Cyber Security Consultant

We are looking for Security / Cybersecurity Expert (ISO 27001 – NIS2).

Location: Brussels, 2 days/office.

Language: EN (FR or NL are an asset, not mandatory).

Team: 5 colleagues (new team). Consultant will be working on the cyber security activities

Tasks: 80% technical (execution of the below indicated tasks), 20% communication with steerco and management reporting (good presentation, communication and organisation skills).

Duration: aligned with ISO 27001 certification roadmap and ongoing security maturity objectives.

Seniority: Medior - Senior (7-10 years).

Contractor – Security / Cybersecurity Expert (ISO 27001 – NIS2)

We are is strengthening Information Security and Cybersecurity Management, to support its business objectives and alignment with telecom partners.

The contractor will play a key role in supporting and coordinating with its telecom operators, to enhance overall cybersecurity maturity, and achieve and maintain ISO 27001 certification.

Mission & Objectives

The Security / Cybersecurity Expert will:

- Support the design, implementation, and continuous improvement of the Information Security Management System (ISMS) in line with ISO 27001 and NIS2 requirements.

- Ensure effective implementation of organizational, operational, and technical security measures.

- Coordinate security governance and operational security practices between us and telecom partners.

- Oversee and follow up on key security capability initiatives, such technical implementation projects and operational process definition & roll-out (for example, SIEM, SOC, backup/restore, DR/BCP).

- Contribute to audit readiness and certification processes.

1. Governance & ISMS Management

- Develop, review, and maintain

o Security policies

o Standards and guidelines

o Operational security procedures

- Conduct and maintain

o Risk assessments and risk treatment plans

o Statement of Applicability (SoA)

o Asset inventory and classification framework

- Ensure documentation and evidence collection aligned with ISO 27001 requirements.

- Prepare and support internal and external audits.

- Coordinate management reviews and reporting.

2. Organizational & Operational Security

- Define and formalize security roles and responsibilities.

- Implement and improve:

o Access management processes

o Incident response processes

o Vulnerability management lifecycle

o Supplier security management

- Support awareness and training initiatives.

3. Technical Security Oversight

- Provide expert guidance and follow-up for technical security implementations, including:

o Backup & restore platform implementation and validation

o SIEM platform deployment and use-case development

o SOC setup or improvement (internal or external model)

o Vulnerability scanning and remediation tracking

o Disaster Recovery (DR) and Business Continuity (BCP) framework implementation

o Hardening standards and secure configuration baselines

The contractor is not necessarily expected to perform hands-on configuration but must be deeply involved of:

- Challenging technical design decisions

- Validating security architecture choices

- Ensuring traceability to risk treatment plans

- Verifying control effectiveness

4. Security Capability Development

- Define and enhance:

o Security monitoring capabilities

o Threat detection and response processes

o Business continuity and disaster recovery scenarios

- Ensure integration between governance framework and technical capabilities.

- Establish KPIs and reporting mechanisms for security performance.

Expected Deliverables

- Documented operational procedures

- Oversight reports for technical security projects

- Risk assessment and treatment documentation

- Audit preparation material

- Security roadmap and maturity improvement plan

- Governance reporting dashboards

- ISO 27001-compliant ISMS documentation

- Statement of Applicability

Your profile

Experience

- Average 7-10 years of experience in cyber-security and information security management.

- Proven experience in ISO 27001 implementation and certification support.

- Experience in telecom or highly regulated environments is a strong asset.

- Experience working in multi-stakeholder environments (internal teams + operators/partners).

Technical & Functional Competencies

- Strong knowledge of:

o ISO 27001 and ISO 27002 controls

o NIS2 framework

o Risk management methodologies

o Security governance frameworks

o SOC & SIEM architectures

o Backup, DR, and BCP frameworks

o Vulnerability management processes

- Ability to bridge governance and technical implementation.

- Strong documentation and structuring skills.

- Audit experience (internal or external).

Soft Skills

- Autonomous and structured.

- Strong stakeholder management capabilities.

- Ability to work at strategic and operational levels.

- Clear communicator (technical and executive audiences).

- Pragmatic and solution-oriented.

Reporting & Collaboration

- Reports to management.