Within the Cyber- & Information Security Office department of our client, you will be responsible for maintaining the vision (based on ISO2700x:2013), establishing the strategy and executing the program within our client’s  organization so as to adequately protect the company resources.

2 different positions available : Management (ISMS) and Policies.

• As responsible for ISMS you will take the lead in the implementation of an ISMS. You will define policies, standards, procedures and guidelines. You will take care of their communication and awareness at the respective audiences. You will follow up and report on their implementation and status;
• You will identify Security Protection goals and metrics which meet the strategic plans and priorities of CISO;
• You will actively monitor the different cybersecurity intelligence and launch the necessary corrective measures within the IT organization;
• You will actively follow up defined actions / findings of internal and external IT audits within the IT organization, including a monthly feedback reporting to IT management and internal Audit;
• You will align the Cyber- & Information Security Office with other departments, such as Data Protection, IT Risk Management and Cybersecurity Management as far as priorities, interactions and improvement initiatives are concerned;
• You will closely cooperate with IT PMO in view of aligning its processes with existing IT project processes, you will closely cooperate with IT departments in view of aligning its processes with existing IT ITIL processes, you will establish a close collaboration with the Data Protection Officer and the Information Risk Manager in order to exchange audit findings and compliance violations;
• You will elaborate and maintain an IT audit and IT compliance framework in accordance with legal requirements or strategic IT objectives;
• You will execute IT audits and IT compliance assignments in order to determine flaws or violations based on the information security and data protection policies and the information risk management processes;
• You will facilitate writing out the findings, both high-level and on a technical level, including the delivery of migration scenarios

• As responsible for Policies you will establish, submit, communicate, enforce and review Policies, Standards, Procedures and Guidelines regarding cybersecurity and data protection in accordance with ISO2700x and legal privacy regulations;
• You will take the lead in the biennial review cycle;
• You will draw up a company-wide long term information security awareness program and will distribute it within the organization in order to draw the attention of internal collaborators to the cybersecurity and privacy risks and in order to teach best practices;
• You will collaborate closely with HR and Change & Communication, you will coordinate with existing training initiative;
• You will align within the Cyber- & Information Security Office with other departments, such as Data Protection, IT Risk Management and Cybersecurity Management as far as priorities, interactions and improvement initiatives are concerned;
• You will closely cooperate with IT PMO and other IT departments in view of aligning its processes with existing IT and ITIL processes, you will report to CISO and IT PMO regarding the IT security projects.

• You have a Bachelor's degree or you’re equivalent through experience;
• You have broad knowledge of IT processes and technology;
• You have 3 to 10 years of relevant experience in information security, ISMS, risk management, …
• You have knowledge of ISO2700x, ISO31000, COBIT5, ITIL, … 
• You have experience in assessing and managing IT and/or Information Risk;
• You have relevant experience in writing and implementing policies and awareness programmes
• You have experience with developing dashboards and management reporting;
• You have knowledge of security architectures and controls;
• You have good knowledge of MS Office (Excel, PowerPoint) and PowerBI;
• Having following certifications is a plus : CISSP, CISM, CISA or CRISC, …;
• Having knowledge of ISF IRAM is a plus;
• You are able to work under pressure and with tight deadlines;
• You are fluent in English and Dutch or French, you have at least basic knowledge of Dutch and French, being fluent and Dutch is a plus.

• A challenging job in a fast growing and dynamic IT organization located close to one of the main railway stations in Brussel;
• An employer with a clear social benefit and a well-defined strategy;
• An intellectual challenge, including the possibility to follow relevant training courses, both internally and externally;
• A competitive salary package included several fringe benefits such as a company car together with public transport facilities, group- & health insurance, etc.;
• A healthy work-life balance, included 1 day of homeworking / week.