Availability: ASAP

Type of contract: CDI

Company presentation:

Klanik is an innovative consulting company specialized in IT and engineering with over 500 employees. Klanik built its success by embracing a new management model. Our consultants have the opportunity to involve themselves as actors within the company through 3 programs:

  • Act’in Klanik – a catalog of roles which allows each consultant to take part in Klanik’s development and to be rewarded according to their involvement;
  • Knowledge Centre – an internal training center for the consultants by the consultants;
  • Korner – a start-up incubator which supports consultants who want to live their entrepreneurial dream.

Klanik focuses on 4 main areas of expertise:

  • Application development, where we follow our clients on innovation and strategic subjects;
  • DevOps & Cloud, where we assist our clients on methodological and technical aspects;
  • Cybersecurity, where we assure and enhance the integrity, people, processes and assets by which Klanik achieves its greater mission;
  • Data & AI, where we help companies in processing their data without losing sight of the real business interest of their work.

By joining us, you will be part of a consultant centric company and evolve on innovative topics via our mobilized collective intelligence. Finding new talents and ensuring their wellbeing is essential to Klanik’s development.

Job description:

Our client is looking for a CISO Officer to join its team!

Missions:

Information security management :

– Identify security protection objectives and parameters based on the company’s strategy, CISO plan and priorities

– actively maintains an ISMS (Information Security Management System) in accordance with international standards (imposed)

– is responsible for the active monitoring and enhancement of the various CISO dashboards and other information management tools. and other information sources in the CISO world and initiates appropriate corrective actions. corrective actions within the IT organisation

– manages the CISO mailbox within the Cyber Security and Information Security Office.

– Follows up on the actions defined in the internal and external IT audits within the IT organisation and provides monthly feedback on this to the IT management and internal administration. Customer audit

 

Governance, policies and awareness:

– Is responsible for the preparation, approval, communication, compliance and monitoring of the following PSPGs (policies, standards, procedures and guidelines) concerning information security and data protection within the agreed frameworks and legal regulations according to the agreed review cycle

– is responsible for the implementation and dissemination of a long-term company-wide information security awareness, in close cooperation with the client and our client’s internal communication and training initiatives and our client’s HR, in order to raise awareness of information security and privacy risks among internal and external employees and to teach them best practices

– Involves the client’s security liaison officers in policy implementation, security policy enforcement and security management. policies and incident resolution

 

Coordination and management:

– Is responsible for the operational coordination and management of one or more projects, and initiatives within the information security department (priorities, budgets, resource planning and projects).

– Within the Cyber Security and Information Security office, liaise with other departments such as IT Risk Management, CISO Solutions and Services, Information Security and Compliance including Data Protection in terms of priorities, interactions and improvement of initiatives.

– Work closely with the IT PMO to align with existing IT project processes.

 

Reporting:

– Prepare quarterly reports on CISO areas for the Executive Committee. for

– Is responsible for the drafting, preparation and follow-up of progress reports

(progress, budget, resources, planning, project models) on these initiatives at senior management level

– Is responsible for drafting, preparing and following up reports on the findings of the safety scoreboards

 

Knowledge development :

– keeps abreast of new developments in CISO areas and examines how these can be applied within the customer base.

Knowledge development: keeps abreast of new developments in CISO areas and examines how these can be applied within the client organisation

– Keeping abreast of new security threats and market developments.

technologies, relevant legislation, IT and other techniques

security developments

– Continuously attend training courses, seminars, etc.

 

 

Responsibilities

– Information security management

– Information risk management

– Information security and data protection governance, policies and awareness

– Coordination and management of one or more projects and initiatives within the EU. the Information Security Department

– Reporting on CISO areas and security results

– Monitoring IT compliance

– Maintaining and expanding own knowledge

 

Problem solving

– Translate the CISO’s strategic plan into objectives, measures, actions, …

– Ability to execute several projects in parallel

– Ability to divide activities between several people in the framework of projects

several people

– Ability to draft and implement frameworks, procedures, policies, standards, awareness programmes, etc.

– Analysing security incidents and being able to provide solutions – sometimes not obvious. solutions sometimes not obvious

– Carry out a proper risk assessment

– Giving and preparing presentations to senior management and the board

– Be able to keep your knowledge up to date in a rapidly changing field. (trends, technology, …)

– Independently, the team is able to manage its own projects and project teams and to deal with queries, complaints and incidents.

– Is bound by the information security policy and vision, the CISO strategy. plan, ISO2700x, applicable legislation (GDPR, NKI, NIS, …) and international standards.

standards

– Calls on the supervisor in case of escalation, to discuss incidents, for validation of project plans, budgets and resources and (interim) reports

 

Communication

Internal contacts

– Daily or weekly contacts with other CISO officers regarding policies.

projects and incidents

– Weekly contact with the different IT departments for the coordination and direction of the following information security project activities

– Monthly contact with the Head of CISO, IT PMO and senior management in reporting to the Head of CISO. Reporting to the Head of CISO and IT PMO on IT security projects and IT compliance. Compliance

– Direct contact with the Data Protection Officer  and Risk Manager to exchange audit results and IT compliance violations

– Targeted liaison with the client’s and HR and communication departments for the implementation of the information security awareness programme

 

External contacts

– Monthly contact with security liaisons, internal audit, enterprise risk

Management at the client’s premises in the context of policy, ongoing projects

and reports

– Targeted contacts with IT outsourcing partners regarding incidents, monitoring and coordination of outsourcing activities, …

– Targeted contacts with external auditors for supervision of external audits or discussion of audit findings and/or follow-up

Profile:

– Master’s level knowledge or equivalent through experience

– 5-10 years of relevant work experience

– In-depth knowledge of ISO2700x

– Knowledge of security architecture and controls

– Knowledge of IT processes and technologies

– Certifications (desirable): CISSP, CISM or CISA

– Knowledge of program management

 

Fluent English / Dutch is a must.

Ad reference: MCO - CISO Off