Description

The DBS (Digital Business Solutions) department aims to support all of Sibelga's "business" activities. It ensures that Sibelga has efficient processes and efficient information systems to support these processes, as needs and technologies evolve.

Skills

Certification ISO 27001/27002

Must have

Experience in defining, implementing and monitoring security improvement (CAPA Corrective and Preventive actions) actions following audits, risk assessments or incidents

Must have

Yes

Experience translating security policies into practical procedures and guidelines

Must have

Yes

Fluent in English

Must have

Yes

Fluent in French or Dutch with a passive knowledge of the other one (FR/NL)

Must have

Yes

Proven experience as Information Security Officer

Must have

3 Years

Medior

Proven experience in performing internal security controls and reporting compliance findings

Must have

Yes

Proven experience managing the risk register, the risk exception register, and RAFs

Must have

Yes

Proven experience reviewing and managing a CMDB

Must have

Yes

Proven experience with non-conformity management

Must have

Yes

Proven experience with operational ISMS management

Must have

Yes

THE SUPPLIER / CANDIDATE MUST FILL IN THE TEMPLATE

Must have

Template Projectvoorstelling.docx

Knowledge of ITSCM, DRP, crisis management, BCMS, SCADA, RTU...

Should have

Yes

Knowledge of network security, cloud environments (Azure/AWS), and IAM

Should have

Yes

Knowledge of NIS2 domains as defined by the CCB, and ability to map them to ISO 27001:2022 controls and clauses

Should have

Yes

Additional information about the request

Title

Information Security Officer NIS2

Customer reference

-

Latest reaction date

19/02/2026

Preferred start date

01/04/2026

Preferred end date

31/03/2027

Currency

EUR

Assignment type

Time & Material

Category

Profile request

Department

Information security (IS)

Cost center

-

Context

Mission – Information Security Officer

Under the responsibility of the Team Leader / CISO, the Information Security Officer is responsible for the day-to-day operational management of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001.

The role requires a strong hands-on experience in maintaining and operating an ISMS in a pragmatic and business-oriented manner.

1. ISMS Governance & Documentation

•Develop, maintain and continuously improve ISMS documentation, including policies, procedures and operational processes, with particular focus on:

•Risk Acceptance Forms (RAF)

•Non-conformity management

•Configuration management processes

•Ensure proper version control, consistency and accessibility of all ISMS documentation.

•Support the review and update of policies and procedures in response to regulatory, technological or organizational changes.

2. Risk Management

•Maintain and monitor the risk register, including follow-up of accepted risks and RAFs, and tracking changes in threats and vulnerabilities.

•Update risk assessments following security incidents, audits or significant changes to the environment.

•Track risk treatment plans resulting from penetration tests, security assessments and compliance reviews, and ensure timely implementation of agreed actions.

3. Compliance & Audits

•Analyze audit results and risk treatment plans, and report findings to the CISO and relevant stakeholders.

•Prepare and support internal audits, in close collaboration with the CISO.

•Follow up on identified non-conformities and coordinate the implementation of corrective actions.

4. Security Controls Monitoring

•Monitor access controls and user permissions, including initiating and following up on access recertification campaigns.

•Verify backup integrity and assess disaster recovery and business continuity readiness.

5. Incident Management

•Provide support in the handling of information security incidents when required.

•Collaborate with SOC analysts and operational teams during incident response activities.

•Document lessons learned from incidents and ensure they are fed back into risk management and ISMS improvement.

6. Awareness & Training

•Support the organization, follow-up and reporting of information security awareness activities.

•Track completion of mandatory security training in coordination with HR.

7. Continuous Improvement

•Monitor and analyze security KPIs and metrics (e.g. incidents, audit findings, non-conformities).

•Prepare ISMS management review meetings and present outcomes to the CISO and other stakeholders.

•Contribute to the continuous improvement of the information security framework.

Additional Responsibilities

Depending on knowledge, availability and organizational needs, the ISO may also support other activities within the Security team, both in Business as Usual and in project contexts, and may take on a Business Information Security Officer (BISO) role.

This includes supporting business departments, defining security requirements, and proactively managing information security risks in line with the Security by Design principle.

Customer-specific information

Candidate weighting

50% quality - 50% price

Number of days per person

220

Work regime (percentage)

100

Extension period (expressed in months)

12

Additional information

Early start possible --- Hybrid Homeworking policy: 2 days maximum / week homeworking ---