CISO Officer - Risk management

Sparagus

전망: 125

갱신일: 16-11-2025

위치: Brussels Brussels Capital

범주: IT-소프트웨어 IT-하드웨어 / 네트워킹 정보 기술

산업:

Loading ...

작업 내용

The goal of the Senior IT risk expert is to further develop the processes, procedures and methodologies in the context of IT risk management into an IT risk management framework. The focus is on consistent way of risk analysis and management that is aligned with the processes and policies of various policy documents of various stakeholders in the organization. Then this expert will
for the successful implementation of this new way of working in the day-to-day operation of the ISMS of SNCB and in developing or providing the related tooling and technologies.

MAIN ACTIVITIES

Information Risk Management:

  • Is responsible for setting up an information risk management framework, based on the Enisa interoperable risk management toolbox.
  • Defining, writing and training IT risk officers in a risk analysis methodology that can produce consistent risk assessments based on existing and new control objectives.
  • Is responsible for defining, writing and applying "information risk analysis", "information risk treatment" and "information risk monitoring" processes, policies and standards.
  • Defines and manages the approval and evaluation process of these new processes and standards.
  • incorporates the information risk management processes into existing business and IT processes
  • is responsible for the active execution, practical and pragmatic formulation, follow-up and adjustment of information risk analyses for new projects and for existing situations
  • is responsible for setting up and maintaining an information risk register
  • is responsible for the unambiguous reporting of risks, but also for the follow-up of mitigating actions to the business owners
  • Is responsible for the successful translation of these methodologies and processes into functional requirements for IT risk requirements for IT risk management tooling and can also translate these into a successful implementation.

Coordination and Management:

  • Is responsible for the operational coordination and direction of one or more projects and initiatives within the Information Security department (priorities, budgets, resource & project planning)
  • Coordinates, within the Cyber & Information Security Office, with other departments such as IT Risk Management, CISO Solution & Services, Information Security & Compliance including Data Protection in terms of priorities, interactions and enhances initiatives
  • Works closely with enterprise risk management and business continuity management
  • Knowledge Development:
  • Stays abreast of new developments regarding CISO domains and considers how these can be applied within the customer organization
  • Remains abreast of new security threats, market developments, technologies, relevant legislation, IT technical and other security developments
  • Continuously follows training courses, seminars, ...

CRITERIA

Responsibilities

  • Information Security Management
  • Information Risk Management
  • CISO Security Solutions & Services
  • Governance, Policies & Awareness around information security and data protection
  • Coordination and management of one or more projects and initiatives within the Information Security department
  • Reporting on the CISO domains and security findings
  • The follow-up of IT Compliance
  • Keeping up to date and expanding own knowledge Possible consequences of incorrect decisions and/or improperly performed activities:
  • Late or inadequate Security policies, procedures and guidelines.
  • Late identification and treatment of information security risks
  • Lack of awareness by internal and external employees regarding information security & privacy risks and best-practices
  • Completion of Information Security projects not according to pre-defined project plan
  • Late and/or incomplete reporting on the CISO domains to management and senior management
  • Possible infections to the systems with far-reaching consequences for the operation of the client and the customer
  • Possible breaches or applicable laws and regulations

Knowledge and complexity

  • Knowledge level Master or equivalent by experience
- Relevant work experience of 15 - 20 years
  • Working-in period of several months
  • Knowledge of ISO27001, ISO27002, ISO 27005, ISO 31000 standard
- Thorough knowledge of IT Risk Management, Information Security & Compliance - Thorough knowledge of security architecture and controls
  • Knowledge of IT processes and technology
- Certifications: CISSP, CISM, CGRC or CISA- Program management knowledge

Problem solving

  • Translating the strategic CISO plan into objectives, metrics, actions, ...
  • Being able to execute multiple projects in parallel
  • Being able to divide work among several people in the context of projects
  • Being able to write and implement frameworks, procedures, policies, standards, awareness programs
- Analyzing security incidents and being able to provide - sometimes not obvious - solutions.
  • solutions
  • Making correct risk assessments
  • Giving and preparing presentations to senior management and board of directors
  • Being able to keep knowledge up to date within a rapidly evolving domain (trends, technology,...)
  • Is independent in leading the own projects and project teams and handling questions / complaints/ incidents
  • Is bound by the Information Security policy and vision, strategic CISO plan, ISO2700x,applicable legislation (GDPR, NKI, NIS, ...) and international standards
  • Appeals to supervisor in case of escalations, for discussing incidents, for validating of project plans, budgets and resources and (interim) reporting

Communication

Internal contacts

  • Daily to weekly contact with fellow CISO officers regarding policy, projects and incidents
  • Weekly contact with the various IT departments regarding the coordination and direction of Information Security projects
  • Monthly contact with Head of CISO, IT PMO and senior management regarding reports to Head of CISO and IT PMO on the IT Security projects and IT Compliance.
  • Focused contact with the (the client and/or customer) Data Protection Officer and the (the client and/or customer) Risk Manager regarding audit findings and IT compliance breaches exchange
  • Directed contacts with the HR and communications departments at the client and the client regarding the implementation of the information security awareness program

External contacts

  • Monthly contact with security liaisons, Internal Audit, Enterprise Risk management at the regarding policy, ongoing projects and reporting
  • Targeted contacts with IT outsourcing partners regarding incidents, follow up and coordination around work, ...
  • Targeted contacts with external auditors regarding the guidance of external audits or the discussing and/or following up on audit findings

Languages

Knowledge of Dutch, French and English (oral and written)
Loading ...
Loading ...

마감 시간: 31-12-2025

무료 후보 신청 클릭

대다

작업 보고
Loading ...

동일한 작업

Loading ...
Loading ...