Information Technology Risk Manager

Job Description - Roles and Responsibilities

Context

• Role within UCB's Cybersecurity, Governance, Risk, and Compliance team

• Main objective: Achieve ISO 27001 certification for UCB Belgian entities, in line with NIS2 directive

• Team size: ~8 (risk management, governance/compliance, metrics/KPIs, program manager)

• The GRC Officer will join the governance and compliance sub-team

• Focus on ISMS (Information Security Management System) processes and documentation (ISO 27001 & 27002)

• Support exception management and GRC tool operations

Typical Day:

• Create and maintain ISMS documentation based on ISO 27001:2022

• Execute and follow up on ISMS activities (PDCA cycle)

• Support compliance and exceptions management processes

• Assist with GRC tool management (organizational and change management, not coding)

• Guide stakeholders through processes, provide operational support, and interact with various teams

• Prepare documentation, monitor objectives, follow up with stakeholders, and manage registers (risk, controls, exceptions)

Years of Experience

• Minimum 3 years' experience with ISO 27001 implementation and related activities

• Target profile: 3–8 years of relevant experience

Must Have:

• Proven experience with ISO 27001/27002 implementation

• Independent in ISO knowledge and processes (minimal day-to-day coaching required)

• Strong organizational skills

• Tech-savvy (comfortable with Excel and other tools)

• Excellent communication and stakeholder management skills

• Fluent in English (documentation, meetings, and tools are in English)

Ideal Candidate

• ISO 27001:2022 Lead Implementer certification

• Familiarity with UCB DT operating model and stakeholders

• Experience in large corporate/global environments

• ECB/UCB experience is a plus (not mandatory)

Nice to Have

• Experience with GXP/quality systems (pharma context)