The Senior Information Security Analyst – NIS2 & ISO 27001 plays a pivotal role in bridging the gap between NIS2 and ISO 27001 audit requirements and their effective implementation within IT and OT environments. Operating in the energy sector—critical for societal and economic continuity—you will contribute to ensuring compliance with the Belgian NIS2 Law and ISO 27001 standards, strengthening cybersecurity, resilience, and incident management for essential services.
Your core mission is to translate complex regulatory, legal, and audit requirements into clear functional overviews and actionable technical requirements. You will structure and clarify the work required for implementation teams and lead the documentation effort required to support compliance and audit readiness. This includes conducting in‐depth interviews with business and technical stakeholders, creating structured templates, and ensuring traceability from audit findings to remediation actions.
You act as a strategic partner by supporting intake, scoping, planning, and delivery while maintaining a strong focus on timing, priorities, and dependencies. Through strong analytical skills, effective communication, and collaboration, you support the seamless integration of mandatory cybersecurity requirements into operational and business processes—helping protect the systems that "keep the lights on".
Tasks
* Audit, Governance, Risk & Compliance Support
* Analyse and translate audit findings into clear remediation actions and functional requirements.
* Support follow‐up and tracking of remediation actions until closure.
* Contribute to risk assessments, control design, and control testing activities.
* Support internal and external audits and ensure documentation and evidence are audit‐ready.
* Support third‐party and vendor‐related risk assessments where required.
* Contribute to maintaining and improving security documentation (policies, standards, procedures, and guidelines).
* Ensure alignment with incident management and reporting obligations under NIS2.
* PI Objectives, Preparation, Scoping & Planning
* Support during intake and shaping of the NIS2 and ISO 27001 compliance roadmap.
* Facilitate workload estimations and support definition of scope, milestones, and planning, with a strong focus on timing and feasibility.
* Analyse NIS2 and ISO 27001 audit and regulatory requirements to identify applicable obligations and controls for essential service entities.
* Perform gap analysis based on internal and external audit findings, identifying non‐conformities, weaknesses, and improvement opportunities.
* Capture, consolidate, challenge, and manage requirements derived from audits, regulations, and stakeholders.
* Conduct high‐level impact analyses (As‐Is / To‐Be) across Business, IT and OT contexts to define compliant target states.
* Support evaluation of solution feasibility, considering affordability, proportionality, fit‐for‐purpose, and value for money.
* Manage a broad and diverse stakeholder landscape across Business, IT, OT, and external parties.
* Further elaborate epics, features, user stories, tasks, and subtasks to give structure and clarity to delivery.
* Follow‐up, Delivery Support & Documentation
* Bridge the gap between complex audit and regulatory requirements and practical technical implementations.
* Define and maintain a structured documentation framework supporting compliance, traceability, and audit readiness.
* Define functional and non‐functional acceptance criteria to ensure solutions meet NIS2 and ISO 27001 requirements.
* Provide implementation teams with clear, structured input to support secure and compliant technical solutions.
* Develop and maintain templates enabling estimation, documentation, and maturity tracking.
* Lead the documentation process through structured interviews with business and technical experts.
* Ensure traceability from audit findings → gaps → remediation actions → evidence.
* Assist the Product Owner in managing and refining the backlog, including prioritisation and supporting documentation.
* Work closely with architects, product owners and developers to support high‐quality, compliant implementations.
Competences
* Strong experience in implementing and working with ISO 27001 and audits.
* Extensive experience writing security policies, processes, and procedures
* Able to plan, structure, and follow up own tasks.
* In‐depth experience in governance, risk and compliance (GRC) activities, including risk assessments.
* Experience operating GRC solutions.
* Strong experience in third‐party risk management.
* Able to read, analyse, and interpret legal and audit requirement documents.
* Strong background in architecture and technical development.
* Extensive experience in technical analysis, preferably with prior development experience.
* Solid understanding of infrastructure and software components (networks, operating systems, databases, development technologies).
* Basic knowledge of service management tools.
* Strong stakeholder management skills, including interaction with external actors.
* Able to connect and communicate effectively with business and technical stakeholders.
* Strong team player, while able to work autonomously.
* Experience following up team delivery using Jira and Confluence.
* Strong critical thinking skills, focused on continuous improvement and creativity.
* Proficient in English (written and spoken) and good knowledge of French and/or Dutch is a plus.
Background
* Master's degree in exact sciences, preferably in IT, or equivalent experience.
* Alternatively, a Bachelor's degree in exact sciences with significant relevant professional experience.
* Strong professional background in information security, technical analysis, and compliance‐driven environments.
* Experience working in regulated or audit‐driven contexts, preferably within critical infrastructure or energy sectors.
* Proven experience with ISO 27001 implementation and audit preparation.
* Relevant certifications are preferred: CISSP, CISM, ISO 27001 Lead Implementer, ISO 27005.