Chief Information Security Officer

Chief Information Security Officer – Freelance Role (Brussels)

Duration: Until the end of the year, with possible extension

Client: Global organization based in Brussels

Location: Brussels

Hybrid: Approx. 50% on-site (2–3 days per week), remainder remote

We are looking for an experienced and hands-on Chief Information Security Officer (CISO) for a freelance assignment with one of our global clients in Brussels. The ideal candidate will lead the organization’s cybersecurity and IT risk management strategy, ensuring the protection of critical systems and data while aligning with regulatory and business objectives.

Key Responsibilities

Cybersecurity Strategy & Governance

• Define and implement a cybersecurity vision aligned with business priorities.
• Establish a first-line governance structure in line with broader IT governance principles.
• Maintain a robust and adaptive security framework (policies, controls, indicators, guidelines).

IT Risk Management

• Conduct risk assessments and manage vulnerabilities.
• Track remediation plans and report progress to the CIO and second-line risk functions.
• Monitor third-party security posture and lead associated risk mitigation efforts.
• Respond to audit findings and regulatory queries on IT security.

Security Operations & Incident Response

• Oversee daily security monitoring across systems, networks, and data.
• Maintain asset inventories, including cloud and third-party environments.
• Support the coordination of cyber incident responses and crisis management plans.
• Ensure business continuity through well-defined incident response procedures.

Cybersecurity Projects & Expertise Sharing (DORA Focus)

• Lead information security and third-party risk management within DORA initiatives.
• Advise business and IT stakeholders on security topics during project planning and testing phases.
• Promote innovative technologies to enhance cybersecurity posture.
• Ensure alignment of project delivery with cybersecurity policies and risk guidelines.

Security Awareness & Training

• Collaborate with internal departments such as risk, legal, compliance, and HR.
• Run targeted awareness and training programs tailored for departments and executives.
• Engage with industry peers to track evolving threats and best practices.

Language Requirements

• English: Fluent (oral and written) – Mandatory
• French and/or Dutch: Preferred

Education & Certifications

• Degree in Cybersecurity, IT Risk Management, or related field
• Certifications such as CISM, CISSP, NIS2, GDPR, ISO 27001 Lead Implementer

Experience:

• Technical Skills: Strong hands-on expertise with firewalls, SIEM, IDS/IPS, encryption, and cloud security.
• Risk Expertise: Skilled in risk and vulnerability management, third-party risk oversight.
• Regulatory Knowledge: Solid understanding of frameworks such as DORA, PCI-DSS, GDPR.
• Leadership & Communication: Effective at translating complex topics for senior and non-technical stakeholders.
• Stakeholder Engagement: Experienced in working with executive teams and regulatory bodies.
• Experience: 5–7+ years in information security, including 3+ years in a leadership role, ideally within financial services.
• Bonus: Experience with payment institutions and the specific security risks they face.