Gentis
Gentis
Accueil

JobsMissionsMédiaÉtudes de cas
Contactez-nous à tout moment via
hello@gentis.com

Nos dernières offres

Rechercher une opportunité par mot-clé

Security Solution Analyst - GRC Cybersecurity

30/10/2024
PermanentSaudi ArabiaOn site17000 SR21000 SR
Lien copié
Description du poste

A leading organization in Saudi Arabia is seeking a Cybersecurity Compliance Officer to join their GRC team. The role focuses on developing and maintaining security governance frameworks, policies, and procedures to ensure alignment with regulatory requirements. The candidate will drive compliance with national cybersecurity regulations, data protection laws, and international security standards.


Key responsibilities include monitoring regulatory compliance, conducting internal security assessments, managing GRC technology platforms, and coordinating external audit engagements. The position requires regular reporting to GRC leadership and supporting organizational certification initiatives.


The ideal candidate will have experience in implementing and maintaining comprehensive security compliance programs while ensuring adherence to industry and regulatory requirements.


Detailed Responsibilities:

  • Develop and maintain comprehensive cybersecurity governance frameworks, policies, and procedures ensuring alignment with regulatory requirements, including NCA controls.
  • Drive compliance with key security standards and regulations including PDPL, ISO 27001, and other applicable frameworks. Monitor and implement emerging requirements.
  • Perform technical security reviews of system configurations, network architecture, and control implementations to validate compliance and security best practices.
  • Lead internal security assessments and compliance reviews to identify and remediate control gaps.
  • Implement and administer GRC automation platforms to enhance compliance monitoring efficiency and reporting capabilities.
  • Design and oversee control attestation procedures, working with control owners to validate and document control effectiveness.
  • Develop and execute third-party security assessment program to evaluate and monitor vendor security practices.
  • Generate regular security status reports for GRC management. Effectively communicate security risks, issues and recommendations to key stakeholders.
  • Manage external audit engagements and certification processes to ensure successful outcomes and continued compliance.
Description du profil

Key Competencies:

  • Information Security Governance: Advanced knowledge of security frameworks, policies, and strategic integration of security with business operations. Strong understanding of cyber resilience principles.
  • Regulatory & Standards Expertise: Comprehensive understanding of data protection laws, international security standards (ISO), and industry regulations. Ability to interpret and apply evolving requirements.
  • Technical Security Knowledge: Proficiency in assessing system security configurations, network architecture, and control implementations. Deep understanding of security best practices.
  • Security Assessment: Expert capability in conducting security assessments and compliance reviews. Strong analytical skills in control effectiveness evaluation.
  • GRC Technology: Advanced knowledge of GRC platforms and automation solutions. Expertise in optimizing compliance monitoring and reporting processes.
  • Control Framework: Deep understanding of control validation procedures and attestation processes. Knowledge of control documentation best practices.
  • Third-Party Security: Expert knowledge of vendor security assessment methodologies and supply chain risk management principles.
  • Strategic Communication: Strong ability to articulate complex security concepts to various stakeholders. Excellence in security status reporting and presentation.
  • Audit Management: In-depth knowledge of external audit and certification processes. Strong understanding of audit evidence requirements and remediation approaches.
  • Policy Architecture: Expert understanding of control frameworks and their relationship to organizational policies. Proficiency in mapping security requirements to operational controls.


Core Responsibilities:

  • Information Security Governance: Develop and oversee security frameworks, policies, and procedures aligned with business objectives. Integrate security strategy with operations to maintain business continuity and cyber resilience.
  • Regulatory & Standards Management: Ensure adherence to data protection laws, international security standards (ISO), and industry regulations. Monitor evolving requirements and update security practices accordingly.
  • Technical Security Oversight: Assess and validate system security configurations, network architecture, and control implementations against security requirements and industry best practices.
  • Security Assurance: Lead internal security assessments and compliance reviews. Evaluate control effectiveness and drive continuous improvement initiatives.
  • Technology & Process Optimization: Implement and manage GRC platforms and automation solutions to enhance compliance monitoring and reporting efficiency.
  • Control Management: Design and maintain control validation procedures, ensuring proper documentation and attestation from control owners.
  • Third-Party Risk Management: Develop and execute vendor security assessment programs. Evaluate and monitor external partner security postures to manage supply chain risks.
  • Stakeholder Management: Deliver regular status updates to GRC leadership on security posture and program effectiveness. Drive clear communication channels with key stakeholders.
  • Audit Coordination: Support external audit engagements and certification processes. Partner with auditors and internal teams to facilitate successful outcomes.
  • Policy Framework Administration: Maintain unified control framework mapping security requirements to organizational policies. Establish clear relationships between policies, standards, and operational controls.


Education & Professional Certifications:


· Advanced degree in Computing/Technology field (Bachelor's/Master's in Computer Science or related)

· Governance, Risk & Compliance certification (ISC2 GRC)

· CISSP (Certified Information Security Professional)

· CISA (Certified Information Systems Auditor)

· Security Controls Framework certification (SANS SEC566)

· OSCP (Offensive Security Certified Professional)

Lien copié

Opportunités similaires

ICT
08/07/2025

Développeur Backend Laravel Sénior

En tant que Développeur Backend Laravel Sénior, le poste implique d’être pleinement investi dans la conception, l’implémentation et l’optimisation de la plateforme applicative. Tu t’attacheras à développer de nouvelles fonctionnalités, tout en perfectionnant celles déjà existantes pour garantir une performance optimale.Participer activement au cycle de développement, du découpage du backlog jusqu’aux mises en production en mode sprint.Coder des modules complexes en reliant les problématiques métiers et l’architecture technique.Maintenir et améliorer la qualité du code, et appliquer rigoureusement des tests unitaires et fonctionnels avec PHPUnit.Diffuser et formaliser les bonnes pratiques de développement au sein de l’équipe technique.Interfacer et sécuriser les échanges d’informations à l’aide d’API REST et d’authentification OAuth2.Utiliser la stack technique composée de Laravel/PHP, MySQL, Docker, GitLab CI/CD, Jira et AWS, avec une expertise attendue sur le développement de packages Composer, le stockage de données (ElasticSearch) et l’architecture event sourcing.Collaborer dans un environnement d’intégration et de livraison continue (CI/CD) et sur des problématiques DevOps liées à l’infrastructure cloud et au déploiement.Contribuer à l’évolution technique de l’équipe, tout en participant au maintien d’un environnement de travail convivial et innovant.

Fixed termBelgiumOn site
ICT
07/07/2025

Medior Full-Stack Developer & Tech Lead (NextJS, Supabase, TypeScript)

Functieomschrijving:Bijdragen aan de ontwikkeling van een moderne NextJS-toepassing die gebruikmaakt van Supabase, Deno en TypeScript, met een focus op zowel frontend- als backendwerkzaamheden.Geleidelijk het technisch leiderschap overnemen en de richting bepalen van het project, inclusief het maken van beslissingen over architectuur en technologieën.Verantwoordelijkheid nemen voor de full-stack ontwikkeling, waaronder het ontwerpen, implementeren en onderhouden van microservices en het opzetten van databasemodellen (bij voorkeur PostgreSQL).Binnen een team in Gent (Zwijnaarde) werken, waarvan drie tot vijf dagen per week op kantoor, in nauwe samenwerking met collega’s.Actief communiceren over technische keuzes, vooruitgang en de visie voor het project, zowel in het Nederlands als het Engels.Verantwoordelijkheden:Nieuwe functionaliteiten uitdenken en ontwikkelen voor het platform.Architecturale beslissingen nemen met betrekking tot microservices en schaalbaarheid.Onderhouden en verbeteren van bestaande codebase met TypeScript en JavaScript.Beheren van client-server communicatie en (optioneel) bijdragen aan productmanagementtaken.Zorg dragen voor actuele kennis van recente technische ontwikkelingen.Wij bieden:Een jong, dynamisch team.Flexibiliteit in werktijden en zelfstandigheid in het uitvoeren van taken.Beschikking over een bedrijfs-laptop (MacBook).

Fixed termBelgiumOn site
ICT
07/07/2025

Expert(e) Analyse de Risques Cybersécurité (Mission)

RESA recherche un(e) Expert(e) Analyse de Risques de Cybersécurité pour accompagner la mise en conformité aux directives NIS 2 et Cyber Resilience Act (CRA).Mission d’une durée initiale de 5 mois et demi, renouvelable. Travail partiellement possible en télétravail après une période d’adaptation, avec une présence requise sur le site de Liège au moins 4 jours/semaine.Réalisation et revue d’analyses de risque cybersécurité en conformité avec NIS 2 et CRA, en s’appuyant sur une solide expertise technique.Identification des vulnérabilités techniques, incohérences d’architecture, points de défaillance uniques, faiblesses de redondance et des dispositifs de secours.Analyse des impacts techniques et organisationnels sur les métiers, la continuité d’activité (BCM) et la sécurité de l’information.Formulation de recommandations concrètes visant à renforcer la sécurité, la résilience et le respect des cadres réglementaires applicables.Appui technique transversal pour relier exigences métiers, architectures informatiques, et enjeux de résilience, en binôme avec un spécialiste gouvernance et métier.Les activités quotidiennes comprennent l’évaluation et la gestion des vulnérabilités, la gestion de la sécurité des endpoints, ainsi qu’une participation active aux échanges en français et en anglais pour garantir la robustesse des analyses et des livrables en contexte international.

Fixed termBelgiumHybrid
ICT
07/07/2025

Security Architect – DevSecOps & SSDLC

Position Overview: The Security Architect – DevSecOps & SSDLC plays a critical role in ensuring that security is seamlessly integrated at every stage of the software development lifecycle, from initial design through deployment and ongoing management. This role directly supports a large-scale initiative to enhance data exchange standards and develop a centralized system within a liberalized energy market.Embed Security by Design and Security by Default: Proactively integrate robust security principles and controls from the outset of software design and throughout feature development.Champion Security Across CI/CD: Ensure that security remains a continual focus across the entire CI/CD pipeline as well as the broader software development lifecycle, applying best practices and innovative solutions.Support Compliance and Cyber Resilience: Oversee and maintain compliance with regulatory and industry standards, while ensuring the project’s resilience to cyber risks and threats.Contribute to Strategic Initiatives: Participate in and provide security expertise to initiatives aimed at improving data exchange and creating scalable solutions for the evolving energy sector.Technical Expertise: Apply advanced knowledge in DevSecOps, Secure Software Development Lifecycle (SSDLC), and tools integration—particularly within Azure DevOps and, where relevant, other platforms such as CircleCI, integration or endpoint security solutions.Security Testing and Evaluation: Lead and execute security assessments and integration testing, applying automated tooling to monitor and enhance the security posture of platforms supporting development teams.Advise on Identity & Access Management: Take ownership of identity and access management security aspects for systems, supporting secure architecture decisions and implementations.Required Linguistic Skills: Advanced written and spoken proficiency in English and either French or Dutch; strong knowledge of the second national language is highly desirable.Education: Bachelor’s or Master’s degree preferred.

Fixed termBelgiumHybrid
Engineering
02/07/2025

Project Manager – High & Medium Voltage

Day-to-day responsibilities:Manage multiple high and medium voltage projects valued between €500,000 and €10 million, under the guidance of a senior project manager.Oversee projects from the pricing phase—including quotation requests and contract signing—through successful completion and delivery.Coordinate and supervise execution, ensuring safety, quality, financial targets, and timely delivery are met.Prepare project offers, negotiate with clients, suppliers, and subcontractors, and ensure effective contract management.Generate regular financial progress reports for management, identifying risks and opportunities.Lead and guide teams of supervisors and technicians, fostering strong teamwork in daily tasks and project challenges.Collaborate closely with engineering teams to develop appropriate technical concepts for each project.Organize planning meetings with project managers and supervisors to optimize resource deployment.Scope and objectives:Take full ownership of assigned projects within set budgets and deadlines, reporting to senior management.Focus on continual improvement in project control, contract management, and document preparation.Emphasize the use of Microsoft Office 365 and Microsoft Teams for planning, communication, and documentation.Apply advanced risk assessment methods to maintain high project standards.Ensure effective people management and motivational leadership within project teams.Languages required: Excellent Dutch; good French and English.

PermanentBelgiumOn site

Le job de vos rêves n’est plus qu’à un clic.

Envoyez-nous votre CV et nous vous mettrons directement en contact avec l'un de nos recruteurs spécialisés qui vous guidera dans la recherche de l'emploi de vos rêves !

Numéro de téléphone
Phone
Candidats

Témoignages

Rejoignez notre communauté active de professionnels et découvrez votre potentiel.

Pour vous tenir au courant de nos dernières actualités.