Head of IT Operational Security Manager & Access Management

Candriam

Brussels, Belgium

Responsibilities

The OSM will be responsible for defining, implementing, and maintaining security measures to protect our information systems and data.

This role requires a strategic thinker who can provide expert advice, manage security operations, and lead incident response efforts.

Key Responsibilities:

Team Management: Manage an autonomous team of 6 people: Ensure continuity of service and continuous improvement of products;
Manage resources, capacities, budget and planning while respecting the policies and processes in place.
Security Governance: Oversee security governance and ensure compliance with corporate policies;
Define and manage the Security Assurance Plan.
Risk Management: Identify security risks and develop mitigation strategies;
Provide strategic advice and alert on security risks related to the information system.
Access Control: Manage and control logical access to information systems;
Ensure robust identity and access management practices are in place.
Security Monitoring and Incident Response: Conduct continuous security monitoring and manage vulnerabilities;
Lead the externalized Security Operations Center (SOC) and oversee the security incident management process;
Communicate effectively with clients and business units regarding security incidents and responses.
Project Management: Lead and execute projects related to security incident detection and response, including SOC evolution, log centralization, vulnerability scans, Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), and Security Information and Event Management (SIEM);
Participate in infrastructure security projects.
Compliance and Audits: Support external audits and ensure compliance with relevant security standards and regulations;
Promote security awareness and conduct training sessions for staff.

Profile

Graduated from an engineering school or equivalent;
5 years at least of experience as an OSM and at least 10 years of experience in Information Systems Security and cybersecurity.

Technical Skills:

Ability to manage priorities and risks;
Deep understanding of information systems security concepts and best practices;
Knowledge of network security protocols, cryptography, and identity management;
Competence in incident response and risk analysis;
Experience with security tools (SIEM, IDS/IPS, antivirus, vulnerability management, etc.);
Mastery of strategic security planning;
Knowledge of security standards and regulations;
Proficiency in IT security technologies;
Knowledge of CERT;
ISO27001 Lead Implementer, ISO27005 Risk Manager certification.