Location: Melle, Belgium (Hybrid)Start Date: 09/06/2026End Date: 09/06/2027Contract Type: Time & Material (Part-time – approx. 132 days)Evaluation: 50% Quality – 50% PriceRole OverviewWithin the Strategic Information Security Department, the selected consultant will support the implementation and continuous improvement of the Information Security Management System (ISMS) and Information Security Risk Management framework.The role requires strong expertise in ISO 27001 implementation and will play a key part in governance activities, particularly in the context of NIS2 compliance and evolving responsibilities within the 2nd Line of Defense.Key ResponsibilitiesSupport Information Security (IS) and internal stakeholders in risk management aligned with NIS2 legislation (focus on business risks and consolidation of NIS risks)Contribute to process risk management and provide advisory support on Information Security topicsParticipate in the integration of various security disciplines (IS, Privacy, IT Security, Internal Control, Cybersecurity)Maintain and improve the ISMS framework, including:ISMS scope, policies, guidelines, and processes (based on ISO 27001)Documentation such as objectives, annual plans, compliance and maturity assessmentsManagement reporting and steering committee presentationsContribute to the ISO 27001 certification process within the NIS2 scopeSupport governance activities and collaborate with other departments involved in ISMSAssist in training activities (content creation, delivery, etc.) when requiredMandatory Requirements (Must-Have)CertificationsCRISC (Certified in Risk and Information Systems Control) and/orCISSP (Certified Information Systems Security Professional)Certificate must be provided with the applicationExperience & SkillsProven experience in an Information Security roleDemonstrable experience with ISO 27001 implementationStrong knowledge of Information Security Risk Management (ISO 27005 and/or ISO 31000)Hands-on experience with:Microsoft Purview DLPData retention in OpenText ECM/xECMHigher education (Bachelor’s or Master’s degree) or equivalent through experienceStrong interpersonal and communication skills (team collaboration)Ability to work both independently and in a team environmentLanguagesDutch – CEFR C2 level (mandatory)RTR document must be signed and submitted with the CVNice-to-Have RequirementsExperience with test data masking and anonymization in non-production environmentsKnowledge of Cybersecurity and NIS2 legislationExperience within the Belgian energy sectorEnglish proficiency at C1 levelAdditional InformationLocation: Client office in Melle, with occasional travel to other sitesHybrid model:Minimum 1 day/week onsite (typically Monday)Remote work possible depending on agreement with the managerFlexibility required for occasional increased onsite presenceImportant NoteThe requirement “5 years of experience with the technology or similar” will be considered nice-to-have rather than strictly mandatory.