Security Process Specialist – ISRC - #46713

Role

Security Process Specialist – ISRC (Information Security, Risk and Compliance)

About the Role

The Security Process Specialist will support the ISRC function within the EDP Platform program. The EDP Platform is a service‑oriented, cloud‑native, hybrid environment enabling product teams to develop, run, and operate software products with self‑service capabilities. The consultant will analyze, design, and optimize ISRC processes so they are efficient, pragmatic, scalable, and aligned with the EDP operating model. The focus is on embedding secure design, risk and compliance workflows, and governance interfaces across product lines—enabling teams rather than executing security operations directly.

Responsibilities

• Assess current IS Risk Management, Compliance Management, Non‑Functional Requirements (NFR) Management, Architecture Review, and Security Operations processes to identify gaps and improvement opportunities
• Design streamlined, pragmatic, and scalable processes balancing regulatory needs with operational feasibility
• Define and refine workflows for risk identification, assessment, mitigation tracking, and reporting
• Shape processes to interpret and implement compliance requirements, including internal standards and external frameworks
• Establish clear mechanisms to capture, validate, and track security NFRs throughout the product lifecycle
• Create and integrate structured, repeatable workflows for Security Architecture Design Reviews (SADR)
• Define interfaces and handoffs with incident response and vulnerability management, including SLAs, RACI, and metrics
• Consult on Product Release Specification (PRS) sign‑off workflows to embed verifiable security and compliance criteria
• Ensure secure design principles and patterns are reflected in process definitions and review gates
• Maintain mechanisms to track adoption and effectiveness of secure architecture patterns across product lines
• Incorporate lessons learned, incidents, and audit findings into continuous process improvements and governance
• Provide process‑related guidance for strategic decisions impacting security and compliance
• Align ISRC processes, tools, and roles with the evolving EDP operating model; contribute via OD Coalitions
• Integrate ISRC knowledge, processes, and tools into program‑wide enablement and communications
• Produce clear process descriptions, workflows, RACI definitions, guidelines, and supporting materials for adoption

Mandatory Requirements

Professional Experience

• Hands‑on exposure to security, risk, and compliance processes in larger organizations
• Experience analyzing and improving workflows (risk management, compliance, NFRs, architecture reviews)
• Solid grasp of enterprise security and compliance frameworks and their impact on delivery
• Experience collaborating with technical teams, architects, and GRC stakeholders
• Ability to understand and review technical designs without being the implementer
• Skill in translating compliance/risk requirements into actionable steps or process changes
• Experience contributing to roles, responsibilities, and decision structures (RACI, governance forums)
• Experience embedding security/compliance checks into delivery processes
• Experience supporting workshops or knowledge‑sharing activities
• Comfortable promoting secure and compliant ways of working

Knowledge & Skills

• Security process design and optimization (ISRC)
• Risk management workflows (identification, assessment, treatment, reporting)
• Compliance management processes (interpretation, control mapping, evidence, audits)
• NFR security capture, validation, and traceability
• Security Architecture Design Reviews: workflows, gates, criteria, and patterns
• Interfaces with Incident Response and Vulnerability Management (handshakes, SLAs, metrics)
• Governance artifacts: process descriptions, workflows, RACI, PRS criteria, documentation
• Familiarity with security frameworks and standards: ISO 27001/27005, NIST CSF/800‑53/800‑171, NIS2, CIS Controls, GDPR, Zero Trust, SOC 2, CSA CCM, OWASP ASVS (as applicable)
• Stakeholder alignment and communication across product, platform, and architecture functions
• Metrics and continuous improvement (KRIs/KPIs, effectiveness tracking, audit feedback loops)

Languages

• Fluent English (C1)

Location

• Brussels

Work Model

• Hybrid
• Full-time