Chief Information Security Officer (CISO)

Via Cyberus ad interim / freelance

Via Cyberus

For one of our customers in Eindhoven, a government agency, we are looking for a Chief Information Security Officer (CISO) (freelance/ad interim) Via Cyberus Location: Eindhoven / RemoteType: Freelance/Ad interimRate: In consultationStart: As soon as possibleEnd date: 01 -07-2022 Duration: 7 months, with a chance of extension Hours: 32-36 hours per week If you are interested, please contact us info@cyberus.nl or via the form For our client, a government agency in Eindhoven, we are looking for an enthusiastic, critical and decisive interim CISO who further shapes and safeguards the information security organization and information security. A strategic view and the ability to realize this in a multi-year approach, a thorough knowledge of information security and stress resistance are a must. What will you deliver for Eindhoven? • From the CIO Office you are responsible for drawing up and managing information security policy and shaping information security strategy, including the resulting plans such as the strategic security roadmap. • You manage the information security organization, in which various officials from the organization are represented, such as ISOs, ENSIA auditors, network security specialists; In addition, you manage the CISO team directly at the CIO office. • You manage certain information security projects and/or participate in certain steering groups of information security-related projects/programs. • You initiate or have periodic security audits, risk, dependency and vulnerability analyzes carried out. • You coordinate and advise on security incidents and, if necessary, take action in the event of emergencies; • You stay informed of developments in the field of information security and, if necessary, come up with proposals for additions and improvements to products, methodologies or working methods with regard to information security. • You set up and initiate information security awareness programs and advise on information and training of users in the correct handling of information (systems). • You check the operation and compliance with the information security policy and resulting measures. • You periodically report on security incidents, their handling and the threat assessment to the portfolio holder. • You advise the CIO, the sector heads and their management teams in a good balance with the opportunities, obligations and influences that come our way from outside. A colleague speaks: There is a lot of ambition, which sets the bar high for the development of our own competencies as well as that of the entire organization. This is in balance, where we work from a mentality of continuous improvement. We are transparent and make clear choices and communicate them. It is challenging, you have to be sharp and be able to easily make connections. We believe it is important to utilize the network within the organization and beyond. Assignment • Management and further development of the CISO team within CIO Office. • Drawing up a multi-year CISO/Information Security plan at strategic and tactical level. • Recruitment of permanent CISO (including job profile). • Regular CISO activities (see above). Who do you do that with? You are part of the CIO Office, where everyone has their own area of focus, specializations and expertise. Where Information Supply and Information Technology is currently still seen as a “resource”, we as an organization want to grow to at least the “services” level. This transformation is supported, among other things, by the strategic design of Information Security. How do you make it happen? • You have an academic working and thinking level; • You have at least 5 years of relevant work experience in the field of information security in a CISO role. • You have relevant training and technical knowledge in the field of information security, demonstrable through certifications such as CISM, CISA, CISSP or SANS. • You have experience in administratively complex (government) organizations, understand the culture and can deal with it. • You have experience working in changing organizations. • You have experience in positioning the security organization. • You have knowledge of current developments in the field of information security in order to mitigate threats, vulnerabilities and risks as best as possible. • You have knowledge of risk management for information security. • You have experience with the application of and policy development based on ISO 27001/27002 or standards frameworks based on it, such as IBD/BIO. • You have experience in managing organization-wide security awareness activities; • You have experience with incident management (CERT). • You have knowledge of the relevant legal frameworks and their impact on information security. • You have experience with SOC/SIEM and experience with the use of services from market parties; • You have experience in collaboration with privacy professionals. • You have an excellent command of both the Dutch and English languages (oral and written). Competencies: In addition to being an experienced security specialist, the CISO is above all someone who knows how to convey (the importance of) security to those involved (board, management of the organization and business operations, architects, information managers, etc.). So you have a high level of: • Excellent communication skills (oral and written). • Ability to work together in a team. • Ability to manage the security organization. • Integrity. • Organizational sensitivity and empathy - strong political skills and persuasiveness. • Administrative and organizational sensitivity. • Analytical skills and judgment. • Decisiveness in planning, prioritizing and organizing. • Stress resistance. • A strategic vision.