

Required knowledge, skills and experience

• A relevant Degree (or equivalent experience) in Information Technology or Computer Science or a related field; qualifications in Financial Services, Business Administration, Audit, Finance, or Accounting are an advantage
• Minimum 5 to 7 years of relevant professional IT / Cyber risk management or audit experience; additional seniority is an advantage and will be reflected in the actual function level / position scaling and the related tasks and responsibilities
• A prior internal/external audit position in ICT Governance / IT Audit or in IT Security is a clear plus
• Considerable, demonstrable experience in managing / steering, risk managing, monitoring or auditing complex ICT environments in line with applicable compliance regulations, related directives and guidelines, internal control regimes, development frameworks, and market best practices
• CISA, CIA, Agila ACCA, ACA … certification or willingness to get certification desirable
• CRISC, CSX-P, CISM, CIA, CFA, SCRUM, CA … or equivalent certificate is an advantage but no strict requirement
• Strong understanding or interest in corporate governance and the regulatory environment. Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations
• Exposure to data analysis techniques using Excel, SQL based tools or other specialised software, to cloud technologies, to industry framework such as ITIL and COBIT and/or to modern development practices including CI/CD, Test Driven Development, SCRUM or Kanban is an advantage
• Professional proficiency in English (written / oral) is a must, proficiency in other languages (French, Dutch, Italian, …) is an advantage
• Able to work well with a variety of personalities and all staff irrespective of their status in the organisation, feel comfortable in a fast moving multi-cultural and cross-border environment and able to balance multiple work priorities
• Possess sound judgement, business risk awareness, and inquisitive personality; ability to think critically and critic event and outcome professionally
• Be a well-organized self-starter with clear leadership, outspoken problem-solving and convincing skills