Governance Information Security Officer (GISO) (m/f/x)

As a GISO, you will join the Risk team . The GISO is a key control function within D.A.S. As a second line function, it ensures the adequate implementation of Information Security Controls and Policies within the company and the adequate fulfillment of corresponding regulatory/group/local requirements.You will be part of a team of 7 peoples including the Head of the department (also Chief Risk Officer). The small size of the team guarantees you a direct involvement in key Information Security processes of the company and regular contacts with the key peoples within the company (Executive Committee, Middle Management…)

Reports to the company’s Chief Risk Officer and is an integral part of the company’s "second line" functions.

• Responsible for the company’s security requirements and controls.
• Acts as the security contact for the ERGO group and follows up on the group’s recommendations.
• Provides regular reports to the executive committee, ERGO’s CISM, and the Audit & Risk Committee.
• Works closely with the TISO (technical Information Security Officer) , all members of the DAS IT team and consultants in charge of the network, infrastructure, and overall security.

Specifically participates in various committees (Change Advisory Board, Monthly Infrastructure & Security Meeting) to ensure follow-up on issues within his/her scope of intervention.

• Collaborates closely with risk management team members responsible for the company’s internal control system.
• Collaborates closely with the TISO responsible for the technical aspect of information security.
• Works closely with compliance function members responsible for adhering to IT security regulations.
• Implements a risk management plan for information security and IT security in general.
• May participate in strategic projects with potential impacts on the company’s IT security.

The GISO is responsible for :

Strategic Policy Development: GISO would be responsible for issuing information security-related policies and guidelines at a global level. he would ensure that these policies align with industry standards, regulatory requirements, and the organization’s overall risk management strategy . He is responsible for defining and maintaining company-specific IS requirements to meet group-wide IS requirements

Risk Management Oversight:GISO would provide a second opinion for risk assessments conducted by TISOs and other stakeholders. He would oversee the implementation of risk management processes, including the establishment of a risk register and the development of risk treatment plans.

Consulting Services: GISO would offer information security consulting services to the first line for compliance to IS strategy and IS policies and guidelines. He would provide guidance on security best practices, compliance requirements, and risk mitigation strategies.

Board Reporting: GISO would be responsible for reporting information security risks and initiatives to the board of directors and Ergo. He would ensure that board members are informed about the organization’s cybersecurity posture and any significant security incidents or threats.

Governance and Compliance: GISO would establish and maintain a governance framework for information security, ensuring that security controls are consistently applied across the organization. He would oversee compliance with regulatory requirements and industry standards. He is responsible for establishing catalogue of security controls based on IS Guidelines

Awareness Plan Development:GISO would define an organization-wide information security awareness plan aimed at educating employees about security risks, policies and guidelines. This plan would encompass various awareness initiatives, such as training sessions and awareness campaigns.

• You demonstrate a capacity to convince others of your opinion: you can present easily your opinion both by writing and orally in front of different types of audience…
• You are able to detect risks and document them
• Active knowledge of one of the two national languages (French/Dutch), passive knowledge of the other national language and active knowledge of English
• You are flexible in your personal organization and capable to change priorities quickly and identify the highest priorities
• Finally, you are proud and accountable for your acts and decisions and feel attracted by a strategical challenging environment!
• You have excellent analytical skills and are able to identify gaps between documents
• You are able to synthesise information and translate abstract concepts into concrete instructions
• The following certifications are an advantage: CISSP, ISO 27k implementor, CISA
• The following knowledge are an advantage: DORA, NIS2, GDPR

• You are eager to learn
• You are critical but constructive
• You strongly believe in the principle of equality within a company: we are defined by our humanity, not by our job title
• You take initiative and help your colleagues
• You are willing to give and receive feedback
• You are open to personal development and to identifying your energy takers and givers
  

Kan je niet wachten?

Laat het ons weten en solliciteer online!

Vergeet ons niet te verrassen met een leuke motivatiebrief.