Written by Laurent Dupont

A day in the life of Eric De Smedt

Ever wondered what a day in the life of a GRC expert looks like? Meet Eric, a seasoned professional within the Academy team at Toreon, specializing in Governance, Risk, and Compliance. From helping clients implement the ISO27001 standard to refining internal processes, Eric’s day is packed with a mix of client work, team collaboration, and continuous learning. Join us as we follow Eric through his busy Monday, where no two hours are quite the same!

14/02/2025

Monday morning, rise and shine.

Let’s have a look at my planning for the day and week to come. As an expert within the Academy team at Toreon, I’m happy to say that I have a mix of different engagements throughout the week. I’m mainly in the business of GRC, Governance, Risk and Compliance. I help clients with implementing the ISO27001 standard and guiding them towards certification. I also use the CIS Controls framework to assess security from a more technical point of view, and establish a roadmap to improve the security posture over time. And anything related to security strategy: bring it on!

Today, it is a mix of client work and work for Toreon, to make us even better. We constantly try to improve our services, making them up-to-date and even more relevant for our customers. I have a half hour meeting at 10:00 to discuss progress on a new process we are setting up to evaluate new ideas and turn them into solutions. Security is about keeping up with the pace, so that’s what we do.

We are also going to use a new system to keep track of the skills and competences every Toreonite possesses, including relevant certifications. As we are growing, a central system like this has become important so that we can quickly find the right person for the job. Today, I’ll be working on documenting the various skills required within the GRC knowledge domain for each level of consultant.

Then it’s time to do our weekly check-in on the OKR’s which have been assigned to our team. Operational Key Results are defined for the various teams, in line with the company OKRs. This keeps us focused on the overall objectives we want to reach. During the morning I was able to work on one of the OKR tasks, so yes, I could give some positive feedback.

As we are focusing on expanding our cloud security skills, many of us are studying and gaining experience in the Microsoft cloud solutions and how to secure them. We see that this is a real need among our customers. So, yes, later today, I’ll be doing some studying as well. We have 10 training days each year, and a very generous training budget of 5000 euro that we can use to follow courses. I’ll be planning my certification exam soon!

In the afternoon, it is time to discuss our approach with a colleague on how we are going to start up a new project with an existing customer. As of next week, we are kicking off that project, so a proper preparation ensures a good start.

Oh yes, I have a “mystery” call scheduled today as well. This is organized among randomly chosen colleagues, to have a quick chat of about 15 minutes to discuss whatever you like, or to get to know someone you haven’t really met and worked with. A nice initiative to keep us connected during these strange COVID-times. Looking forward, though, to have a drink after work – still better than a Teams meeting!

Tomorrow I’ll be working the whole day on a project to implement an ISMS at one of our long term clients.

And before I sign off, let’s not forget to fill out my timesheet, and make adjustments to my planning for the coming days. It is quite a dynamic way of working, so some flexibility is needed. But that keeps it interesting!