Job Title: Chief Information Security Officer

Location: Brussels

Start Date: Asap

End Date: 31/12/2025

Role Description:

We are looking for an experienced and hands-on Chief Information Security Officer (CISO) to lead cybersecurity and IT risk management efforts. The ideal candidate will possess deep knowledge of cybersecurity principles, risk management practices, and regulatory requirements, ensuring the confidentiality, integrity, and availability of systems and sensitive customer data. This role involves designing, implementing, and maintaining a comprehensive information security strategy while collaborating with both technical and non-technical teams.

Key Responsibilities:

• Cybersecurity Strategy and Governance:
  • Implement a cybersecurity vision and strategy aligned with organizational priorities.
  • Define a governance structure for cybersecurity consistent with group IT governance.
  • Create and manage a unified framework to integrate and normalize technologies and requirements.
• IT Risk Management:
  • Lead risk assessments and vulnerability management.
  • Provide recommendations for risk mitigation related to new technology deployments.
  • Monitor external security posture and provide security monitoring on critical third parties.
• Security Operations & Incident Response:
  • Oversee day-to-day operations of the information security program.
  • Support in the coordination of responses to cyber incidents and crisis.
  • Coordinate communication with authorities and regulators in case of cyber incidents.
• Cybersecurity Projects and Expertise Sharing:
  • Lead information security and third-party risk management streams.
  • Provide expertise and support to departments on cybersecurity topics.
  • Ensure cybersecurity and IT risk management is embedded in project delivery processes.
• Security Awareness and Training:
  • Manage a targeted information security and IT security risk management awareness and training program.

Language Requirements:

• Dutch: Preferred
• French: Preferred
• English: Fluent orally and written (mandatory)

Education and Certifications:

Relevant certifications (CISM, CISSP, NIS2, GDPR, ISO 27001 Lead Implementer).

Telework Expectation:

60% on-site (Tuesday, Thursday + 1 day of choice) & 40% homeworking

Required Experience / Knowledge:

• Strong technical background in network security, system administration, and hands-on experience with security tools and technologies.
• Experience with cloud security, SaaS products, and securing payment systems.
• Proven experience in IT risk management, including conducting risk assessments and implementing risk mitigation strategies.
• Familiarity with payment industry regulations such as DORA, PCI-DSS, GDPR.
• Strong leadership skills with the ability to communicate complex security concepts to non-technical stakeholders.
• Minimum of 5-7 years of experience in information security, with at least 3 years in a leadership role, preferably in a financial services environment.

Nice to Have:

Familiarity with payment institutions and understanding of the unique security challenges in the financial services industry.