Home
Jobs
Umicore
IT Security Risk and Compliance Manager

IT Security Risk and Compliance Manager

On site

Antwerp, Belgium

Full Time

12-03-2025

Share this job:

Score my CV Apply

Job Specifications

About Umicore

Reducing harmful vehicle emissions. Giving new life to used metals. Powering the cars of the future. As a global materials and technology group, we apply our specialist knowledge to offer materials and solutions that are needed to everyday life. We strive to be a clear world leader in materials for clean mobility and recycling and have turned our sustainability approach into an even greater competitive advantage. With ambitions like this, imagine what you could do?

About

About our Business Supporting Functions (IT and others)

A global organization. It’s not just those in our industrial sites and technical centres that are vital to Umicore’s growth. Across our business supporting functions we ensure that we continue to grow and evolve – whether it’s by making sure our decisions are commercially viable, enhancing our reputation, building new customer relationships or finding the right people who can build on what we’ve already achieved. The variety of our work means we cannot stand still. We need to find new ways to do things, discover new solutions and develop new ideas. Which is where you come in.

What You Will Be Doing

The IT Security Risk and Compliance Manager is responsible for driving on a daily basis the Umicore Information and Security Management System (ISMS) in compliance with the ISO/IEC 27001 standard. He/she ensures the quality and consistency of the Umicore ISMS, manages the different processes tracked within the ISMS and reports on the performance of the ISMS.

In the context of the ISMS, the IT Security Risk and Compliance Manager is responsible for leading and maturing the risk management processes for IT/Information Security, as well as actively raising the adherence to the Umicore IT Security policy framework and initiating and leading the efforts needed to be compliant with IT Security standards as defined by our customers or regulatory instances.

The IT Security Risk and Compliance Manager performs these roles in close collaboration with the CISO, the IT Security team and all operational and regional teams within the Information Systems department (IS), Corporate Security and other Corporate departments & SOF’s and Business ISMS Managers.

The IT Security Risk and Compliance Manager can be located in Brussels or Hoboken and reports to the Senior Manager IT License & Asset - IT Process Improvement.

Responsibilities

Information Security Management System (ISMS)
Drive the Umicore ISMS in compliance with the ISO/IEC 27001 standard, according to defined scope and objectives
Define, supervise and contribute to recurrent ISMS activities: e.g. ISMS Activity Calendar
Plan, prepare and conduct ISMS governance meetings on tactical level (ISMS Board) and operational level (ISMS Review)
Monitor open actions: e.g. Gap Tracker and Risk Treatment Register
Report on ISMS performance (e.g. ISMS Dashboard) and escalation matters to relevant governance bodies and obtain required outputs such as approvals, further escalations and actions to follow up.
Define, drive and contribute to continual improvements
Select and implement fit-for-purpose tools improving the effectiveness of the ISMS
Define, manage and contribute to ISMS scope extensions in close collaboration with BU ISMS Managers
Coordinate Internal and External Audit activities, and process outcome
Communicate about the ISMS to relevant stakeholders across Umicore
Act as sounding board for BU ISMS Managers

Risk Management
Organise, conduct or periodically review Risk Assessments according to the ISMS Risk Management Methodology and ensure strict consistency across the different Risk Assessments
Support and challenge Risk Owners in identifying risks and defining risk treatment actions.
Update and monitor the Risk Assessment files and the Risk Treatment Register and other documentation (e.g. evidences)
Further mature the risk management processes on operational and tactical level for IT/Information Security , and s upport the CIO/CISO on strategic level

Compliance Management
Manage the IT Security policy framework
Ensure IT Security policies reflect IT Security standards as defined by customers and regulatory instances
Collect and propose potential policy amendments
Align with relevant stakeholders about these changes and submit them for approval to the relevant governance bodies
Lead the periodic review of IT Security policies
Communicate about the IT Security policies and related updates
Inspire the IS organization and beyond to strive to adhere to the IT Security policies. This includes raising security awareness where needed.
Measure, analyse and report through (self-)assessments on the level of adherence to the IT Security Policies
Support and challenge IT Asset Owners/Managers and Control Owners in identifying gaps and corrective actions as well as support them in designing and implementing adequate controls.
Update and monitor the Gap Tracker including exceptions
Fulfil IT security questionnaires on request of customers or business partners
Contribute to assess the IT security posture of third parties
Watch for and assess IT Security standards (e.g. NIS2, TISAX, …) and PII legislations (e.g. GDPR, PIPL, PIPA, …) and as a result initiate appropriate actions/projects to ensure compliance
Who We Are Looking For

You hold a Master degree
You have at least:
10 years of experience in IT (Security)
5 years of experience in international and global organizations
5 years of management experience in a management position or as a senior project manager
3 years of experience in security risk assessments, risk management and security controls.
You have strong analytical and reporting skills
You have strong oral and written skills to translate complex risk requirements.
You are disciplined and methodological in your way of working
You have strong planning and coordination skills
You have a mature personality with excellent interpersonal skills
You are able to establish credibility with senior stakeholders
You have good presentation skills
You have knowledge and understanding of:
IT (networking, infrastructure layer, application layer, etc.) and IT Security.
IT (Security) operations and processes.
You have strong knowledge and understanding of :
Information Security standards (e.g. ISO 27001, TISAX)
PII legislations (e.g. GDPR)
Risk Management frameworks
MS office products
You are fluent in writing and speaking in English
You obtained professional certifications such as ISO27001 Lead Implementer, CISM, CRISC , or equivalent.
You keep yourself up-to-date on latest cyber and information security trends and threats

What We Offer

We aim to lead the way. Not just for our customers, but for our employees too. That is why we strive to create a collaborative environment in which we can all succeed, and a culture through which we can all share ideas, develop our expertise and advance our careers. As you would expect from a world-leading organization, we will also reward your contribution with a compe...

About the Company

We innovate from within and drive the science of change. You cannot see us, yet we are part of your everyday lives. We reduce harmful vehicle emissions, give new life to used metals, power the cars of the future... We believe in the power of materials technology to create sustainable value for people and planet., tackling the global trends of today and tomorrow. Our products and services accelerate the transformation to carbon free mobility, deliver the next-generation of advanced materials and drive the world towards a ci... Know more

Related Jobs

Company Name: Sparagus
Job Title: Security Engineer
Job Description: Job Overview We are looking for an External SecOps Engineer to join the Digital Solutions and Innovation (DSI) Infrastructure department. The successful candidate will be part of our infrastructure team, responsible for building and maintaining a stable and secure server, workstation, and network infrastructure. Our environment includes 3,000 servers, 9,500 workstations, and 4,000 network devices, supporting over 50 production lines. Key Responsibilities Analyze calls, tickets, and technical findings from our external central SOC, translating them into concrete actions for the infrastructure team. Work closely with cybersecurity team leaders, providing technical support for audits, assessments, penetration tests, and governance-related tasks. Drive the technical implementation of cybersecurity-related projects (both large and small). Actively monitor our cybersecurity products, platforms, and applications such as Active Directory, FortiAnalyzer, Nessus, and SentinelOne. Technical Profile Master’s degree or equivalent work experience. Knowledge or strong interest in security platforms and products such as SentinelOne, Darktrace, Nessus, and Fortinet products. Advanced knowledge of Windows operating systems (all server and client versions). Experience with Microsoft PowerShell and SQL Server queries. Knowledge of Active Directory Domain Services is a plus. Familiarity with modern IT technologies and infrastructure, including Windows Server, System Center, clustering, SQL Server, SAN, backup & restore, Hyper-V virtualization, Web Application Firewalls (WAF), Internet Information Services (IIS), Kerberos, NTLM, constrained delegation, certificates, encryption, SMB, etc. Strong analytical skills and a results-oriented approach. Soft Skills Strong communication and teamwork skills. Customer-oriented and responsible, with a business and IT mindset. Fluent in English and Dutch Basic knowledge of French is a plus. Must have a convenient commute to the work location.

Company Name: Sansaone
Job Title: Network Architect(SAN440)
Job Description: Job Description A Network Architect is responsible for designing, building, and managing complex network infrastructures. They ensure that the network supports the business’s operational needs, ensures high performance, security, scalability, and reliability. Network Architects often work closely with other IT teams to evaluate the current infrastructure, define network requirements, and implement technologies that align with business objectives. Responsibilities: Create comprehensive, reliable, and secure network infrastructures based on organizational needs. Monitor and optimize network performance by identifying and troubleshooting network issues. Ensure seamless communication and data flow. Deploy new network hardware and software, including routers, firewalls, switches, and load balancers. Design and implement security protocols to protect the network from cyber threats, unauthorized access, and potential breaches. Work closely with systems engineers, network engineers, and other departments to ensure network performance aligns with business goals. Technical Skills TCP/IP DHCP Firewalls AWS VPN SD-WAN Linux Python Bash Hiring Team Member Avula Srivalli Recruitment Coordinator LinkedIn Mail

Company Name: Sansaone
Job Title: Network Administrator (SN0570)
Job Description: Job Description We are looking for an experienced Network Administrator to design, maintain, and optimize complex networks while ensuring security, efficiency, and up-to-date system performance. The ideal candidate will have strong networking expertise, experience in security management, and the ability to troubleshoot technical issues effectively. Key Responsibilities Design, maintain, and optimize complex network infrastructures to ensure high availability and performance. Secure and update networks and systems, implementing best practices for firewalls, VPNs, and monitoring solutions. Manage relationships with hardware and software suppliers, negotiating contracts and ensuring service quality. Control and manage access rights to protect sensitive information. Resolve network and system issues for employees and users, providing expert technical support. Set up and manage server rooms and IT installations, ensuring optimal operation and security. Advise management on network-related decisions and recommend improvements for efficiency and security. Monitor network performance, proactively identifying and responding to new challenges and opportunities. Maintain documentation and administration of ICT resources, ensuring accurate inventory and compliance. Required Skills & Qualifications MBO 3 or 4 diploma in IT management or a related field. 5+ years of experience as a Network Administrator in an enterprise or complex IT environment. Strong knowledge of network management, including BGP, OSPF, and other routing protocols. wireless networking technologies firewalls, IPAM, RADIUS, load balancers, VPNs, and IPv6. troubleshooting network issues, security threats, and infrastructure problems. Experience in project-based migration and ICT implementation. Strong communication skills Preferred Skills monitoring solutions and performance optimization. cloud-based networking solutions and hybrid environments. Languages English Dutch Hiring Team Member Avula Srivalli Recruitment Coordinator LinkedIn Mail

Company Name: Microsoft
Job Title: Technology Specialist - Data Security
Job Description: Are you insatiably curious and do you lean into uncertainty, take risks, and learn quickly from? Are you passionate about cybersecurity and compliance? Do you enjoy working on a high-performing, fast-paced sales team? Are you insatiably curious and do you lean into uncertainty, take risks, and learn quickly from your mistakes? Are you ready to join the team that is at the leading edge of innovation at Microsoft?  If so, we are looking for you! The Microsoft Security organization’s mission of making the world a safer place has never been more important. As threats become more frequent and sophisticated, we must work to keep our customers safe through our Security Solutions. The Solution Specialist Unit team within the Microsoft Security organization is at the forefront of this effort, engaging directly with customers to contribute to their success. The Data Security & Compliance Solutions Technical Specialist is a critical role in the cloud computing ecosystem, particularly within the context of Microsoft Purview. As organizations increasingly migrate to the cloud, the demand for professionals who can navigate the complex landscape of data governance and compliance is at an all-time high. In this role, one must possess a deep understanding of both the technical and regulatory aspects of cloud services. The specialist ensures that customers' cloud initiatives are in strict adherence to compliance standards, thereby fostering trust and security. The responsibilities of a Compliance Technical Specialist extend beyond mere compliance checks. They involve active engagement with various stakeholders to impart the importance of data governance and to demonstrate the capabilities of Microsoft Purview and other Microsoft Security Solutions portfolio. This includes conducting detailed demonstrations, crafting proof-of-concept models, and providing technical guidance to ensure that customers fully grasp the value of robust data management and compliance tools. In essence, the Compliance Technical Specialist acts as a catalyst for secure and compliant cloud adoption, enabling organizations to leverage the full potential of Microsoft Purview. By ensuring that data governance policies are properly implemented and maintained, they play a pivotal role in protecting data integrity and facilitating a responsible and compliant approach to cloud computing. This, in turn, empowers organizations to innovate and grow, secure in the knowledge that their cloud infrastructure is both powerful and compliant. Responsibilities Customer and Regulator Issue Management Own assigned customer and regulator issues associated with cloud regulatory compliance, privacy, data location, and other common issues. Work with the virtual team (vTeam) to address customer issues and regulatory requirements. Standardization and Documentation Standardize compliance solutions into repeatable approaches. Prepare excellent documentation that exists at the intersection of regulatory requirements and technical features. Handle proactive projects related to compliance, privacy, regulatory affairs, or data governance as assigned. Customer Engagement and Technical Wins Scale customer engagements by remediating blockers and ensuring technical wins for end-to-end Microsoft Security and adjacent technologies. Engage with customers proactively and independently. Use knowledge of customer context, solution or portfolio expertise, and technical and industry knowledge to build credibility with customers as a trusted advisor for Microsoft Security and Compliance. Data Governance and Compliance Solutions Engage with customers and prospects to understand their data governance and compliance challenges and requirements and propose Microsoft Purview as a solution. Deliver technical presentations, demos, and workshops to showcase the capabilities and benefits of Microsoft Purview. Design and implement proof-of-concepts and pilots using Microsoft Purview to demonstrate its value and alignment with customer needs. Provide technical support and guidance to customers during their adoption and deployment of Microsoft Purview, and troubleshoot any issues or challenges they may face. Build and maintain relationships with key customer stakeholders and decision-makers, acting as their trusted advisor and advocate. Collaboration and Field Feedback Collaborate with sales, pre-sales, and delivery teams to ensure a smooth and successful customer journey from opportunity to closure to renewal. Partner with product and engineering teams to provide feedback and insights from the field, influencing the roadmap and direction of Microsoft Purview. Stay updated on the latest trends and developments in the data governance and compliance domain, sharing best practices and learnings with the broader technical community. Scaling Through Partners and Strategy Development Engage in partner sell-with scenarios and support partner technical capacity. Contribute to Microsoft Security strategy development, shape strategic win plans, and tailor Microsoft messaging to the audience for compliance opportunities. Solution Design and Proof Demonstrate and oversee demonstrations, present and apply architecture patterns, prove capabilities and integration into customer environments, and drive cross-workload support for Microsoft solutions for compliance. Coach the team in addressing customer digital transformation and leveraging insights to align new or changing technology to customer compliance needs. Qualifications Requirments: Have proven data security and compliance background Background as a DPO/Compliance Officer Due to specific requirements of the job language fluency in Dutch would be of advantage. Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.