Chief Information Security Officer

Job Title: Chief Information Security Officer (CISO)

Role Profile: S8 – Security – Consultant Security – Expert

Work Location:

AXEPTA Office Brussels

Montagne du Parc 3,

1000 Brussels, Belgium

Start Date: 16/07/2025

End Date: 15/07/2026

Work Mode: Hybrid (60% on-site – Tuesday, Thursday + 1 day of choice; 40% homeworking)

Mission Context

A payment institution within the, is seeking a highly experienced, hands-on Chief Information Security Officer (CISO) to lead its cybersecurity and IT risk management initiatives. This critical role involves shaping and executing a comprehensive information security strategy aligned with business goals, regulatory requirements (DORA, PCI-DSS, GDPR),

The CISO will report directly to the CIO and work closely with both internal stakeholders and counterparts to ensure the confidentiality, integrity, and availability of systems and data.

Key Responsibilities

Cybersecurity Strategy & Governance

• Define and implement the cybersecurity strategy aligned with organizational priorities.
• Develop and manage governance structures for cybersecurity and IT risk within the first line of defense.
• Maintain a cybersecurity framework: policies, guidelines, control plans, KPIs.
• Chair the quarterly Information Security Steering Committee (ISSC).

IT Risk Management

• Conduct IT risk assessments and lead vulnerability management.
• Guide risk mitigation for new technologies and ensure regulatory compliance.
• Track and report on cybersecurity programs and risk remediation plans.
• Collaborate with ITRO, CRO, and second line of defense to manage risk dashboards and audit follow-up.
• Coordinate responses to regulatory requests on cybersecurity topics.

Security Operations & Incident Response

• Oversee day-to-day security operations and continuous monitoring.
• Manage critical third-party security monitoring.
• Coordinate with CISO team during cyber incidents and crisis response.
• Ensure incident response procedures are tested and operational.

Cybersecurity Projects & Expertise Sharing

• Support strategic projects, pen testing, red teaming, and technical reviews.
• Stay ahead of emerging cybersecurity threats and technologies.
• Integrate cybersecurity policies into project delivery lifecycle.
• Collaborate with procurement and legal to embed IT security in supplier contracts.

Security Awareness & Training

• Lead internal awareness programs for employees and business units.
• Build internal and external security networks within and industry peers.
• Align cybersecurity communication with compliance, HR, and legal teams.

Required Experience & Knowledge

Professional Experience

• 5–7 years in information security, with 3+ years in a leadership role.
• Proven experience in financial services, preferably payment institutions.
• Strong understanding of payment systems security and regulatory frameworks.

Technical Skills

• Deep hands-on expertise in:
• Network & infrastructure security (firewalls, IDS/IPS, encryption)
• SIEM, monitoring, endpoint security tools
• Cloud security (IaaS, SaaS, hybrid environments)

Risk & Compliance

• Strong background in IT risk management, third-party risk, and vulnerability assessments.
• Knowledge of DORA, PCI-DSS, GDPR, ISO 27001, NIS2 standards.

Soft Skills

• Leadership and stakeholder management, including C-level and regulators.
• Strong written and verbal communication skills.
• Ability to translate technical risks into business impact.
• Proactive and accountable in a lean organizational context.

Languages

• English: Fluent (mandatory)
• Dutch and/or French: Preferred

Education & Certifications

• Degree in Cybersecurity, Information Systems, or Risk Management
• Certifications preferred:
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Implementer
• NIS2-related credentials
• Knowledge of GDPR