Chief Information Security Officer

We are hiring a Chief Information Security Officer (CISO) to lead the organization’s information security strategy, cyber risk management, and compliance with ISO 27001 and CSSF regulations. Reporting directly to the Managing Partner and part of the Management Committee, you will drive initiatives that protect critical systems, ensure regulatory alignment, and cultivate a culture of security across the enterprise.

This is a key leadership role for an experienced cybersecurity executive looking to make a strategic impact.

Key Responsibilities

Security Strategy & Leadership

• Develop and execute the enterprise-wide information security strategy aligned with ISO 27001 and business goals.
• Promote a security-first culture through awareness training and strong governance.
• Serve as a strategic advisor to senior leadership on cybersecurity trends and threats.

Compliance & Risk Management

• Lead the Information Security Management System (ISMS), ensuring compliance with ISO 27001, PCI DSS, and DORA.
• Conduct enterprise-wide risk assessments and manage audit processes.
• Ensure full compliance with GDPR, CSSF, and NIS2 regulatory frameworks.

Security Operations & Incident Management

• Oversee threat detection, incident response planning, and mitigation.
• Implement and manage technical controls including identity access management (IAM), vulnerability management, and security architecture.
• Coordinate security operations across IT teams and infrastructure.

Governance, Reporting & Resilience

• Define and track key security performance indicators (KPIs) and report regularly to the executive team.
• Maintain strong relationships with regulatory authorities and external auditors.
• Ensure the development and testing of robust business continuity and disaster recovery plans.

Your Profile

Experience & Skills

• Proven experience as a CISO, Security Director, or Cybersecurity Executive.
• Strong expertise in ISO 27001, PCI DSS, NIST, CIS, DORA, and GDPR.
• Hands-on experience in:
• Identity & Access Management (IAM)
• Network Security
• Security Governance and Architecture
• Risk and Vulnerability Management
• Track record of building and leading security teams.
• Demonstrated ability to align cybersecurity with broader business strategy.

Regulatory & Market Knowledge

• Deep knowledge of Luxembourg’s CSSF framework and EU compliance standards (NIS2, GDPR, DORA).

Languages

• French: Fluent (C1)
• English: Fluent (C1)