We are looking for experienced, energetic and aspiring individuals to reinforce our GRC Team.
Excellium GRC department Mission:
Excellium GRC Consulting Team provides advice to its clients in identifying, understanding and managing risk and helps ensure an appropriate balance between risks and opportunities. Our main services can be depicted under three pillars:
1. IT Governance – Establishing governance frameworks to achieve the ability to monitor and manage organization. Our motto is “You cannot manage what you don’t monitor.”
2. Risk – Establishing a sustainable and repeatable risk management program to identify organization assets, areas of concern, threats, vulnerabilities, inherent risk and residual risk.
3. IT Compliance – Providing manual and automated attestation services to determine point-in-time conformance with formalized predefined requirements, standards and regulations usually driven by governmental, contractual or internal requirements.
The IT GRC (Governance, Risk and Compliance) Consultant’s primary responsibility is to advise and support our clients in all aspects of information security management as well as business and regulatory compliance.
She/He must be able to establish and maintain an active communication with clients in order to manage expectations and ensure satisfaction.
Moreover she/he will generate new or unique solutions and embrace new ideas that help sustain our business.
She/He will demonstrate passion for the business and develop self and support others’ development to achieve full potential. This role requires to be a creative, goal oriented and organized individual.
Desired Skills and Experience:
Ø Between 3 and 8 years’ relevant professional experience in a professional services firm (advisory, large consulting player,.), ideally serving financial institutions
Ø University Degree (BAC+5 or equivalent) in Computer Science, Information Systems Administration or related discipline
Ø Experience implementing or auditing industry standards such as ISO 27001, PCI-DSS, etc.
Ø Experience building enterprise governance, risk, and compliance programs or driving the program’s evolution to meet new requirements
Ø Knowledge of local laws and regulations regarding IT and outsourcing matters (CSSF circulars, CNPD, etc.)
Ø Proven analytical skills and the ability to tackle problems systematically to determine causes and produce effective solutions
Ø Determine risk appetite and assess business impact of various threat scenarios
Ø Identify and define policies to meet risk and compliance goals
Ø Design, define and implement key controls that enforce policy
Ø Demonstrate compliance through appropriate procedures, validation systems, and reporting
Ø Knowledge of ISO standards, CobiT, COSO…
Ø Knowledge in IT Risk Management and Business Continuity Management
Ø Knowledge on information protection and data privacy (EU Privacy Laws, CNPD)
Ø Knowledge on Cloud security
Ø Certifications like CGEIT, CRISC, PRINCE 2, ITIL will be considered an added value
Ø You are fluent in French and English. German and Luxembourgish is an asset
In addition, one or more of the following certifications is preferred:
Ø Certified Information Systems Security Professionals (CISSP);
Ø Certified Information Security Manager (CISM);
Ø ISO/IEC 27001:2013 Lead Implementer;
Ø ISO/IEC 27005:2008 Risk Manager.
Ø You are organized, flexible and able to manage several tasks
Ø You are proactive, eager to learn and grow, and with strong communication and interpersonal, skills both internally and in client facing situations
Ø You are flexible, with the ability to learn quickly and leverage skills in new situations
Ø You strive to provide knowledge, ideas and solutions to improve client’s business and processes.
Ø You have strong analytical skills and a structured approach to problem-solving
Excellium will provide you with a start-up like atmosphere, working directly with clients, key decision makers and business owners across various industries. You will have the opportunity to move quickly along the learning curve and gain an in-depth knowledge.
A motivating salary package including:
Ø A company car
Ø Meal vouchers
Ø Insurance plan
Ø Extra-legal advantages
A personalized career management system including:
Ø A personal development plan
Ø A company culture that is characterized by open communication
Ø A regular contact with clients
Ø Several yearly trainings to meet your needs and those of the industry
Ø Participation on industry events