IT & Cyber GRC Technical

Nexeo Belgium supports leading organizations in the banking, finance, insurance, and public sectors throughout their most critical transformation, risk, and cybersecurity initiatives.

We are currently looking for a IT & Cyber GRC Technical Consultant who wants to shape, evolve, and drive Governance, Risk and Compliance practices in a complex, regulated financial environment.

Why this role matters

You will join a mature IT & Cyber GRC practice supported by a centralized GRC platform, where your expertise will directly impact:

• Cybersecurity governance and risk management
• Regulatory compliance and audit readiness
• User adoption, operational excellence, and decision-making quality

This role goes beyond execution. You will challenge existing processes, influence key stakeholders, and drive meaningful change at both local and Group level.

Your impact

As an IT & Cyber GRC Technical Consultant – Expert, you will:

Shape and evolve GRC

• Design, improve, and operationalize Agile GRC processes aligned with regulatory requirements and Group standards
• Drive GRC tool evolutions from requirements to production, with a strong focus on quality and user experience
• Simplify complex GRC processes while preserving critical control interdependencies

Lead change and stakeholders

• Translate regulatory, business, and Group requirements into pragmatic, scalable GRC solutions
• Act as a trusted advisor for IT, Cyber, Risk, and business stakeholders
• Influence and contribute to Group-level GRC programs
• Lead Features, Opuses, and User Stories while managing cross-team dependencies

Enable users and decision-makers

• Design dashboards and reporting that support risk-based decision-making
• Onboard teams, deliver training, and maintain high-quality documentation
• Facilitate agile ceremonies to ensure transparency and alignment

What you bring

Experience and expertise

• Minimum 5 years of experience in IT & Cyber GRC, cyber risk, compliance, or control frameworks
• Strong cybersecurity foundation and understanding of corporate IT risk landscapes
• Proven experience in process design, stakeholder management, and consulting environments

Technical strength

• Solid IT background
• Hands-on experience with cloud services (SaaS, AWS, Microsoft 365, HSP)
• Knowledge of secure software development practices, OS and network security, PAM, and containerization
• Working experience with a GRC suite (ServiceNow GRC is a strong asset)

Regulatory and business knowledge

• Strong knowledge of security and risk frameworks (ISO 27001, NIST, SOC, OWASP)
• Familiarity with regulations such as GDPR, DORA, PSD2, EBA guidelines, PCI-DSS
• Experience in financial services or large corporate environments

Languages

• English: Fluent
• French: Fluent
• Dutch: an asset