Share this job offer

Information Security Officer - ISMS

Job description

Within the Information Security team you are responsible for monitoring the vision, developing the strategy and executing the program within the SNCB organization (including its branches) to adequately secure the company assets. This vision is based on ISO2700x:2013.


  • Information Security Management (ISMS)
    • Identify Security Protection goals, objectives and metrics consistent with strategic plans and CISO priorities
    • Delivery of strategic and tactical information security guidelines for projects (IT and Non-IT)
    • Actively following up the various cyber security intelligence dashboards (eg Qualys reporting, Secunia vulnerability management, IBM Core Protection patch status, CyberArk PAM metrics,…) and initiating the appropriate corrective measures within the IT organization
    • Follow-up of the CISO mailbox within the Cyber- & Information Security Office
    • Follow-up of defined actions of internal and external IT audits within the IT organization and with monthly feedback to IT management and SNCB Internal Audit
  • Coordination & Management
    • The operational coordination and management of one or more projects and initiatives within the Information Security team(priorities, budgets, people management)
    • Coordination within with other teams such as Data Protection, IT Risk Management and Cybersecurity Management in terms of priorities, interactions and improvement initiatives
    • Work closely with IT PMO to align with existing IT project processes
    • Work closely with IT departments to align over existing IT ITIL processes- 
  • Reporting
    • Monthly program management reporting to CISO and IT PMO on the IT Security projects
  • Follow up of IT Compliance
    • Setting up and maintaining an IT audit and IT compliance framework, in line with legal requirements or strategic IT objectives
    • Establish a close collaboration with the Data Protection Officer and the Information Risk Manager (~ identify risks) to exchange audit findings and compliance breaches
    • Performing IT audits and IT compliance assignments to determine defects or breaches based on the information security and data protection policies and Information risk management processes
    • Facilitating the writing of the findings, both at a high-level level (~ exec summary) and technical level (~ architects / engineers / developers), including the provision of mitigation scenarios
    • Administrative follow-up of open IT audit recommendations


  • At least 3 years of experience in a similar position
  • Knowledge of ISO2700x standards
  • Relevant experience in writing and implementing policies and awareness programs
  • Develop cybersecurity dashboards and management reporting
  • Good knowledge of MS Office (Excel, PowerPoint)
  • Stress resistance
  • Be organizational-sensitive
  • Collaborate and take responsibility
  • Problem solving ability
  • Spoken and written knowledge of Dutch, French and English