Digit'Eaux is the digital transformation partner for organisations in the water sector in Wallonia, supporting cooperators through strategy, design and delivery of operational IT and security programmes. This role exists to lead Governance, Risk and Compliance activities for the internal cybersecurity team and for multiple MSP clients, with a strong emphasis on ISO 27001:2022 implementation and use of the GRC CISO Assistant platform.
The mission
The immediate project is a multi-client compliance programme to bring Digit'Eaux and its cooperators into alignment with the NIS2 directive and ISO 27001:2022. Work covers the full SMSI lifecycle: gap analysis, documentation (policies, procedures, Statement of Applicability), risk treatment planning and audit preparation for organisations in the water and sanitation domain. The programme is delivered in an MSP context where the security team acts as an extended CISO for several clients.
Day to day you will operate as the hands-on GRC lead inside the cybersecurity team, reporting directly to the CISO and coordinating with client CISOs, operational teams and external auditors. Typical activities include drafting and maintaining SMSI artefacts, running risk analysis workshops, configuring and operating the GRC CISO Assistant for control and remediation tracking, and preparing organisations for ISO 27001 certification and NIS2 compliance reviews.
Your responsibilities
- Lead the definition and continuous improvement of the organisation's SMSI, producing clear policies, procedures and the Statement of Applicability.
- Own risk management deliverables, run ISO 27005-style risk assessments and drive risk treatment plans to measurable closure.
- Coordinate and support client ISO 27001 certification cycles, including gap analyses, internal audits and audit-day readiness.
- Operate and administer the GRC CISO Assistant (or equivalent), maintaining control matrices, risk registers and action tracking across multiple clients.
- Prepare and present compliance status reports and executive summaries to the CISO and governing bodies.
- Facilitate workshops and change management activities to embed controls and reduce resistance across operational teams.
Your profile
Essential skills
- 3 to 5+ years delivering GRC, information security compliance or ISO 27001 programmes in an MSP, consultancy or multi-client environment.
- Proven ability to author and maintain formal SMSI artefacts, including policies, procedures and SOA with contextual justifications.
- Practical experience with ISO 27001:2022 requirements and the PDCA cycle applied to a live SMSI, ideally with participation in a full certification cycle.
- Familiarity with NIS2 obligations and the interaction between NIS2, ISO 27001 and RGPD.
- Operational use of a GRC platform such as GRC CISO Assistant, OneTrust, ServiceNow GRC or Archer for control tracking.
- Strong written French, able to produce governance documentation; technical English for reports and vendor interaction.
- Change management skills, stakeholder influence without hierarchy and the ability to run risk workshops.
Languages
- French, C1 (written emphasis)
- English, B2 (technical)
Education
- Bachelor's degree in IT, information security, engineering or equivalent professional experience.