Job Specifications
Security Risk Assessment Specialist – Freelance Contractor – Brussels
Rate: Flexible
Duration: 1 year – freelance contract
Hybrid: 8 days onsite in Brussels office in a month, the rest can be worked remotely
Division: CISO - IT Risk
About the Role:
We are looking for an experienced and dynamic Senior Security Analyst to join our IT Risk Transformation team.
In this role, you will contribute to the design and enhancement of our application security risk assessment process and will perform security risk assessments across a wide range of applications.
To achieve it, you will work closely with multi-functional teams from all the organization and will be exposed to a diversified set of topics, business and technologies.
Your responsibilities:
Contribute to the design of an application security risk assessment framework:
Design of the approach for executing the application security assessment
Participate to the design the data model supporting above activities
Build standard reporting templates
Organization of the documentation & tracking of the activity
Execute security assessment
Analyse the business context, technical architecture, and supporting components of applications using sources such as CMDB, network topology, documentation, and workshops.
Identify relevant threats, risk scenarios, and appropriate security controls based on the application’s specific environment.
Detect security gaps, articulate clear and actionable findings, and provide practical recommendations.
Produce detailed reports outlining risks, observations, and recommended security measures.
Collaborate with internal stakeholders including IT, architects, project managers, business owners, and risk teams to validate findings and support remediation plans.
Experience
5–10 years of proven experience conducting security risk assessments.
Hands-on experience contributing to the design of security processes, frameworks, or security solutions.
Solid understanding of cybersecurity frameworks (e.g. ISO 27001, CIS, NIST, and DORA) and threat / risk frameworks (e.g. MITRE, EBIOS…)
Good knowledge of financial IT security regulatory requirements: DORA, ESMA, etc.
Practical understanding on how Information security controls must be implemented. Experience in defining or applying security requirements on Microsoft Azure, IBM Mainframe, Microsoft Windows platforms is a plus.
Fluency in English.
The candidate has a previous experience in the financial sector.
Knowledge of financial markets, FMIs and CSD operations is an advantage
Experience with tools like ServiceNow, Excel, and basic security testing platforms.
Experience with ServiceNow GRC is an advantage
Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage.
Strong communication and coordination skills, with the ability to engage effectively with stakeholders across diverse teams (Supply Chain, CISO, IT, etc.).
Proactive and self‑motivated, comfortable working in a dynamic and continuously evolving environment.
Strong analytical capabilities combined with creative problem‑solving skills.
Structured and synthetic, able to deliver clear, concise, and relevant responses to requests.
Calm, organized, and efficient under pressure, maintaining clarity even in situations of uncertainty.
Collaborative mindset, able to work effectively with executives, business leaders, and technical teams.
Autonomous and well‑organized, with strong prioritization and time‑management abilities.
Soft Skills
Strong communication and coordination skills, with the ability to engage effectively with stakeholders across diverse teams (Supply Chain, CISO, IT, etc.).
Proactive and self‑motivated, comfortable working in a dynamic and continuously evolving environment.
Strong analytical capabilities combined with creative problem‑solving skills.
Structured and synthetic, able to deliver clear, concise, and relevant responses to requests.
Calm, organized, and efficient under pressure, maintaining clarity even in situations of uncertainty.
Collaborative mindset, able to work effectively with executives, business leaders, and technical teams.
Autonomous and well‑organized, with strong prioritization and time‑management abilities.
Please do send across to me the most up to date CV to eobiechefu@welovesalt.com