Deloitte is a world leading professional services firm, providing accounting and auditing services, management consulting and legal and tax advice. In Belgium we are the largest professional service provider. Our offices offer services to multi-national and large organisations, public institutions and innumerable small, fast-growing companies. Thanks to a strong regional presence and our multi-disciplinary approach, we are ideally placed to meet the requirements of a wide range of public institutions and small and large companies.
Our Deloitte Services & Investments (DSI) organization is a service provider to the business units, enabling their work. Our expertise covers IT Services, Finance, Human Resources, Facilities & Procurement, Legal services, Marketing & Communications, Clients & Markets, as well as Risk services.
The IT Security Compliance Officer (ITSCO) is part of the DSI IT team. You will take care of information security governance and create support to increase the security awareness. You maintain contacts with management, employees and internal customers.
You report to the CISO of Deloitte Belgium and take part in the periodic Security Management meetings, including, but not limited to ISMS-forum, Security Advisory Boards and competence center.
As the ITSCO you are responsible for the security of enterprise data that is processed by corporate information systems. Furthermore, you ensure that all systems are compliant with internal and external regulations. In this role, the IT Security Compliancy Officer develops and implements security standards and procedures and monitors compliancy against them. Through risk assessments, you monitor the enterprise risks and propose solutions to ensure a secure IT environment.
During projects, you will be involved in system design and implementation to manage the security related aspects.
The ITSCO reports directly to the CISO.
The ITSCO is responsible for:
- Ensure the confidentiality, integrity and availability of the automated information provision of Deloitte and the systems managed by DSI IT;
- Formulate the security guidelines, in accordance with the security policy of Deloitte;
- Monitor and evaluate the implementation of the security policy, by means of audits, within the Deloitte frameworks;
- Follow-up on the effectiveness of information security controls for vendors;
- Manages the development and delivery of IT security standards, best practices, architecture and systems to ensure information system security across the enterprise;
- Enforce security policies and procedures by administering and monitoring security profiles, reviews security violations reports and investigates possible security exceptions, updates and maintains and documents security controls;
- Responsible for the implementation and integration of risk management procedures across the enterprise, based on thorough understanding of key IT services that must be maintained to reduce financial loss and critical customer service capability;
- Manages and participates in the planning and implementation of security administration for all IT projects;
- Conducts risk assessments and identifies risk themes;
- Implements processes and methods for auditing and addressing non-compliance to information security standards;
- Monitors and analyses technology risk trends;
- Possesses detailed knowledge of industry regulatory environment and risk management practices;
- Ensures monitoring and testing of business continuance procedures;
- Responsible for evaluation and selection of security applications and systems;
The tasks of the ITSCO include:
- Maintain the security guidelines, in accordance with the security policy of Deloitte;
- Initiate and monitor projects on security architecture and provide the administrative information;
- Record and analyse incidents and ensuring that the right measures are taken in time;
- Execute security tests on the physical and digital environment;
- Prepare risk analyses and improvement plans and implementing them together with the "security team";
- Play a key coordination role in the Information Security Management System (ISMS) and identification and follow-up of mitigating activities
- Play a key coordination role in reviewing internal Confidentiality & Privacy Risk Assessments from an information security point of view;
- Play a key coordination role in the review and follow-up of IT related mitigation actions for GDPR;
- Respond to client information security questionnaires;
- Identify risks in the cyber and physical security landscape;
- Execute (or have carried out) standards relating to information security;
- Determine or allow policies to be set in conjunction of the global organisation and the NWE member firm;
- Minimal 5 years of IT work experience with a broad range or exposure to all aspects of business planning, systems analysis and application development;
- Knowledge of IT infrastructures;
- Certified or prepared CISM / CISA;
- Ability to communicate security issues to both technical & business personnel;
- Ability to multi-task, prioritize work and work independently;
- Familiarity with ISO 27001/ISO 27002, NIST and other recognized information security standards;
- Bachelor degree in Computer Science, Information Systems or other related field;
- Advanced knowledge of IT processes;
- Good analytical skills;
- Good written & verbal communication - and presentation skills;
- Eager to follow the industry and technology trends;
- Fluent in English and Dutch or French.