Security Risk Assessment Specialist – Freelance Contractor – BrusselsRate: Flexible; Duration: 1 year; Hybrid: 8 days onsite per month in Brussels office, remainder remote. Division: CISO – IT Risk.
About the role
We are looking for an experienced and dynamic Senior Security Analyst to join our IT Risk Transformation team. In this role, you will contribute to the design and enhancement of our application security risk assessment process and perform security risk assessments across a wide range of applications. You will work closely with cross‑functional teams from across the organization and will be exposed to a diversified set of topics, business and technologies.
Responsibilities
- Contribute to the design of an application security risk assessment framework.
- Design the approach for executing application security assessments.
- Participate in building the data model supporting the above activities.
- Create standard reporting templates.
- Organise documentation and track activity.
- Execute security assessments.
- Analyse the business context, technical architecture and supporting components of applications using sources such as CMDB, network topology, documentation and workshops.
- Identify relevant threats, risk scenarios and appropriate security controls based on the application’s specific environment.
- Detect security gaps, articulate clear and actionable findings, and provide practical recommendations.
- Produce detailed reports outlining risks, observations and recommended security measures.
- Collaborate with internal stakeholders including IT, architects, project managers, business owners and risk teams to validate findings and support remediation plans.
Experience
- 5–10 years of proven experience conducting security risk assessments.
- Hands‑on experience contributing to the design of security processes, frameworks or security solutions.
- Solid understanding of cybersecurity frameworks (ISO27001, CIS, NIST, DORA) and threat/risk frameworks (MITRE, EBIOS).
- Good knowledge of financial IT security regulatory requirements (DORA, ESMA, etc.).
- Practical understanding of how information security controls must be implemented.
- Experience in defining or applying security requirements on Microsoft Azure, IBM Mainframe or Microsoft Windows platforms is a plus.
- Fluency in English and prior experience in the financial sector.
- Knowledge of financial markets, FMIs and CSD operations is advantageous.
- Experience with tools such as ServiceNow, Excel and basic security testing platforms.
- Experience with ServiceNow GRC is advantageous.
- Certifications such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH are advantageous.
Skills
- Strong communication and coordination skills, engaging effectively with stakeholders across diverse teams.
- Proactive, self‑motivated and comfortable in a dynamic, continuously evolving environment.
- Strong analytical capabilities and creative problem‑solving skills.
- Structured, synthetic, delivering clear, concise and relevant responses.
- Calm, organized, efficient under pressure, maintaining clarity even in uncertain situations.
- Collaborative mindset, working effectively with executives, business leaders and technical teams.
- Autonomous and well‑organized, with strong prioritisation and time‑management ability.
