Experis, a Manpower Professional company, is one of the market leaders of Total Staffing Solutions for IT personnel in Europe.
Thanks to our international network and the professionalism of our recruitment specialists we can help you to find the perfect job!
Our clients are part of the most prestigious companies in the financial world, insurances, IT, telecom, consultancy and public services. For the moment we are operational in 17 countries.
Your career is our challenge!
Experis - Chief Information Security Officer
Our client is located in Brussels.
The scope of work
The Chief Information Security Officer (CISO) will report to the Chief Executive Officer (CEO) and works closely with the society's management, Information Technology and Operations teams. He/she will provide leadership and take ownership of the Security requirements to keep the PCI-DSS certification and ensure the highest level of physical and information security is implemented and maintained.
The complexity of this position requires an engaging and collaborative leadership approach with an ability to work with other leaders to set the best balance between security strategies and other priorities. Furthermore, he/she must ensure the requirements from governance or PCI-DSS are strictly enforced and must be able to articulate complex technical issues and risks effectively and in a way that is clear, quick to the point, can be well understood, and does not cause any unnecessary panic. He/she will drive all security related initiatives and be responsible for their success.
The CISO will work closely with the COO and Program Manager to establish and maintain the policy framework and ensure ongoing compliance with PCI-DSS. The role will interact on a daily basis with the Security System Engineer and with the Security Administrator role that is partly outsourced to review event log reports. A regular interaction with the society's compliance office is expected to align policies and monitor compliance with external governance bodies. As a Trainer the CISO will come into contact with all staff members.
- Enforce and oversee the establishment and maintenance of a security framework for the society that encompasses all components required to run the business both physical and non-physical in order to remove or minimize the eventual impact from potential internal and external threats.
- Develop, maintain and oversee information security policies, procedures and control techniques to address all requirements for the society to operate with minimal and managed risk while maintaining the confidentiality, integrity and availability of company and customer data across information systems and technology.
- Risk assessment, mitigation and avoidance: Through a regular inventory of information assets, intellectual property and other digital infrastructure, and by understanding the threats they face, the CISO must decide which steps should be taken to protect those things from damage, loss or harm.
- Be the business owner for the implementation and execution of automated and continuous monitoring to detect, contain and mitigate vulnerabilities and incidents that may impair information security and information systems.
- Legal and regulatory compliance: This requires an understanding of how the company's information assets and digital architecture fall within the scope of applicable laws and regulations, and complying with related requirements such as assessments, audits, reporting, privacy, confidentiality and more.
- Regularly train and oversee that personnel is aware of the company's Information Security policies and that line managers enforce compliance of such by their team members.
- Ensure PCI-DSS certification is maintained.
- Enterprise and security architecture: Together with the Chief Technical Architect, the CISO has to ensure that, while formal discipline within IT architecture seeks to make sure that technology acquisition and use enables and reinforces an organization's ability to meet business goals and defined performance, the necessary levels of protection are included that risk assessments and compliance requirements dictate.
- Take ownership for implementing an Incident Response Plan. Responsible for the coordination of all activities following a Security Incident and acts as communications point of contact with COO and CEO for internal and external communication as appropriate.
- Act as communications interface internally and to external parties for security related matters in coordination with the CEO and COO in relation to compliance requirements, security incidents, risk assessments, governance or other security related topics
- Relevant degree, certification and/or equivalent experience
- Demonstrated knowledge of IT Security controls and practices.
- Expert knowledge of IT security systems and tools including Firewalls, intrusion prevention systems, SIEM, and vulnerability management platforms.
- Demonstrated skills directing and applying security controls to Computer software and Hardware utilizing the NIST CyberSecurity framework or ISO 27001.
- Demonstrated skills at administering complex security controls and configurations to computer Hardware, software and networks.
- Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies to endpoints, databases, transport protocols, etc.
- Experience in incident response and digital forensics
- Demonstrated knowledge of secure Hardware, software and network design techniques.
- Demonstrated strategy for analyzing and preventing security incidents of high complexity.
- In-depth knowledge of computer Hardware, software and network security issues and approaches.
- Experience interfacing with upper management on a regular basis.
- Advanced knowledge of IT security and in particular the requirements of PCI-DSS v3.2.
- Broad knowledge of other areas of IT. Experience with any of Linux (Red Hat), VMware, VPNs (IPsec, Openvpn...), IPv4 routing and configuration, Security tools (IPS, IDS...), Scan Analysis (Asv, Ipt, Ept, Nessus) is an advantage.
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
- Strong oral and written communications skills are a pre-requisite
- Experience in a position of CISO within a finance related institution is a strong advantage
- Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
- Communicate clearly and appropriately
- Spoken and written technical English is mandatory.
- Innovative - Suggest new technologies and/or methods to improve their service and daily job
- Ability to work and interact effectively in a multi-cultural team.
- Work management - Plan and manage your work efficiently
- Teamwork - A good team works as one - locally, globally
- Positive attitude - Positive attitude produces positive results; enjoy what you do
- Customer focus - Their customers are the reason for their existence
- The society's goals drive your behavior - Deliver outcomes based on these goals
- A CDI at our client
- A nice work environment and a healthy work-life balance
- The opportunity to continuously further evolve your career within the company
- A nice salary package
Before you go the interviews, we will provide you an interview coaching session in person tailored to your needs and the specific position at our client to boost your interview skills.
Are you interested in more information about this nice opportunity?
Don't hesitate and apply now!