Group Security Capability Lead

05/02/2026

Onze klant is op zoek naar een Group Security Capability Lead

Context :

Cyber security is a critical enabler of bnode’s operations, service continuity and digital transformation. As the Group becomes more connected and digitally integrated, cyber security must evolve from a fragmented, local responsibility to a coherent, Group-level capability.

To support this, the Group has launched a Group Cyber Security Improvement Plan focused on strengthening core security foundations, increasing maturity across entities and enabling secure digital products and operations. Key priorities include Identity & Access Management, SOC and Network Security, supported by a federated operating model combining Group standards and platforms with local execution.

A Group Security Centre of Excellence is being established to drive this transformation, ensuring alignment, scalability and effective delivery across entities.

The Group Security Capability Lead owns the end-to-end security capability landscape at Group level and is accountable for translating cyber strategy into tangible outcomes through clear vision, prioritisation, delivery and operational excellence.

Position Overview:  

As Group Security Capability Lead, you are fully accountable for the lifecycle and performance of a Group Security Capability, from strategy to execution and operations.

You operate at the intersection of cyber risk, business priorities, regulatory requirements and technology, translating Group Cyber objectives into a clear, outcome-driven capability roadmap and reliable delivery.

You lead and enable cross-functional security squads, collaborate closely with entity IT and security teams, and act as a key bridge between Group strategy and local execution.

This is a leadership role, not a specialist role: success is measured by outcomes, adoption, risk reduction and operational excellence.

 Key Responsibilities:  

1. Vision & Roadmap

  • Define and maintain a clear vision and purpose for the security capability, aligned with Group Cyber strategy, business priorities and regulatory obligations (e.g. NIS2).
  • Translate strategic objectives into a prioritised, outcome-driven roadmap, balancing short-term risk reduction with long-term capability maturity.
  • Continuously review and adapt the roadmap based on outcomes, stakeholder feedback, delivery realities and evolving threat landscapes.
  • Actively socialise and defend the vision, creating alignment across Group leadership, entities, IT, security and business stakeholders.

2. Outcome Focus & Risk Reduction

  • Own measurable outcomes, not just outputs, including:
  • Cyber risk and exposure reduction
  • Compliance and audit readiness
  • Operational resilience and response capability
  • Business enablement (digital products, secure access, automation)
  • Define success metrics and feedback loops to track impact and steer prioritisation.
  • Shape demand by challenging assumptions, avoiding “order-taker” behaviour and focusing teams on the highest-value problems.
  • Ensure work is sliced to deliver incremental, tangible value each cycle.

3. Team Building & Capability Leadership

  • Shape and evolve the capability teams and squad structures, ensuring the right mix of skills, seniority and capacity in line with the digital long term sourcing model & plan.
  • Attract, develop and retain talent through coaching, feedback and clear development paths.
  • Build a shared identity and culture around ownership, accountability, collaboration and continuous improvement.
  • Foster psychological safety and high engagement while maintaining high delivery standards.

4. Financial Ownership

  • Own the capability budget end-to-end, including:
  • Platform and tooling costs
  • Delivery and run capacity
  • External partners and vendors
  • Balance cost, risk reduction and long-term value, avoiding both over-engineering and under-investment.
  • Support epic-level business cases, investment decisions, stage gating and trade-offs.
  • Provide transparent forecasting, actuals tracking and variance explanations to stakeholders.

5. Architecture & Technical Coherence

  • Ensure the capability evolves within a coherent, sustainable and enterprise-aligned architecture.
  • Align with Group Enterprise Architecture, while empowering capability squads to own technical decisions within clear guardrails.
  • Prevent fragmentation, duplication and vendor lock-in across entities.
  • Balance innovation with stability, security and operational manageability.
  • Ensure alignment between the different security & foundations capabilities (IAM, SOC, Network, Cloud, Data, SSDLC, etc.)

6. Data-Driven Decision Making

  • Use data to steer prioritisation, delivery, operational improvement and risk management.
  • Ensure reliability, accessibility and appropriate governance of capability-related data.
  • Build a culture where decisions are informed by evidence, trends and feedback rather than intuition.
  • Collaborate with data governance and enterprise standards to ensure consistency and compliance.

7. Predictable Delivery

  • Establish disciplined planning and prioritisation practices.
  • Monitor flow, dependencies and risks proactively.
  • Provide transparent reporting on progress, risks and commitments to stakeholders, including senior leadership.
  • Foster continuous improvement through metrics, retrospectives and learning loops.

8. Optimal Run & Operational Excellence

  • Ensure stable, secure and high-performing operation of the capability.
  • Define and maintain clear operational models, ownership boundaries and SLAs.
  • Reduce manual effort, complexity and run cost through standardisation, automation and simplification.
  • Use incidents, audits and near-misses as input for structural improvement, not just firefighting.
  • Establish ITSM processes to ensure qualitative delivery to all entities

9. Transformative Leadership

  • Bring clarity in ambiguity and momentum in complex, federated environments.
  • Lead with resilience, pragmatism and persistence through non-linear transformation journeys.
  • Influence behaviours, priorities and decisions without relying on hierarchy.
  • Challenge constructively, including senior stakeholders, when required to protect outcomes and integrity.

Expected outcomes:

  • A clearly articulated and widely understood Group Security Capability vision and roadmap
  • Measurable reduction in cyber risk and exposure across entities
  • Consistent adoption of Group security standards and platforms
  • Improved operational maturity, predictability and resilience
  • Reduced fragmentation, duplication and total cost of ownership (cost reduction & cost avoidance)
  • High engagement and performance of the capability teams

Required Experience & Profile:  

Experience:  

  • Proven experience owning a product, platform or capability end-to-end in a complex organisation.
  • Experience in several cybersecurity domains (e.g. IAM, SOC, Vulnerability Management, Network or Cloud Security).
  • Exposure to large, federated or multi-entity environments.
  • Experience balancing transformation, delivery and run responsibilities.
  • Budget ownership and financial decision-making experience.

Skills & Competencies:

  • Strong strategic and systems thinking
  • Ability to translate cyber risk into business-relevant priorities
  • Comfortable operating in ambiguity and transitional states
  • Strong stakeholder management and influencing skills
  • Pragmatic, outcome-driven mindset (not tool- or framework-driven)

Education & Qualifications:

  • Master’s degree in Engineering, Computer Science, Cyber Security or equivalent experience.
  • Relevant security or leadership certifications are a plus.

Job specifications

ID: 12354

Duration: 2-2-2026 - 1-5-2026

Location: Brussels

Type: Freelance

Stijn De Keyser

IT Recruitment Consultant
This position is no longer accepting applications.