TASKS
develops, updates and translates the cybersecurity and information security policy into clear frameworks, standards and guidelines
works from a recognized framework (such as NIST) and systematically monitors the maturity of cybersecurity within the organization
initiate and drive cyber-related initiatives and improvement processes based on market insights, risk analyses, incidents, audits and strategic priorities
manages the entire risk management cycle from a reputation frame of reference, identification, protection, prevention, response and recovery
monitors the incident response and crisis management framework for cyber and information security incidents and takes on a coordinating role in the event of incidents and data breaches
identify, assess and follow up on cyber risks throughout the organisation, with a focus on continuity, compliance and reputation
collaborates with ICT, data, legal and other services on cyber-relevant processes (such as change and run), with a focus on governance and risk management
acts as a substantive point of contact for internal and external audits and for cyber and risk-related aspects within supplier and contract management
provides board and management with clear reporting and advice on cyber risks, priorities and evolutions.
WHO ARE YOU
Strategically strong expert who can approach cyber security throughout the organization and can clearly translate complex matter into policy and decisions.
PREREQUISITES
A master's degree, preferably in an ICT or business administration, or an equivalent level through relevant and demonstrable experience.
Extensive knowledge of ICT risk management and cybersecurity, with a good understanding of IT infrastructures, networks, cloud and data environments.
Familiar with risk management within IT and digital ecosystems, including 3rd party and supplier risks.
Have in-depth knowledge of cyber and risk management frameworks (such as NIST) and can apply them pragmatically in an organizational context.
Insight into ICT service management and ITIL principles, in particular in relation to change and run processes.
Knowledge of relevant laws and regulations, such as the broad outlines of NIS2, and can translate their impact into policy and governance.
Analysing and weighing up risks and providing clear and substantiated advice to management and the board.
Communicate fluently and convincingly, both in writing and orally, and can facilitate cooperation and coordination.