We are looking for Security / Cybersecurity Expert (ISO 27001 – NIS2).
Location: Brussels, 2 days/office.
Language: EN (FR or NL are an asset, not mandatory).
Team: 5 colleagues (new team). Consultant will be working on the cyber security activities
Tasks: 80% technical (execution of the below indicated tasks), 20% communication with steerco and management reporting (good presentation, communication and organisation skills).
Duration: aligned with ISO 27001 certification roadmap and ongoing security maturity objectives.
Seniority: Medior - Senior (7-10 years).
Contractor – Security / Cybersecurity Expert (ISO 27001 – NIS2)
We are is strengthening Information Security and Cybersecurity Management, to support its business objectives and alignment with telecom partners.
The contractor will play a key role in supporting and coordinating with its telecom operators, to enhance overall cybersecurity maturity, and achieve and maintain ISO 27001 certification.
Mission & Objectives Support the design, implementation, and continuous improvement of the Information Security Management System (ISMS) in line with ISO 27001 and NIS2 requirements.
Ensure effective implementation of organizational, operational, and technical security measures.
Coordinate security governance and operational security practices between us and telecom partners.
Oversee and follow up on key security capability initiatives, such technical implementation projects and operational process definition & roll‑out (for example, SIEM, SOC, backup/restore, DR/BCP).
Contribute to audit readiness and certification processes.
1. Governance & ISMS Management Develop, review, and maintain Security policies
Standards and guidelines
Operational security procedures
Conduct and maintain Risk assessments and risk treatment plans
Statement of Applicability (SoA)
Asset inventory and classification framework
Ensure documentation and evidence collection aligned with ISO 27001 requirements.
Prepare and support internal and external audits.
Coordinate management reviews and reporting.
2. Organizational & Operational Security Define and formalize security roles and responsibilities.
Implement and improve: Access management processes
Vulnerability management lifecycle
Supplier security management
Support awareness and training initiatives.
3. Technical Security Oversight Provide expert guidance and follow‑up for technical security implementations, including: Backup & restore platform implementation and validation
SIEM platform deployment and use‑case development
SOC setup or improvement (internal or external model)
Vulnerability scanning and remediation tracking
Disaster Recovery (DR) and Business Continuity (BCP) framework implementation
Hardening standards and secure configuration baselines
The contractor is not necessarily expected to perform hands‑on configuration but must be deeply involved in: Challenging technical design decisions
Validating security architecture choices
Ensuring traceability to risk treatment plans
Verifying control effectiveness
4. Security Capability Development Define and enhance: Security monitoring capabilities
Threat detection and response processes
Business continuity and disaster recovery scenarios
Ensure integration between governance framework and technical capabilities.
Establish KPIs and reporting mechanisms for security performance.
Documented operational procedures
Oversight reports for technical security projects
Risk assessment and treatment documentation
Security roadmap and maturity improvement plan
ISO 27001‑compliant ISMS documentation
Statement of Applicability
Your profile Experience Average 7‑10 years of experience in cyber‑security and information security management.
Proven experience in ISO 27001 implementation and certification support.
Experience in telecom or highly regulated environments is a strong asset.
Experience working in multi‑stakeholder environments (internal teams + operators/partners).
Technical & Functional Competencies Strong knowledge of: ISO 27001 and ISO 27002 controls
NIS2 framework
Security governance frameworks
Backup, DR, and BCP frameworks
Vulnerability management processes
Ability to bridge governance and technical implementation.
Strong documentation and structuring skills.
Audit experience (internal or external).
Soft Skills Autonomous and structured.
Strong stakeholder management capabilities.
Ability to work at strategic and operational levels.
Clear communicator (technical and executive audiences).
#J-18808-Ljbffr