Job Title : Cisco Officer

Location: Andelecht, Belgium (Hybrid – 2 to 3 Days/Week Onsite)

Duration: Till end of the Year+ Possible Extension
Languages: Dutch, French, English
Job Description:
Convert the CISO's vision and develop its strategy into high-level and cutting-edge solutions, processes and services
(including risk management), yet practical and pragmatic, with a view to adequately securing the means of
production of the client's organization (physical and electronic information/data as well as IT resources) and its
subsidiaries.

Main Activities:
Information Security Management:
 Identifies security protection objectives and metrics in accordance with CISO strategic plan and priorities
 actively maintains an information security management system (ISMS) in accordance with
International Standards (Imposed)
 is responsible for actively monitoring and completing the various CISO dashboards as well as other sources
of information in the CISO universe and implements appropriate corrective measures within the IT
organization
 ensures the sorting of emails received in the CISO inbox within the Cyber & Information Security Office tracks
defined actions of internal and external IT audits within the organization
 IT and provides monthly feedback to IT management as well as the client's internal audit department

Information Risk Management:

 establishes and maintains an information risk management framework based on the method
 ISF IRAM defines, describes and applies “Information Risk Analysis”, “Information Risk Treatment” and
“Information Risk Monitoring” processes, policies and standard defines and manages the approval and
evaluation process of these new processes and standards
 Integrates these information risk management processes into IT and business processes existing actively
executes, practically and pragmatically formulates, monitors and adjusts related risk analyses to information
for new projects and existing situations establishes and
 Maintains an information risk register notifies risks unequivocally and tracks mitigation actions sent to
Business Owners

CISO Solutions & Services team:

 defines requirements for cybersecurity solutions and services
 controls the cybersecurity services of IT subcontractors at the client's premises
 establishes, maintains and executes CSIRT (Cyber Security Incident Response Team) activities
 implements the strategy, solutions and governance of Identity & Access Management

Governance, policies and awareness:

 develops, obtains approval, communicates, enforces and monitors PSPGs (policies, standards, procedures
and guidelines) on information security and data protection in compliance with agreed frameworks and legal
regulations, according to the cycle of revision agreed
 develops and disseminates a long-term, company-wide information security awareness campaign, in close
collaboration with the client, HR and the communications department
 internal team, and existing training initiatives to raise awareness among internal and external employees
about information security and privacy risks and to train them in best practices
 involves security liaisons at the customer to execute and enforce policies, but also resolve incidents

Coordination and management:

 ensures the operational coordination and management of one or more projects and initiatives within the
Information Security department (priorities, budgets, resource and project planning)
 aligns, within the Cyber- & Information Security Office, with other departments such as IT Risk Management,
CISO Solution & Services, Information Security & Compliance including Data Protection, in terms of priorities
and interactions, and improves initiatives
 collaborates closely with the IT PMO so that it can align with existing IT project processes
Reporting:
 prepares quarterly reports regarding CISO areas for the attention of the management committee
 develops, prepares and monitors status reports (progress, budget, resources, planning, project models) on
these initiatives at senior management level
 develops, prepares and tracks reports on security findings from dashboards

IT compliance monitoring:
 establishes and maintains an IT compliance and audit framework in compliance with legal requirements or
strategic IT objectives
 collaborates closely with the Data Protection Officer and the Information Risk Manager (risk identification) to
share audit findings and compliance violations
 carries out IT audits and compliance engagements – based on information security and data protection
policies and information risk management processes – to identify breaches and violations
 facilitates the writing of conclusions, both at a high (executive summary) and technical level
 (architects/engineers/developers), including proposal of mitigation scenarios
 ensures administrative follow-up of recommendations arising from the IT audit which have not yet been put
in place

Knowledge development:
 stays informed of new developments in CISO fields and reviews how to apply them within the client's
organization
 stays informed of new security threats, market developments, technologies, relevant legislation, IT technical
developments and other security-related issues attends continuing basic training, seminars, etc.

CRITERIA:
Area of responsibility:
 Information Security Management
 Information Risk Management
 Équipe CISO Security Solutions & Services
 Information security and data protection governance, policies and awareness
 Coordination and management of one or more projects and one or more initiatives within the department of
information security
 Reporting on CISO domains and security findings
 IT compliance monitoring
 Updating and expanding your knowledge

Knowledge and complexity:

 Master's level or equivalent by experience
 Relevant professional experience of 3-5 years
 Integration period of a few months
 Knowledge of ISO2700x standards
 In-depth knowledge of one or more CISO domains (IT Risk Management, CISO Solution & Services,
Information Security & Compliance, etc. )
 Knowledge of security architecture and controls
 Knowledge of IT processes and technology
 Certificates: CISSP, CISM or CISA
 Knowledge of program management

Problems solving:
 Be able to convert the CISO strategic plan into objectives, indicators, actions, etc.
 Be able to execute several projects in parallel
 As part of projects, be able to distribute activities between several people
 Be able to draft and implement frameworks, procedures, policies, standards and programs sensitization
 Analyze security incidents and be able to propose solutions – which are sometimes not obvious
 Carry out correct risk assessments
  Prepare and give presentations to senior management and management
 Be able to keep knowledge up to date within a field governed by a rapid evolution curve(trends,
technologies, etc.)
 Demonstrate autonomy in managing your projects and project teams and in handling
questions/complaints/incidents
 Comply with the information security policy and vision, the CISO strategic plan, the ISO2700x standard,
current legislation (GDPR, NKI, NIS, etc.) and international standards
 Call on the manager in the event of escalations, to examine incidents, validate project plans,
 budgets, resources and reports (intermediate)

Languages:
 Knowledge of French, Dutch and English (oral and written)