Information Security Officer

Information Security Officer

The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). The ISO needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations.

Responsibilities

• Co-managing the design and operation of the ISMS based on ISO 27001.
• Organizing and guiding periodic risk assessments (eg, using IRAM or ISO 27005) and translating outcomes into priorities.
• Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles.
• Conducting or coordinating third-party risk assessments (supply chain risks).
• Supporting the implementation of legal frameworks like NIS2 and ISO 27001.
• Developing and maintaining practical security policies, standards, and guidelines.
• Guiding internal controls, audits, and management reporting.

Deliverables

• A fully operational and maintained ISMS (ISO 27001 compliant).
• Completed and documented periodic risk assessments (IRAM/ISO 27005) with clear action plans.
• Established and embedded secure-by-design processes for new IT projects and architecture.
• Executed third-party risk assessments for key suppliers.
• Fully developed and practically implemented security policies and guidelines.