IT & Cyber GRC Expert (Banking Sector)

Context

We are looking for an experienced IT & Cyber GRC Expert to support and strengthen Governance, Risk, and Compliance activities within a complex and regulated environment.

The role focuses on identifying, assessing, and mitigating IT and Cyber risks across systems, applications, projects, and third-party ecosystems, while ensuring alignment with internal policies and external regulations.

Key Responsibilities

• Perform IT & Cyber risk assessments across assets, applications, and third-party providers
• Execute and improve ICT controls and GRC processes
• Conduct third-party security and risk assessments , including supplier evaluations and audits
• Review and negotiate IT & Cyber security clauses in contracts
• Monitor suppliers’ security posture and ensure compliance with requirements
• Analyze vulnerabilities, penetration testing results, and audit reports to identify risks
• Propose pragmatic risk mitigation strategies aligned with business objectives
• Contribute to the continuous improvement of GRC processes and tools
• Document and present risk analyses and recommendations to both technical and non-technical stakeholders
• Deliver presentations and training sessions on risk and compliance topics

Experience

• 8–10+ years of experience in IT Risk, Cyber Risk, or GRC
• Strong experience in third-party risk management (TPRM)
• Proven background in IT & Cyber risk assessments
• Experience in project management, business analysis, and process improvement
• Experience within financial services or regulated environments
• Relevant certifications are a plus: CISSP, CISM, CISA, CCSK, CIPP

Technical Expertise

• Strong knowledge of security frameworks and standards: ISO 27001, NIST, SOC 2, OWASP
• Experience with: Vulnerability management, Penetration testing analysis, Audit methodologies, Solid understanding of cloud security (SaaS, IaaS, PaaS)
• Familiarity with IT risk tools (e.g., ServiceNow GRC) is a plus

Business & Regulatory Knowledge

• Good understanding of: IT & Cyber risk management practices, Regulatory frameworks (e.g., GDPR, DORA, EBA guidelines)
• Experience reviewing third-party IT/security contractual clauses
• Ability to align risk management with business strategy

Languages

• French: Fluent (mandatory)
• English: Fluent (mandatory)
• Dutch: Nice to have