The Business Information Security Officer (BISO) acts as the primary point of contact for business units on all information security matters. You will play a key role in embedding the "security by design" principle across projects and operations, ensuring that risks are properly identified, assessed, and mitigated.br/ br/ You will operate at the intersection of business, IT, and security, supporting both delivery teams and governance initiatives, while contributing to the organization's compliance efforts (notably ISO 27001 and NIS2).br/ br/ h2Key responsibilities /h2 ul liBusiness partnering Security advisory: ul liAct as the main security point of contact for assigned business units /li liSupport stakeholders in adopting and implementing security by design principles /li liTranslate security risks into actionable business and technical requirements /li /ul /li liSecure project delivery (SDLC / s-SDLC): ul liIntegrate security requirements throughout the Software Development Life Cycle (SDLC) and Secure SDLC (S-SDLC) /li liCollaborate closely with architects to ensure solutions align with security standards and best practices (infrastructure, cloud, network segmentation, etc.) /li liDefine, document, and validate security requirements for projects and RFPs /li /ul /li liRisk management: ul liIdentify, assess, and document information security risks /li liSupport the business in conducting risk assessments and defining mitigation strategies /li liApply recognized methodologies such as EBIOS Risk Manager (or Agile Rm) where relevant /li /ul /li liVendor solution Security: ul liContribute to the selection of vendors by evaluating security posture and compliance /li liEnsure third-party solutions meet internal security requirements /li /ul /li liGovernance, risk compliance (GRC): ul liSupport Theciso Ingrc activities, including: /li liReviewing and updating security policies /li liDesigning and refining procedures and processes (e.g., SDLC frameworks) /li liContribute to compliance initiatives, particularly: /li liISO 27001 /li liNIS2 directive readiness /li /ul /li liSecurity projects: ul liSupport and contribute to the implementation of key security initiatives such as: /li liIAM (Identity Access Management) /li liPAM (Privileged Access Management) /li liOther transversal security programs /li /ul /li liIncident crisis management: ul liActively support the organization during security incidents or crises /li liCollaborate with cross-functional teams to contain, remediate, and resolve incidents /li /ul /li /ul br/ h2Profile skills /h2 ul liTechnical expertise: ul liStrong understanding of IT environments /li liInfrastructure networks (including network segmentation) /li liCloud environments (Azure, AWS, or GCP) /li liProven experience embedding security into projects (SDLC / Secure SDLC) /li liSolid knowledge of: ISO 27001 /li liSecurity governance and risk frameworks /li liFamiliarity with: EBIOS Rm / Agile Rm (considered a strong plus) /li /ul /li liFunctional skills: ul liAbility to bridge the gap between technical teams and business stakeholders /li liExperience in risk assessment, requirements definition, and RFP processes /li liStrong analytical mindset with a pragmatic approach to problem-solving /li /ul /li liLanguages: ul liFluent in English /li liFrench/Dutch is a strong asset /li /ul /li /ul