Risk & Control Advisor

Social network you want to login/join with:

Euroclear is a global critical financial market infrastructure company.

Strong IT Risk Management and Security are at the core of the company’s services, firmly embedded in their management systems and processes.

The Regulatory Watch, Policies and Controls team is part of the Cyber Information Security Office Division and is responsible for defining and implementing the policy and control framework to address key IT and Security risks, ensuring compliance with all relevant regulations and external requirements applicable to the group’s Technology organization.

Role

This role focuses on the security control framework, covering key security domains such as Identity & Access Management, Vulnerability Management, Security Monitoring and Incident Management, Platform, Network, and Application Security.

The Euroclear security control framework is based on ISO 27001/2 and CIS standards and is being implemented within the ServiceNow GRC platform. Your role involves defining and implementing controls during the change phase, as well as managing the framework during operational phases for continuous monitoring, evidence collection, and improvement.

You will help design, develop, and implement controls to address key risks and regulatory requirements across security domains, advising control owners and promoting a strong risk culture and control maturity in IT. Collaboration with security process owners, control owners, performers, and liaising with Risk Management and Internal Audit teams is essential.

You should have a strong risk-oriented mindset, excellent relationship-building skills, and a desire to contribute to the IT and Security Risk transformation. Effective communication and influencing skills are vital.

Requirements

• University Master’s degree or equivalent experience (education in computer science, engineering, or cybersecurity is a plus)
• 5+ years of experience in security risk and control environments, especially in controls design and implementation in large, multi-platform IT environments
• Good knowledge of Information Security Management Systems principles and security domains such as Identity and Access Management, Network Security, Vulnerability Management, Endpoint Security, Data Protection, and Security Incident Management
• Certifications like CISSP, CISM, GIAC are highly advantageous
• Experience with ServiceNow GRC or similar solutions is a strong asset
• Proficient in English (verbal, written, presentation)
• Possess a strong risk and control attitude with thoroughness to ensure high-quality work
• Excellent communication skills, teamwork, and diplomacy skills for effective collaboration
• Highly motivated, proactive, quick learner, with the ability to work under challenging priorities
• Analytical, risk-oriented, capable of breaking down complex situations and summarizing key information
• Ability to challenge and influence IT and Security professionals, gaining approval through sound arguments, persuasion, and assertiveness, up to middle management