As an Information Security Officer, you are a key figure within our organization. You work closely with colleagues from IT, Privacy, HR, business cells, and external partners. You are analytical, a strong communicator, and capable of translating complexity into actionable guidelines for the organization.
Your responsibilities:
- Policy & ISMS: Enhancing and maintaining the information security policy and ISMS (including SoA) in accordance with ISO 27001:2022 and NIS2.
- Risk management & compliance: Performing risk analyses, defining control measures, and coordinating internal and external audits.
- Privacy (GDPR): Collaborating with the Privacy Officer/DPO on DPIAs, data processing agreements, data minimization, and awareness campaigns.
- Security awareness: Designing and rolling out training, communication, and campaigns focused on safe behavior.
- Incident management & continuity: Coordinating detection, response, and root cause analyses; supporting business continuity activities.
- Security by design: Advising on security requirements for projects, applications, and cloud platforms (e.g., Microsoft 365/Azure).
- Vendor management: Assessing security aspects of suppliers and contractual agreements.
- RFP/RFI & due diligence: Coordinating and completing security questions for tenders, client requests, and audits—together with the business and IT.
What do you bring?
- Proven experience with ISO 27001 (preferably 2022), NIS2, privacy (GDPR), and IT security.
- Solid IT fundamentals and understanding of technical security measures.
- Excellent command of English (required); Dutch is a strong plus.
- Experience in a multinational environment is a significant advantage.
- Strong communication skills: you make complex topics simple and comprehensible.
- You are analytical, structured, and skilled at convincing stakeholders.
- Preferred: certifications such as ISO 27001 Lead Implementer/Auditor, CISM, or CISSP; familiarity with NEN 7510 is a bonus.
- Availability of 16–24 hours per week (flexible schedule).
