Cyber Security Manager

We are seeking a Cybersecurity GRC Manager to join our client in Brussels, responsible for driving governance, risk, and compliance initiatives across the organization. This role will play a critical part in strengthening the company’s cybersecurity posture by ensuring robust governance frameworks, effective risk management practices, and adherence to industry standards and regulatory requirements.

Key Responsibilities

• Cybersecurity Governance
• Define, implement, and continuously improve cybersecurity governance frameworks, policies, standards, and procedures aligned with industry best practices.
• Ensure security governance is embedded across business and IT processes.
• Maintain alignment with enterprise security strategy and regulatory requirements.
• Risk Management
• Lead end-to-end cyber risk management activities, including identification, assessment, treatment, and monitoring of risks.
• Maintain and continuously update the enterprise risk register.
• Perform risk analysis for new projects, systems, vendors, and changes in the environment.
• Define and track risk mitigation plans in collaboration with technical and business stakeholders.
• Compliance & Regulatory Management
• Ensure compliance with key security and privacy frameworks such as ISO 27001, NIST Cybersecurity Framework, SOC 2, and applicable EU/regional regulations (e.g., GDPR where relevant).
• Support readiness for certifications, audits, and regulatory inspections.
• Translate compliance requirements into actionable security controls and processes.
• Audit & Assurance
• Coordinate internal and external security audits end-to-end.
• Act as the main point of contact for auditors and ensure timely provision of evidence.
• Track audit findings, ensure remediation plans are defined, and follow up on closure.
• Third-Party Risk Management
• Oversee security assessments of suppliers, vendors, and external partners.
• Define and enforce third-party security requirements and contractual obligations.
• Monitor ongoing vendor risk and ensure continuous compliance.
• Reporting & Stakeholder Management
• Develop and present executive-level dashboards and reports on cybersecurity risk, compliance posture, and key metrics.
• Communicate risk posture clearly to both technical and non-technical stakeholders, including senior leadership.
• Support decision-making by providing clear risk-based recommendations.

Required Skills

• 7–10 years of professional experience in cybersecurity, with strong focus on GRC
• Fluent in English and Dutch
• Solid hands-on experience in:
• Cyber risk assessments and risk management frameworks
• Compliance frameworks such as ISO 27001, NIST, SOC 2, etc.
• Strong ability to engage and manage senior stakeholders across IT and business functions
• Excellent communication, reporting, and documentation skills
• Strong analytical mindset with attention to detail and structured thinking

Nice to Have:

• Experience in the railway or transportation sector, or similarly regulated industries
• Relevant certifications such as:
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Implementer / Lead Auditor
• Experience working in large enterprise or multi-stakeholder environments
• Familiarity with audit-heavy or highly regulated environments

Please note that applicants must have the right to work in Belgium, as sponsorship is not available