Kallo (BE)Contract typePermanent/ContractGeneral descriptioncontinuously managing cybersecurity-related risks associated with ICT infrastructure, systems, services and third parties. This includes planning risk assessments, analyzing results, assigning risk ownership, advising and following up on risk treatment, and reporting the status to both the Security Board and IT management.You will further develop the risk management strategy for the organization, ensuring that risks remain within acceptable levels in accordance with the organization’s risk appetite. This involves proposing mitigating actions and controls that complement the current security management strategy.Together with the other IT Security Officers, you will also be responsible for implementing and operating the ISMS, developing and maintaining security policies and standards, overseeing and assuring compliance with cybersecurity related legal, regulatory, and contractual requirements, and conducting security awareness trainings.Job descriptionIT Risk Officer responsibilities:Risk:
Develop the organization's IT risk management strategy.
Advocate risk management practices with IT management and business owners.
Identify and assess cybersecurity-related threats, vulnerabilities, and risks in IT systems, applications and services.
Document and analyze uncovered risks, identify the appropriate owner, and propose the most suitable risk treatment options.
Guide, document and keep track of risk acceptance decisions.
Follow up and report on risks throughout the complete risk management cycle.
Monitor the effectiveness of security controls and risk levels.
IT Security Officer responsibilities:General:
Implement and operate the Information Security Management System (ISMS)
Support IT and business projects with cybersecurity expertise, insights and advice.
Awareness:
Develop and deliver cybersecurity educational materials.
Maintain the organization's security awareness platform and solutions.
Promote cybersecurity awareness and security practices within the organization.
Policies & standards
Develop and maintain security policies and other documents within the policy framework.
Support the documentation of security standards and operating procedures.
Manage, document and keep track of requests for exceptions.
Third party security
Assess the security maturity of critical suppliers and partners
Support business contacts with providing security assurance to customers and other third parties.
Your profile
Excellent leadership skills to drive change.
Excellent analytical skills to identify and assess risks in a complex and diverse environment.
Broad technical background to collaborate with subject matter experts in different domains.
Strong verbal and written communication skills to communicate abstract topics to a non-technical audience.
Experience with identifying and addressing cyber threats and vulnerabilities in an international and industrial environment.
Experience with developing, communicating and enforcing security policies, guidelines and procedures.
Experience with cybersecurity awareness and training.
Knowledge of and experience with cybersecurity-related frameworks, such as ISO27001, ISO 27005, CIS, NIS2 and CyberFundamentals.
Knowledge of cybersecurity-related technologies and controls.
Knowledge of cybersecurity related regulations and legislation.
Required experience4 yearsWe offer
You will be welcomed by a team full of enthusiastic experts who will support you and the projects in the best possible way you can imagine.
A no-nonsense culture where entrepreneurial skills are embraced.
A long-term employment with an emphasis on personal development.
Hybrid working according to a 3/2 regime (3 days office/home)
Competitive remuneration depending on relevant knowledge and experience.
Freelance or contract (possibility for extra-legal benefits such as meal vouchers, hospitalization insurance, company car,...)
Contact personBen NijenhuisContact emailApplicationCV + Motivational Letter
