IT & Cyber Risk Management Advisor-Expert
Context: BNP Paribas Fortis GRC supports IT & Business to identify, manage, and reduce IT & Cyber operational risks across assets/applications, projects, Agile Tribes/Squads, Shadow IT, and third parties—aligned with BNP Paribas Group policies.
Responsibilities
- Perform and QA IT & Cyber risk assessments (assets, projects/changes, Agile constructs, Shadow IT, third parties/cloud).
- Drive the full risk lifecycle: create → assess → treat → monitor → close; challenge quality, evidence, and remediation plans.
- Advise IT/Business stakeholders on risk-based decisions and control implementation.
- Report key risks, treatment status, trends, and overall risk posture to Management/Cyber Security.
- Improve risk methods/tools using field feedback and Group best practices.
Must-have requirements
- Master’s degree (or equivalent).
- 8+ years experience in IT/Cyber with strong technical background.
- Experience linking ISMS and IT Risk processes.
- Knowledge of control frameworks and audit methods (e.g., ISO/NIST/COBIT/ITIL concepts).
- Strong cloud exposure (SaaS, hosting providers, AWS or similar).
- Secure SDLC best practices + operational IT processes (release/change/incident/testing).
Preferred
- Banking/regulatory environment experience.
- Certifications: CISSP / CISM / CIPP / CCSK.
Languages & working mode
- English + at least one local language (Dutch/French a plus).
- Hybrid: 50% on-site / 50% remote.
Soft skills
Autonomous, proactive, structured, strong communication, analytical, control-minded yet pragmatic, results-oriented.
What's next?
The people who do well here are the ones who saw themselves in this description. Not because they match every line, but because the mission felt right for them.
We are actively hiring for this position. Applications are reviewed by our team, and matching profiles receive a call to discuss the role in detail.