Senior Information Security Officer (ISO) 202603A290

Ministerie van Economische Zaken (Kerndepartement_KGG)

The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). The ISO needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations.

Responsibilities:

• Co-managing the design and operation of the ISMS based on ISO 27001.
• Organizing and guiding periodic risk assessments (e.g., using IRAM or ISO 27005) and translating outcomes into priorities.
• Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles.
• Conducting or coordinating third-party risk assessments (supply chain risks).
• Supporting the implementation of legal frameworks like NIS2 and ISO 27001.
• Developing and maintaining practical security policies, standards, and guidelines.
• Guiding internal controls, audits, and management reporting.

Deliverables:

• A fully operational and maintained ISMS (ISO 27001 compliant).
• Completed and documented periodic risk assessments (IRAM/ISO 27005) with clear action plans.
• Established and embedded secure-by-design processes for new IT projects and architecture.
• Executed third-party risk assessments for key suppliers.
• Fully developed and practically implemented security policies and guidelines.

Reports to: CISO, Department Corporate Professions
Works closely with: IT/Security team, Information Manager, Enterprise Architects, Legal/Compliance
Acts as primary point of contact for information security governance, risk management, and ISMS operations within NEO.

Het ministerie van Klimaat en Groene Groei werkt (KGG) samen met zijn partners aan een schoner en sterker Nederland. Door te werken aan een en cultuur klimaatneutrale samenleving en door te investeren in mensen, innovatie en duurzame energie. Zodat we de kansen kunnen pakken voor een duurzame toekomst en ervoor zorgen dat iedereen hieraan een bijdrage kan leveren. Nu én later.

KO-eisen (aantoonbaar op CV!):

• A completed higher professional (HBO)
• Minimum 8 years of experience in information security or cybersecurity. (8 jaar)
• Extensive experience with Governance, Risk, and Compliance (GRC) within a complex organization. (5 jaar)
• Active certification such as CISSP, CISM, CRISC or equivalent are required.
• Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).
• Familiarity with NIS2, supply chain security, and third-party risk management
  

Wensen:

• Strong analytical skills and experience with risk management.
• Ability to structure and professionalize security governance.
• Excellent communication skills (bridging the gap between tech and management).
• Independence and a strong sense of responsibility.
• Pragmatic mindset with a focus on workable solutions.
• Organizational sensitivity and administrative insight.
• Experience with ISO 27001 ISMS implementation and maintenance.
• Knowledge of NIS2 requirements and implementation.
• Experience with supply chain security and third-party risk assessments.
• Familiarity with secure-by-design and secure-by-default principles.

Competenties:

• Experience working within the government, public sector, or other strongly governed, complex environments.
• Pragmatic approach; the ability to translate complex security issues into workable solutions that fit the scale of the organization.
• Strong advisory skills; the ability to independently prepare decisions, structure dossiers, and clearly communicate with both technical specialists and management.