Freelance Chief Information Security Officer - CISO
Are you an experience Freelance CISO looking for a long term freelance contract ? Are you interested in working for a prestigious governmental institution ? Can you set up frameworks ? Can you ensure that applications are implemented in accordance with legislation ?
As a Freelance CISO your key responsibilities are:
- Defining, implementing, managing and maintaining a comprehensive program for the sound management of information security:
- Define the roles and responsibilities of all actors involved in security.
- Define, implement and evaluate a security policy in cooperation with the IT department and the authorities.
- Drafting and enforcing the various charters and procedures deriving from the security policy.
- Drawing up a risk management plan (identification, evaluation and response).
- Developing strategies based on existing and recognised frameworks
- Establishing a 'culture of security' by means of awareness campaigns and training on the subject of 'Cyber security' for all users.
- Advising the DPO and answering his questions on existing or future technical solutions.
- Informing and advising the authorities on IT security issues.
- Acting as a facilitator between all stakeholders for security issues
- Ensure that the strategies applied are always compliant and valid:
- Ensure that all legal aspects are correctly applied, especially in the context of the AVG.
- Ensure the correct application of the standards used (ISO 270xxx, NIST, NIS, etc.).
- Organising regular audits.
- Check the known good practices (OWASP, ...).
- Define and implement solutions to ensure the confidentiality, availability and integrity of the information system and data:
- Developing a business continuity plan (Disaster recovery).
- Evaluating and optimising the data backup strategy.
- Making recommendations on, evaluating and ensuring compliance with the rules in the various areas (asset management, communication, data security with regard to personnel management, physical and logical access control, encryption, operation and hosting, communication, suppliers, continuity, incident management, classification of information, applications, etc.).
- Cooperating with the various teams and ensuring that agreements are observed
- Establishing procedures for the management of security incidents
- Defining, implementing and evaluating basic information security skills with the specific teams.
- For the traditional aspects: access control, physical security, device security, application security, encryption technologies, virtualisation security, cloud computing, (forensics) logging and auditing after identified incidents, monitoring & event management, remanence of data on the systems, decommissioning, etc.
- For current or future emerging IT technologies: 'Software Defined' technologies, artificial intelligence, internet of things, ...
! It is intended that the CISO will train an internal staff member to eventually perform the function of CISO. !
As a Freelance CISO you can expect:
- A challenging and interesting assignment
- Long term contract (12 months)
- Start ASAP
- Attractive day-rate
As a Freelancer via Michael Page you can expect:
- Being paid within 8 working days after the day of invoice
- One point of contact during the whole recruitment process and during your assignment
In order to be considered for this Freelance CISO position you should have most of the below:
- Master's degree or equivalent work experience in the field of information security.
- Knowledge of Dutch, French and English, both spoken and written.
- Proven experience in security management.
- Proven experience in drafting security policies, processes and procedures.
- Good oral and written communication and drafting skills, tailored to the target audience, with information supplementation where necessary.
- Good organisational skills, analytical mind, proactive and stress resistant.
- Discretion, integrity and respect for professional secrecy with regard to the institution and its members.
- Financial, planning and strategic management skills.
- Monitoring and incident management skills.
- Good technical knowledge of basic IT areas:
- Data centres, servers, storage, databases, development, operating systems, virtualisation, web technologies, etc.
- Good technical knowledge of the specific domains of information security:
- Access control (IAM, AD, Azure AD, authentication protocols, Multi-factor, ...).
- Network and security (TCP/IP, firewalls, proxies, reverse proxies, load-balancers, threat management, Wireless security, Mail, VoIP security, ...).
- Security architecture and design.
- Encryption technologies.
- Physical security.
- Development of secure applications.
- Experience and good knowledge of the use of norms and standards (ISO 27xxx, ITIL, ...).
- Understanding and knowledge of the important regulatory frameworks such as the GPDR.
It is a big plus to have one or more of the following certificates (or equivalent): CISSP, CISA, GSEC, CEH, CISO, ISO 270xx, Pentest+.