We are looking for Security / Cybersecurity Expert (ISO 27001 – NIS2).
Location: Brussels, 2 days/office.
Language: EN (FR or NL are an asset, not mandatory).
Team: 5 colleagues (new team). Consultant will be working on the cyber security activities
Tasks: 80% technical (execution of the below indicated tasks), 20% communication with steerco and management reporting (good presentation, communication and organisation skills).
Duration: aligned with ISO 27001 certification roadmap and ongoing security maturity objectives.
Seniority: Medior - Senior (7-10 years).
Contractor – Security / Cybersecurity Expert (ISO 27001 – NIS2)
We are is strengthening Information Security and Cybersecurity Management, to support its business objectives and alignment with telecom partners.
The contractor will play a key role in supporting and coordinating with its telecom operators, to enhance overall cybersecurity maturity, and achieve and maintain ISO 27001 certification.
Mission & Objectives
The Security / Cybersecurity Expert will:
- Support the design, implementation, and continuous improvement of the Information Security Management System (ISMS) in line with ISO 27001 and NIS2 requirements.
- Ensure effective implementation of organizational, operational, and technical security measures.
- Coordinate security governance and operational security practices between us and telecom partners.
- Oversee and follow up on key security capability initiatives, such technical implementation projects and operational process definition & roll-out (for example, SIEM, SOC, backup/restore, DR/BCP).
- Contribute to audit readiness and certification processes.
1. Governance & ISMS Management
- Develop, review, and maintain
o Security policies
o Standards and guidelines
o Operational security procedures
- Conduct and maintain
o Risk assessments and risk treatment plans
o Statement of Applicability (SoA)
o Asset inventory and classification framework
- Ensure documentation and evidence collection aligned with ISO 27001 requirements.
- Prepare and support internal and external audits.
- Coordinate management reviews and reporting.
2. Organizational & Operational Security
- Define and formalize security roles and responsibilities.
- Implement and improve:
o Access management processes
o Incident response processes
o Vulnerability management lifecycle
o Supplier security management
- Support awareness and training initiatives.
3. Technical Security Oversight
- Provide expert guidance and follow-up for technical security implementations, including:
o Backup & restore platform implementation and validation
o SIEM platform deployment and use-case development
o SOC setup or improvement (internal or external model)
o Vulnerability scanning and remediation tracking
o Disaster Recovery (DR) and Business Continuity (BCP) framework implementation
o Hardening standards and secure configuration baselines
The contractor is not necessarily expected to perform hands-on configuration but must be deeply involved of:
- Challenging technical design decisions
- Validating security architecture choices
- Ensuring traceability to risk treatment plans
- Verifying control effectiveness
4. Security Capability Development
- Define and enhance:
o Security monitoring capabilities
o Threat detection and response processes
o Business continuity and disaster recovery scenarios
- Ensure integration between governance framework and technical capabilities.
- Establish KPIs and reporting mechanisms for security performance.
Expected Deliverables
- Documented operational procedures
- Oversight reports for technical security projects
- Risk assessment and treatment documentation
- Audit preparation material
- Security roadmap and maturity improvement plan
- Governance reporting dashboards
- ISO 27001-compliant ISMS documentation
- Statement of Applicability
Your profile
Experience
- Average 7-10 years of experience in cyber-security and information security management.
- Proven experience in ISO 27001 implementation and certification support.
- Experience in telecom or highly regulated environments is a strong asset.
- Experience working in multi-stakeholder environments (internal teams + operators/partners).
Technical & Functional Competencies
- Strong knowledge of:
o ISO 27001 and ISO 27002 controls
o NIS2 framework
o Risk management methodologies
o Security governance frameworks
o SOC & SIEM architectures
o Backup, DR, and BCP frameworks
o Vulnerability management processes
- Ability to bridge governance and technical implementation.
- Strong documentation and structuring skills.
- Audit experience (internal or external).
Soft Skills
- Autonomous and structured.
- Strong stakeholder management capabilities.
- Ability to work at strategic and operational levels.
- Clear communicator (technical and executive audiences).
- Pragmatic and solution-oriented.
Reporting & Collaboration
- Reports to management.