Expanding steadily since its launch in 2003, the ACENSI group is an IT consultancy firm, well known for their technical and functional know-how, who specialize in Telecommunications, Media and Financial Markets, as well as in the Energy industry. ACENSI guides businesses in evolutionary IT projects from the initial strategies through to their realization (Management and Project management, Development, Design and Implementation, Infrastructure). From its original focus on technical engineering and Business Analysis, ACENSI has developed new areas of expertise in Human Resource Management Systems, Business Intelligence, e-learning and Client Relationship Management. Dynamism, enthusiasm and social development are all valued at ACENSI, allowing our clients to benefit from consultants with a true blend of talents.
Scroll down for a complete overview of what this job will require Are you the right candidate for this opportunity
ACENSI BELGIUM is looking for his client a ISMS Expert
SUMMARY
The CISO Officer for NIS 2 & CyFun Compliance is responsible for ensuring SNCB's adherence to the latest European cybersecurity directives (NIS 2) and the implementation of Cyber Fundamentals. This role is designed to provide both continuity and flexibility in the same domain (ISMS-NIS 2 Compliance), allowing the incumbent to take up the function of Domain Lead ad interim, CISO Officer, or Project Manager as organizational needs evolve.
Key Responsibilities
• Lead the implementation and ongoing management of NIS 2 compliance, including gap analysis, policy development, and reporting.
• Oversee the CyFun (Cyber Fundamentals) program, ensuring all baseline security controls are in place and effective.
• Develop, implement, and maintain the Information Security Management System (ISMS) in line with ISO 27001, 27002, and 27005.
• Conduct regular risk assessments, internal audits, and control testing to ensure compliance with NIS 2, AI Act, GDPR, CER, and other relevant regulations.
• Coordinate with internal and external stakeholders (including auditors and regulators) to ensure timely and accurate compliance reporting.
• Provide training and awareness on NIS 2 and cyber fundamentals to staff and management.
• Support the CISO in strategic projects, including vendor assessments, technology risk reporting, and continuous improvement initiatives.
• Act as Domain Lead ad interim, CISO Officer, or Project Manager as required, ensuring business continuity and leadership coverage during transitions or organizational changes.
CONFORMITY CRITERIA
Industry Experience-as evidenced on CV
• Minimum 2 years in Railway Sector.
• At least 10 years' experience in enterprise IT, risk, and audit management, with a strong focus on cybersecurity, regulatory compliance, and IT governance.
• At least 2 years in a non-IT role (business role), such as marketing, finance, product development, operations, sales, procurement.
Required Qualifications
• Bachelor's degree at minimum.
• ISO 27001 Lead Auditor & Implementer.
• ISO 27005 Lead Risk Manager.
• Certified Internal Auditor (CIA.
Language Competencies
• Fluent in French/Dutch and English; basic Dutch/French.
Evaluation criteria
Required Qualifications & Experience
• Certified CISA & CISM training completed.
•Proven experience in implementing and auditing ISMS, NIS 2, SOX, GDPR, or related frameworks.
• Technical proficiency in ITGC, COBIT, and project management (Agile, Kanban, Confluence).
Domain Experience-as evidenced on CV
• Proven experience in leading the implementation and ongoing management of NIS 2 compliance, including gap analysis, policy development, and reporting.
• Proven experience in developing, implementing, and maintaining the Information Security Management System (ISMS) in line with ISO standards, such as ISO 27001, 27002, and 27005.
• Proven experience in developing, implementing, and maintaining the Information Security Management System (ISMS) in line with CyberFundamentals Framework.
• Proven experience in conducting risk assessments, internal audits, and control testing to ensure compliance with relevant regulations.
• Provide experience in providing training and awareness on NIS 2 and cyber fundamentals to staff and management.
Core Competencies as evidenced by previous roles
• Deep understanding of NIS 2 directive and European cybersecurity regulations.
• Strong analytical, audit, and risk management skills.
• Ability to communicate complex compliance requirements to technical and non- technical stakeholders.
• Autonomous, structured, and results- driven.
• Multicultural awareness and ability to work in diverse and multicultural teams.
• Flexibility to assume leadership roles as Domain Lead ad interim, CISO Officer, or Project Manager.
Soft Skills as evidenced by previous roles
• Problem-solving, coaching, and support. xphnsxz
• Team player, adaptable, and proactive.