Share this job offer

Information Security Officer - Policies

Job description

Within the Cyber- & Information Security Office department, you will be responsible for maintaining the vision, establishing the strategy and executing the programme in the SNCB organisation (including its subsidiaries) so as to adequately protect the company resources This vision is based on ISO2700x:2013.

Responsibilities :

  • Governance, policies & awareness
    • Establish, submit, communicate, enforce and review PSPGs (policies, standards, procedures and guidelines) regarding cybersecurity and data protection in accordance with ISO2700x and legal privacy regulations. A biennial review cycle needs to be foreseen.
    • Draw up a company-wide long term information security awareness programme and distributes it within the organisation in order to draw the attention of internal collaborators to the cybersecurity and privacy risks and in order to teach best practices Close collaboration with HR and Change & Communication as well as alignment with existing training initiatives are required. A separate focus on the IT departments with external collaborators needs to be foreseen.
  • Coordination & Management
    • Ensure the operational coordination and control of one or more projects and initiatives within the Information Security team (priorities, budgets, people management).
    • Align within the Cyber- & Information Security Office with other departments, such as Data Protection, IT Risk Management and Cybersecurity Management as far as priorities, interactions and improvement initiatives are concerned.
    • Closely cooperate with IT PMO and other IT departments in view of aligning its processes with existing IT and ITIL processes.
  • Reporting
    • Monthly programme management reports to CISO and IT PMO regarding the IT security projects


  • Bachelor's degree or equivalent experience
  • 3 to 10 years of relevant experience in risk management and/or information security
  • Knowledge of ISO2700x, ISO31000, COBIT5, ITIL, …
  • Experience in assessing and managing IT and/or Information Risk
  • Broad knowledge of IT processes and technology
  • Knowledge of security architectures and controls
  • Knowledge of ISF IRAM is a plus
  • Experience in managing and overseeing security in third party service providers.
  • Certifications: CISSP, CISM, CISA or CRISC is a plus
  • Problem analysis and conflict management
  • Customer focus and able to handle in an organisation-sensitive way
  • Record of responsibility
  • Spoken and written fluency in English, and Dutch or French; passive understanding of Dutch and French