Senior Information Security Officer (ISO)

Functieomschrijving:

Achtergrond

Het ministerie van Klimaat en Groene Groei werkt (KGG) samen met zijn partners aan een schoner en sterker Nederland. Door te werken aan een klimaatneutrale samenleving en door te investeren in mensen, innovatie en duurzame energie. Zodat we de kansen kunnen pakken voor een duurzame toekomst en ervoor zorgen dat iedereen hieraan een bijdrage kan leveren. Nu én later.

Beschrijving

The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). The ISO needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations.

• Co-managing the design and operation of the ISMS based on ISO 27001.
• Organizing and guiding periodic risk assessments (e.g., using IRAM or ISO 27005) and translating outcomes into priorities.
• Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles.
• Conducting or coordinating third-party risk assessments (supply chain risks).
• Supporting the implementation of legal frameworks like NIS2 and ISO 27001.
• Developing and maintaining practical security policies, standards, and guidelines.
• Guiding internal controls, audits, and management reporting.

Over de klant:

Reports to: CISO, Department Corporate Professions Works closely with: IT/Security team, Information Manager, Enterprise Architects, Legal/Compliance Acts as primary point of contact for information security governance, risk management, and ISMS operations within NEO.

Eisen:

• Minimum 8 years of experience in information security or cybersecurity.
• Extensive experience with Governance, Risk, and Compliance (GRC) within a complex organization.
• Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).
• Active certification such as CISSP, CISM, CRISC or equivalent are required.
• Familiarity with NIS2, supply chain security, and third-party risk management.
• A completed higher professional (HBO)

Wensen:

• Experience working within the government, public sector, or other strongly governed, complex environments.
• Pragmatic approach; the ability to translate complex security issues into workable solutions that fit the scale of the organization.
• Strong advisory skills; the ability to independently prepare decisions, structure dossiers, and clearly communicate with both technical specialists and management.
• Experience with ISO 27001 ISMS implementation and maintenance.
• Knowledge of NIS2 requirements and implementation.
• Experience with supply chain security and third-party risk assessments.
• Familiarity with secure-by-design and secure-by-default principles.

Competenties:

analyseren, creativiteit, samenwerken, motiveren, bestuurssensitiviteit, overtuigingskracht, plannen en organiseren, klantgerichtheid