Information Security Officer (ISO) - EZK

The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). De professional needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations.

Verantwoordelijkheden:

• Co-managing the design and operation of the ISMS based on ISO 27001.
• Organizing and guiding periodic risk assessments (e.g., using IRAM or ISO 27005) and translating outcomes into priorities.
• Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles.
• Conducting or coordinating third-party risk assessments (supply chain risks).
• Supporting the implementation of legal frameworks like NIS2 and ISO 27001.
• Developing and maintaining practical security policies, standards, and guidelines.
• Guiding internal controls, audits, and management reporting.

Leveringen:

• A fully operational and maintained ISMS (ISO 27001 compliant).
• Completed and documented periodic risk assessments (IRAM/ISO 27005) with clear action plans.
• Established and embedded secure-by-design processes for new IT projects and architecture.
• Executed third-party risk assessments for key suppliers.
• Fully developed and practically implemented security policies and guidelines.

• Active certification such as CISSP, CISM, CRISC or equivalent are required.
• Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).
• Familiarity with NIS2, supply chain security, and third-party risk management.
• A completed higher professional (HBO)
• Minimum 8 years of experience in information security or cybersecurity (8 jaar)
• Extensive experience with Governance Risk and Compliance (GRC) within a complex organization (5 jaar)

Wensen

• Strong analytical skills and experience with risk management.
• Ability to structure and professionalize security governance.
• Excellent communication skills (bridging the gap between tech and management).
• Independence and a strong sense of responsibility.
• Pragmatic mindset with a focus on workable solutions.
• Organizational sensitivity and administrative insight.
• Experience with ISO 27001 ISMS implementation and maintenance.
• Knowledge of NIS2 requirements and implementation.
• Experience with supply chain security and third-party risk assessments.
• Familiarity with secure-by-design and secure-by-default principles.

Competenties

• Experience working within the government, public sector, or other strongly governed, complex environments.
• Pragmatic approach; the ability to translate complex security issues into workable solutions that fit the scale of the organization.
• Strong advisory skills; the ability to independently prepare decisions, structure dossiers, and clearly communicate with both technical specialists and management.

Reports to: CISO, Department Corporate Professions Works closely with: IT/Security team, Information Manager, Enterprise Architects, Legal/Compliance Acts as primary point of contact for information security governance, risk management, and ISMS operations within NEO.

De opdrachtgever is Sogeti Nederland B.V.

Optie tot verlenging: Niets over bekend.

Hybride: Geen verdere informatie

Fee: De administratieve partner rekent een aanvullende fee van € 2,50 boven op het uurtarief.