Job Description
The Cybersecurity Directorate safeguards the IT security of the Federal Public Service (FPS) Home Affairs’ data and systems and strives to stay one step ahead of cybercriminals. We proactively identify risks and raise the alarm in a timely manner.

What can you expect from us?

You will be part of the operational heart of the FPS Home Affairs and contribute to the security of the country. You are responsible for leading all agents in our ‘first response team’.

The NOC SOC team (Network Operations Center/Security Operations Center) ensures the IT security of the FPS Home Affairs’ data and systems, staying ahead of cybercriminals. We proactively identify risks and raise the alarm in a timely manner.

What does your role actually entail?

As Risk Manager, you are responsible for identifying, analyzing, and managing risks that could affect the objectives and security of the organization. You develop risk management strategies and frameworks that contribute to the organization’s operational resilience, compliance, information security, and continuity management.

You act as a bridge between different departments and support senior management with substantiated advice on risks, incident impact, and mitigation plans. You have a holistic view of risks and translate risk information into actionable insights.

Employer

The FPS Home Affairs ensures your security. To achieve our mission, we invest in a secure and stable IT environment.

We are currently looking for a Senior Network Security Engineer for the General Directorate of Innovation and Digital Solutions (AD DIO) (Finance Tower – Boulevard du Jardin Botanique 50, box 90 – 1000 Brussels) of the FPS Home Affairs.

GENERAL MANAGEMENT OF INNOVATION AND DIGITAL SOLUTIONS

The General Directorate of Innovation and Digital Solutions develops an overall ICT strategy and manages shared system and network infrastructures. We support and strengthen the various services of the FPS Home Affairs. Our ICT helpdesk is always ready to assist you, and we support management in their IT projects and application developments.

The General Directorate of Innovation and Digital Solutions is a small department that focuses on a positive working atmosphere and collaboration. You will join a small, close-knit team of professionals who share the same passion for the field. We value trust and expertise, and therefore offer plenty of opportunities to refine your knowledge.

FPS Home Affairs

Security, crisis management, fire and burglary prevention, management of the National Register, organization of elections, issuance of identity cards, management of migration flows… The FPS Home Affairs does all this and much more.

Your security is our concern. As FPS Home Affairs, we create a safe society in which citizens dare to take initiative and seek connection with each other. We also strive for an open organizational culture in the workplace, where you as a colleague have the space to contribute ideas or decisions, and certainly also to participate.

Our FPS employs more than six thousand staff, spread across the six general directorates (Civil Security, Crisis Center, Immigration Service, Security & Prevention, Identity and Civil Affairs, Innovation and Digital Solutions), management directorates, coordination & support services, and the four independent organizations (General Commission for Refugees and Stateless Persons, Council for Alien Law Litigation, Permanent Commission for Language Control, and Federal Governor Services).

SKILLS

Core Responsibilities

1. Risk identification and analysis
2. Conducting risk analyses at strategic, operational, and IT levels.
3. Detecting potential threats, vulnerabilities, and dependencies within processes, systems, and infrastructures.

4. Managing the risk register and preparing risk profiles per domain (e.g., information security, privacy, operational, financial).

5. Development and implementation of risk policy

6. Designing risk management policies, procedures, and methodologies in line with ISO 31000, NIST, or COBIT.
7. Coordinating risk management processes, including risk assessments, scenario analyses, and risk appetite definitions.

8. Ensuring compliance with legal obligations and internal policy standards (including GDPR, ISO 27001, Baseline Information Security Government).

9. Reporting and advice

10. Advising management and leadership based on risk analyses and impact assessments.
11. Proposing mitigation measures and monitoring action plans.

12. Reporting on risk status, trend analysis, and incidents via dashboards and quarterly reports.

13. Awareness and collaboration

14. Rolling out awareness campaigns on risks and policies within the organization.
15. Collaborating with cybersecurity, compliance, internal audit, and business units.
16. Organizing risk workshops, training sessions, and crisis exercises.

General Skills

• Analytical thinking: able to understand complex risks and their interrelations.
• Communication skills: translates technical or operational risks into comprehensible language for all stakeholders.
• Strategic insight: always considers long-term impact and organizational strategy.
• Independence & integrity: able to objectively identify risks and defend organizational interests.
• Organizational ability: structured approach to risk management and simultaneous follow-up of multiple projects.

Technical Expertise

• Knowledge of risk management standards (ISO 31000, COSO ERM, ISO/IEC 27005).
• Familiarity with tools for risk registration and reporting (e.g., Monarch, ServiceNow GRC, Excel models).
• Experience with compliance frameworks (GDPR, ISO 27001, NIS2).
• Basic knowledge of IT and cyber risks is a significant asset.
• Understanding of business continuity, crisis management, and audit requirements.

Deliverables

As Risk Manager, you deliver measurable and policy-driven output that directly contributes to the organization’s risk management, decision-making, and compliance. Your responsibilities result in the following key products:

• Updated risk register with current risk assessments, classified by impact and likelihood.
• Policy documents and procedures related to risk management, including annual updates and versions tailored to specific domains (e.g., IT, compliance, operations).
• Impact and risk analyses per project, process, or technology, delivered in collaboration with project managers or business units.
• Risk reports (monthly/quarterly) for the management committee, with KPIs, trend analyses, and evaluations of mitigation measures taken.
• Action plans and follow-up reports resulting from internal/external audits, incident analyses, or self-assessments.
• Training materials and awareness campaigns for employees, including presentations, workshops, and e-learning modules on risk management and security culture.
• Business Impact Analyses (BIA) and contributions to the Business Continuity Plan (BCP).
• Lessons learned reports after incidents or crisis simulations, including recommendations for policy improvement.

Valued Certifications

The following certifications are considered an asset:

• CRISC – Certified in Risk and Information Systems Control (ISACA)
• ISO 31000 Lead Risk Manager
• CISA, CISM or CISSP (for cybersecurity-oriented risk profiles)
• Prince2 or PMP (for project-related risk analysis)

Requirements

• In possession of or ability to obtain accreditation at Secret level (National and EU).
• Integrity and discretion in handling sensitive information.
• Up-to-date knowledge of cybersecurity threats and trends.

Note: A security clearance is mandatory for this position. The assignment is extendable.