Security Officer

Job Title: GRC officer- (Governance, Risk & Compliance)

Language: English, Dutch is a plus

Location: Braine-l’Alleud, Belgium

Duration: ASAP - until end of 2026

Work Mode: Hybrid (2 or 3 onsite/week)

Work regime: Full time

Job Description - Roles and Responsibilities

GRC Officer (Governance, Risk & Compliance) – ISO 27001 Implementation

Context

• Role within Cybersecurity, Governance, Risk, and Compliance team
• Main objective: Achieve ISO 27001 certification for Belgian entities, in line with NIS2 directive
• Team size: ~8 (risk management, governance/compliance, metrics/KPIs, program manager)
• The GRC Officer will join the governance and compliance sub-team
• Focus on ISMS (Information Security Management System) processes and documentation (ISO 27001 & 27002)
• Support exception management and GRC tool operations

Typical Day:

• Create and maintain ISMS documentation based on ISO 27001:2022
• Execute and follow up on ISMS activities (PDCA cycle)
• Support compliance and exceptions management processes
• Assist with GRC tool management (organizational and change management, not coding)
• Guide stakeholders through processes, provide operational support, and interact with various teams
• Prepare documentation, monitor objectives, follow up with stakeholders, and manage registers (risk, controls, exceptions)

Years of Experience

• Minimum 3 years’ experience with ISO 27001 implementation and related activities
• Target profile: 3–8 years of relevant experience

Must Have:

• Proven experience with ISO 27001/27002 implementation
• Independent in ISO knowledge and processes (minimal day-to-day coaching required)
• Strong organizational skills
• Tech-savvy (comfortable with Excel and other tools)
• Excellent communication and stakeholder management skills
• Fluent in English (documentation, meetings, and tools are in English)

Ideal Candidate

• ISO 27001:2022 Lead Implementer certification
• Familiarity with DT operating model and stakeholders
• Experience in large corporate/global environments
• ECB experience is a plus (not mandatory)

Nice to Have

• Experience with GXP/quality systems (pharma context)
• French or Dutch language skills (not required, but useful for some stakeholders)
• Language Requirements
• English: mandatory
• French/Dutch: optional plus