Information Security Officer (ISO)

• Developing, updating and monitoring information security policies, frameworks and procedures
  
• Directing the risk management process
  
• Identifying, analyzing and monitoring risks
  
• Assigning risks to process owners and management
  
• Monitoring mitigating measures via GRC tooling and ISMS
  
• Setting up and managing asset registers including IoT applications
  
• Integrating assets into the risk management process
  
• Performing supplier assessments and supply chain risk analyses
  
• Testing contractual security requirements
  
• Implementing BIO2 and NIS2 measures
  
• Support with DPIAs, risk analyses and security assessments
  
• Preparation of advisory reports
  
• Further development and management of the Information Security Management System (ISMS)
  
• Performing Business Impact Analyses (BIAs)
  
• Translating BIA results into control measures
  
• Supporting ENSIA audits and other compliance audits
  
• Ensuring correct file formation and evidence
  
• Representing information security within projects and consultations
  
• Advising management and colleagues on information security and risk management
  
• Organizing awareness campaigns, training and communication activities
  

Requirements

• Completed HBO or WO education in, for example, information management, cybersecurity, law or (technical) business administration
  
• At least 3 years of experience as an Information Security Officer within a municipality, province or other government organization
  
• Up -to -date knowledge of information security, governance and risk management
  
• Knowledge of BIO2
  
• Knowledge of the Cybersecurity Act (NIS2)
  
• Experience in setting up and implementing risk management processes
  
• Experience with risk identification, analysis and monitoring
  
• Experience with supplier management and supply chain risks
  
• Knowledge of contractual security requirements
  
• Affinity with asset management and IoT security
  
• Excellent command of the Dutch language verbally and in writing
  
• Reference from a recent relevant client
  

• Certification CISM
  
• CISSP Certification
  
• CRISC Certification
  
• Experience with GRC tooling
  
• Experience with ISMS implementations
  
• Experience with ENSIA audits
  
• Experience within municipal organizations
  
• Experience with Business Impact Analyses (BIAs)
  
• Experience with information security awareness programs
  

• Proactive
  
• Result -oriented
  
• Analytically strong
  
• Risk -aware
  
• Persuasiveness
  
• Administrative sensitivity
  
• Organizationally aware
  
• Connecting capacity
  
• Flexible
  
• Pragmatic
  
• Strong verbal communication skills
  
• Strong written communication skills
  
• Able to switch strategically, tactically and operationally
  
• Strong in stakeholder management
  
• Vision combined with execution power
  
• Ability to create ownership within the organization
  
• Networker and ambassador of information security