Trabajar de gestor de seguridad de TIC/gestora de seguridad de TIC en Luxemburgo

Your role – Are you ready for a challenge?

The IT Governance and Risk Manager plays a critical role in advancing our IT department. This position is pivotal in defining, implementing, and maintaining robust IT governance frameworks and controls, especially during significant application updates. The role involves facilitating the development, implementation, documentation, and review of IT policies, procedures, processes, programs, and practices to ensure operational efficiency and continuous compliance with organizational and industry laws, regulations, and frameworks.

The IT Governance and Risk Manager serves as a key representative for IT governance, working across all organizational functions to ensure comprehensive control over areas such as policies and procedures, application security, identity and access management, and data protection. This position is a vital member of the IT Executive team and collaborates closely with the IT Director, other IT Executive team members, and IT team leaders.

Your responsibilities will be as follows:

1. Policy Management:

    Develop, improve, and maintain a comprehensive IT policy library that aligns IT procedures, guidelines, and standards with approved company policies.

    Ensure that policies are regularly updated to reflect changes in technology, business processes, and regulations.

2. Standard Operating Procedures (SOPs):

    Manage and disseminate documentation of standard operating procedures for IT, ensuring alignment with best practices and organizational objectives.

    Collaborate with various IT teams to ensure SOPs are practical, relevant, and adhered to.

3. Application and Asset Management:

    Enhance and maintain the application inventory system as the authoritative source of record for approved business applications.

    Define and govern application ownership and assign application-specific responsibilities using tools such as a RACI matrix.

    Redefine the asset classification structure and establish procedures for asset and license inventory management. Coordinate with relevant teams for execution.

4. Audit and Compliance:

    Lead coordination with internal and external audits, supporting testing, walkthroughs, and process reviews for audit, risk, and compliance initiatives.

    Centralize IT internal and external audit requests, ensuring timely delivery of expected deliverables.

5. Risk Management:

    Manage the IT risk registry, ensuring that risks are identified, documented, and mitigated effectively.

    Lead investigations into internal issues/events, coordinate risk mitigation efforts, and provide compliance recommendations.

6. Data Privacy and Protection:

    Oversee the IT-specific application of the company's data privacy program, ensuring compliance with applicable laws and regulations.

    Provide situational awareness and guidance to relevant stakeholders and committees regarding data protection and privacy matters.

7. Performance and KPI Management:

    Collaborate with team leaders to define KPIs, track progress on defined objectives, and initiate interventions when necessary.

    Prepare regular reports for senior management on IT governance, risk, and compliance status.

8. Stakeholder Engagement:

    Engage with various stakeholders, including senior leaders and executives, to build consensus and drive change.

    Clearly communicate risk and compliance issues in a manner that is understandable and actionable for business and technical audiences.

Your profile – Have you got what it takes to become our IT Governance & Risk Manager?

    Required

        Master's Degree in Business, Computer Science, Information Systems, Engineering, or a related field, or equivalent work experience

        At least 5 years of relevant experience in IT risk management with a mature understanding of Information Technology

        Proven experience in people management with demonstrated leadership and coaching abilities

        Experience evaluating the design and effectiveness of IT controls

        Proven track record of planning, organizing, and developing IT compliance initiatives

        General ability to pull data from database tables, database views, application sources, and other data stores for compliance reporting purposes

        Strong understanding of IT regulations and ordinances, including familiarity with frameworks such as ISO 27001, NIST, COBIT, etc.

        Excellent understanding of project management principles, with experience in tools such as Agile, Scrum

        Critical thinker with an analytical and problem-solving mindset, capable of synthesizing large amounts of data quickly for consumption by multiple stakeholders

        Detail-oriented, self-motivated, and disciplined, with excellent time management skills

        Ability to take initiative and ownership with a focus on continuous improvement

        Excellent written and oral communication and presentation skills for leadership, technical, and business audiences

        Fluency in English (spoken & written) is mandatory; additional spoken languages are an added value.

    Additional Assets

        Certifications:

            Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) certifications are a plus.

            Additional certifications in IT governance or risk management would be advantageous.

        Experience:

            Experience in working within highly regulated industries such as finance, healthcare, or government.

            Familiarity with emerging technologies and their potential risks, such as cloud computing and AI.

        Technical Skills:

            Familiarity with IT governance and risk management software/tools.

            Experience in implementing cybersecurity measures and data protection strategies