Chief Information Security Officer

Location: Brussels

Project Duration: 1 year to begin with

Working Style: Hybrid 3 days onsite

Who we are looking for

We’re seeking an experienced and hands-on Chief Information Security Officer (CISO) to lead cybersecurity and IT risk efforts within a regulated organization. The ideal candidate brings a blend of strategic vision, operational excellence, and strong stakeholder management to ensure the security and resilience of systems and data across the business.

Responsibilities

• Define and execute the organization’s cybersecurity strategy in alignment with business goals and regulatory requirements
• Establish and maintain a comprehensive governance framework for cybersecurity, including policies, controls, and monitoring tools
• Conduct IT risk assessments, manage vulnerabilities, and propose mitigation strategies for new technologies and projects
• Monitor internal and external cybersecurity posture, including third-party security oversight
• Lead responses to cybersecurity incidents and crises in coordination with internal and external stakeholders
• Oversee the development and implementation of incident response procedures and ensure recovery of critical services
• Support strategic and operational projects by providing security expertise throughout planning, design, and delivery
• Ensure cybersecurity requirements are embedded in contracts, procurement processes, and vendor relationships
• Track progress of risk remediation initiatives and report regularly to senior leadership and oversight bodies
• Follow up on security audit findings and coordinate responses to regulators regarding cybersecurity matters
• Promote cybersecurity awareness through targeted training and internal campaigns across all business units
• Stay informed about emerging threats and technologies, and promote adoption of security innovations

Requirements

• Minimum 5 years of experience in information security, including at least 3 years in a leadership role
• Strong technical expertise in network and cloud security, system administration, and security tooling
• Demonstrated experience in IT risk management, including third-party risk and regulatory compliance (e.g. DORA, PCI-DSS, GDPR)
• Proven ability to communicate complex security issues to both technical and non-technical audiences
• Strong leadership and stakeholder management capabilities, including experience with regulatory interaction
• Ability to operate autonomously and take ownership within a lean organizational setup
• Relevant certifications (CISM, CISSP, ISO 27001 Lead Implementer, NIS2)
• Education in Cybersecurity, Risk Management, or a related discipline
• Fluent in English; Dutch and/or French are a plus