Our client is looking for an Information Security Officer NIS2
Description
The DBS (Digital Business Solutions) department aims to support all of the “business” activities. It ensures that the company has efficient processes and efficient information systems to support these processes, as needs and technologies evolve. Mission – Information Security Officer
Under the responsibility of the Team Leader / CISO, the Information Security Officer is responsible for the day-to-day operational management of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001.
The role requires a strong hands-on experience in maintaining and operating an ISMS in a pragmatic and business-oriented manner.
1. ISMS Governance & Documentation
- Develop, maintain and continuously improve ISMS documentation, including policies, procedures and operational processes, with particular focus on:
- Risk Acceptance Forms (RAF)
- Non-conformity management
- Configuration management processes
- Ensure proper version control, consistency and accessibility of all ISMS documentation.
- Support the review and update of policies and procedures in response to regulatory, technological or organizational changes.
2. Risk Management
- Maintain and monitor the risk register, including follow-up of accepted risks and RAFs, and tracking changes in threats and vulnerabilities.
- Update risk assessments following security incidents, audits or significant changes to the environment.
- Track risk treatment plans resulting from penetration tests, security assessments and compliance reviews, and ensure timely implementation of agreed actions.
3. Compliance & Audits
- Analyze audit results and risk treatment plans, and report findings to the CISO and relevant stakeholders.
- Prepare and support internal audits, in close collaboration with the CISO.
- Follow up on identified non-conformities and coordinate the implementation of corrective actions.
4. Security Controls Monitoring
- Monitor access controls and user permissions, including initiating and following up on access recertification campaigns.
- Verify backup integrity and assess disaster recovery and business continuity readiness.
5. Incident Management
- Provide support in the handling of information security incidents when required.
- Collaborate with SOC analysts and operational teams during incident response activities.
- Document lessons learned from incidents and ensure they are fed back into risk management and ISMS improvement.
6. Awareness & Training
- Support the organization, follow-up and reporting of information security awareness activities.
- Track completion of mandatory security training in coordination with HR.
7. Continuous Improvement
- Monitor and analyze security KPIs and metrics (e.g. incidents, audit findings, non-conformities).
- Prepare ISMS management review meetings and present outcomes to the CISO and other stakeholders.
- Contribute to the continuous improvement of the information security framework.
Additional Responsibilities
Depending on knowledge, availability and organizational needs, the ISO may also support other activities within the Security team, both in Business as Usual and in project contexts, and may take on a Business Information Security Officer (BISO) role.
This includes supporting business departments, defining security requirements, and proactively managing information security risks in line with the Security by Design principle.
