Afarax is looking for a freelance Group Security Capability Lead. We need you!
The project:Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Group Security Capability Lead to strengthen their team.
Key responsibilities:1. Vision & RoadmapDefine and maintain a clear vision and purpose for the security capability, aligned with Group Cyber strategy, business priorities and regulatory obligations (e.g. NIS2).Translate strategic objectives into a prioritised, outcome-driven roadmap, balancing short-term risk reduction with long-term capability maturity.Continuously review and adapt the roadmap based on outcomes, stakeholder feedback, delivery realities and evolving threat landscapes.Actively socialise and defend the vision, creating alignment across Group leadership, entities, IT, security and business stakeholders.2. Outcome Focus & Risk ReductionOwn measurable outcomes, not just outputs, including:Cyber risk and exposure reductionCompliance and audit readinessOperational resilience and response capabilityBusiness enablement (digital products, secure access, automation)Define success metrics and feedback loops to track impact and steer prioritisation.Shape demand by challenging assumptions, avoiding "order-taker" behaviour and focusing teams on the highest-value problems.Ensure work is sliced to deliver incremental, tangible value each cycle.3. Team Building & Capability LeadershipShape and evolve the capability teams and squad structures, ensuring the right mix of skills, seniority and capacity in line with the digital long term sourcing model & plan.Attract, develop and retain talent through coaching, feedback and clear development paths.Build a shared identity and culture around ownership, accountability, collaboration and continuous improvement.Foster psychological safety and high engagement while maintaining high delivery standards.4. Financial OwnershipOwn the capability budget end-to-end, including:Platform and tooling costsDelivery and run capacityExternal partners and vendorsBalance cost, risk reduction and long-term value, avoiding both over-engineering and under-investment.Support epic-level business cases, investment decisions, stage gating and trade-offs.Provide transparent forecasting, actuals tracking and variance explanations to stakeholders.5. Architecture & Technical CoherenceEnsure the capability evolves within a coherent, sustainable and enterprise-aligned architecture.Align with Group Enterprise Architecture, while empowering capability squads to own technical decisions within clear guardrails.Prevent fragmentation, duplication and vendor lock-in across entities.Balance innovation with stability, security and operational manageability.Ensure alignment between the different security & foundations capabilities (IAM, SOC, Network, Cloud, Data, SSDLC, etc.)6. Data-Driven Decision MakingUse data to steer prioritisation, delivery, operational improvement and risk management.Ensure reliability, accessibility and appropriate governance of capability-related data.Build a culture where decisions are informed by evidence, trends and feedback rather than intuition.Collaborate with data governance and enterprise standards to ensure consistency and compliance.7. Predictable DeliveryEstablish disciplined planning and prioritisation practices.Monitor flow, dependencies and risks proactively.Provide transparent reporting on progress, risks and commitments to stakeholders, including senior leadership.Foster continuous improvement through metrics, retrospectives and learning loops.8. Optimal Run & Operational ExcellenceEnsure stable, secure and high-performing operation of the capability.Define and maintain clear operational models, ownership boundaries and SLAs.Reduce manual effort, complexity and run cost through standardisation, automation and simplification.Use incidents, audits and near-misses as input for structural improvement, not just firefighting.Establish ITSM processes to ensure qualitative delivery to all entities9. Transformative LeadershipBring clarity in ambiguity and momentum in complex, federated environments.Lead with resilience, pragmatism and persistence through non-linear transformation journeys.Influence behaviours, priorities and decisions without relying on hierarchy.Challenge constructively, including senior stakeholders, when required to protect outcomes and integrity.
Is this you?Experience:Proven experience owning a product, platform or capability end-to-end in a complex organisation.Experience in several cybersecurity domains (e.g. IAM, SOC, Vulnerability Management, Network or Cloud Security).Exposure to large, federated or multi-entity environments.Experience balancing transformation, delivery and run responsibilities.Budget ownership and financial decision-making experience.Skills & Competencies:Strong strategic and systems thinkingAbility to translate cyber risk into business-relevant prioritiesComfortable operating in ambiguity and transitional statesStrong stakeholder management and influencing skillsPragmatic, outcome-driven mindset (not tool- or framework-driven)Education & Qualifications:Master's degree in Engineering, Computer Science, Cyber Security or equivalent experience.Relevant security or leadership certifications are a plus.
How afarax supports you?You benefit from our extensive networkYou will have access to projects that fit your expertiseWe help and support you throughout your projectWe offer the possibility to build a valuable and lasting partnershipCheck out more projects on: https://afarax.be/jobs/type/freelance/