Contract Type: Time & Material (Part-time – approx. 132 days)
Evaluation: 50% Quality – 50% Price
Role Overview
Within the Strategic Information Security Department, the selected consultant will support the implementation and continuous improvement of the Information Security Management System (ISMS) and Information Security Risk Management framework.
The role requires strong expertise in ISO 27001 implementation and will play a key part in governance activities, particularly in the context of NIS2 compliance and evolving responsibilities within the 2nd Line of Defense.
Key Responsibilities
* Support Information Security (IS) and internal stakeholders in risk management aligned with NIS2 legislation (focus on business risks and consolidation of NIS risks)
* Contribute to process risk management and provide advisory support on Information Security topics
* Participate in the integration of various security disciplines (IS, Privacy, IT Security, Internal Control, Cybersecurity)
* Maintain and improve the ISMS framework, including:
* ISMS scope, policies, guidelines, and processes (based on ISO 27001)
* Documentation such as objectives, annual plans, compliance and maturity assessments
* Management reporting and steering committee presentations
* Contribute to the ISO 27001 certification process within the NIS2 scope
* Support governance activities and collaborate with other departments involved in ISMS
* Assist in training activities (content creation, delivery, etc.) when required
Mandatory Requirements (Must-Have)
* Certifications
CRISC (Certified in Risk and Information Systems Control) and/or
CISSP (Certified Information Systems Security Professional)
Certificate must be provided with the application
Experience & Skills
* Proven experience in an Information Security role
* Demonstrable experience with ISO 27001 implementation
* Strong knowledge of Information Security Risk Management (ISO 27005 and/or ISO 31000)
* Hands-on experience with:
* Microsoft Purview DLP
* Data retention in OpenText ECM/xECM
* Higher education (Bachelor’s or Master’s degree) or equivalent through experience
* Strong interpersonal and communication skills (team collaboration)
* Ability to work both independently and in a team environment
Languages
* Dutch – CEFR C2 level (mandatory)
* RTR document must be signed and submitted with the CV
Nice-to-Have Requirements
* Experience with test data masking and anonymization in non-production environments
* Knowledge of Cybersecurity and NIS2 legislation
* Experience within the Belgian energy sector
* English proficiency at C1 level
Additional Information
* Location: Client office in Melle, with occasional travel to other sites
* Hybrid model:
* Minimum 1 day/week onsite (typically Monday)
* Remote work possible depending on agreement with the manager
* Flexibility required for occasional increased onsite presence
The requirement “5 years of experience with the technology or similar” will be considered nice-to-have rather than strictly mandatory.
#J-18808-Ljbffr