Skip to content
NederlandsfrançaisEnglish

Business Area Lead GRC

  • Hybride
    • Near Brussels Midi Station, Brussels Hoofdstedelijk Gewest, België
  • IT Security

Functieomschrijving

People Management

  • Ensures clear role distribution within the team and delegates responsibilities to the appropriate employee.

  • Coaches and supports team members in their personal development (work meetings, training, evaluations, career paths, competencies, etc.) in collaboration with the HR Business Partner.

  • Establishes and maintains a skill matrix for all team members, aligned with required GRC competencies.

  • Acts as hiring manager for attracting new team members (job description, screening, interviews).

  • Advises leadership on the qualitative and quantitative staffing of the team within budget.

  • Manages leave, sickness, and absenteeism within the team and flags concerns regarding employees’ mental health.

  • Promotes and embodies the organization’s values within the team.

Cost Management

  • Ensures the team operates within the given budgetary and operational context (OPEX & CAPEX).

  • Prepares the team budget, submits it to leadership for validation, and monitors progress.

  • Provides capacity management in line with staff and ongoing projects.

  • Conducts continuous evaluation of costs versus delivered services.

  • Performs administrative follow-up of costs (review and approval of timesheets, invoices, purchases).

Leadership of GRC Experts (Second Line of Defense)

  • Leads a team of experts responsible for governance, risk, and compliance activities.

  • Ensures team expertise is properly applied in risk analyses, ESG assessments, contract evaluations, and other strategic topics.

  • Coordinates team involvement with internal and external stakeholders, including ERM and senior leadership.

  • Safeguards compliance with internal standards, policies, and legal/regulatory requirements (e.g., NIS2, ISO 27001).

  • Facilitates reporting and follow-up to management and regulators.

Internal Processes and Knowledge Management

  • Designs, documents, and optimizes internal processes related to GRC activities, aligned with overarching organizational processes.

  • Documents and monitors work instructions within the team and facilitates knowledge sharing within the team and with other Team Leads.

  • Ensures internal processes are correctly applied and continuously improved.

Communication and Point of Contact

  • Acts as point of contact for internal and external stakeholders regarding GRC-related topics.

  • Facilitates clear communication between the GRC team, the ERM team, and other involved departments.

  • Coordinates the use of external service providers, including drafting RFPs, selection procedures, and monitoring delivered services, in collaboration with Vendor Management and Service Management.

  • Ensures standards and policies are applied and monitored within the team’s operations.

Scope of Responsibilities

  • Coordinating daily team activities.

  • Monitoring budgeting, cost control, and cost follow-up within the area of responsibility.

  • Achieving team results and supporting employees in achieving individual and collective goals.

  • Managing quality and setting/following up on KPIs (and OLAs) and reporting.

  • Safeguarding the application of standards and policies in the execution of activities.

Vereisten

  • Master’s degree level or equivalent through experience

  • Relevant work experience of 5–7 years

  • Knowledge of the specific field/service area

  • Knowledge of people management

  • Knowledge of project methodologies

  • Knowledge of the structure, internal (work) procedures, and regulations of Ypto and NMBS

  • Knowledge of common and company-specific software

  • Trilingual is important (Dutch + French + English)

Specific to the GRC Role

  • PhD level strongly recommended (without specific domain requirements)

  • Knowledge of people management, with responsibility for leading experts in their domain with high autonomy

  • Knowledge of corporate and operational processes within NMBS

  • Knowledge of HR-related processes, given the impact of policy changes on employees and the frequent consultation required with stakeholders

  • Knowledge of People Change Management, essential for guiding the team in implementing policy and strategy

  • Knowledge and experience in Effective Internal Communication methodologies

  • Ability to deliver presentations fluently to senior leadership

  • Experience in implementing policy in large organizations with complex labor relations

  • Knowledge of relevant legislation (GDPR, NIS 2, CRA, CER, AI Act)

  • Knowledge of domains within Cyber and Information Security

Our Offer

Within our open company culture, you will contribute behind the scenes to the digital transformation of NMBS. You will have a role with social impact and room for personal input. In addition to a good work-life balance and a market-based salary, your package includes:

  • Possibility of telework + flexible working hours

  • 35 vacation days

  • Company car + public transport subscription

  • Target bonus

  • A comprehensive insurance package (affiliation without own contribution, excl. outpatient costs for family members);

    • Hospitalization and dental care for the whole family

    • Outpatient costs (medical expenses outside hospitalization)

    • Group insurance: supplementary pension, disability, and death coverage (cafeteria plan)

    • Occupational accident insurance (beyond statutory coverage)

  • Meal and eco vouchers

  • Net allowances for telework and car wash + internet budget

of