Project Presentation

The Chief Information Security Officer (CISO) is responsible for the development, implementation, and monitoring of the information security policy of the Federal Police. This responsibility encompasses the information security management system, risk management, compliance monitoring, and governance. In this capacity, the CISO works closely with all parts of the organisation, particularly with the departments responsible for technical architecture, IT project management, training, and those services concerned with information and data protection.

The Information Security – Program Manager supports the CISO in strengthening the organization’s information security posture. This position focuses on strategic coordination, compliance, and governance without assuming the CISO’s decision-making responsibilities. The role ensures continuity, maturity, and alignment of security initiatives with organizational objectives.

Deliverable(s):

• Information Security Strategy and Roadmap (Support/preparation)
• Policies and Procedures
• Periodic Compliance and Maturity Reports
• Templates and Tools for Strategic PMO
• Awareness and Training Plan

Main task(s)

• Prepare analyses and input for CISO presentations and strategic meetings
• Support (and prepare) the coordination of the development and monitoring of cybersecurity policies and ISMS
• Track KPIs and maturity models
• Report on compliance and non-conformities
• Facilitate workshops and awareness initiatives
• Inventory ongoing projects and align with strategic priorities
• Propose process optimization and budget efficiency measures
• Support internal audits and risk assessments
• Supports to:
• Define, implement, communicate and maintain cybersecurity goals, requirements, strategies, policies, aligned with the business strategy to support the organisational objectives
• Develop cybersecurity plans
• Monitor advancement in cybersecurity
• Secure resources to implement the cybersecurity strategy
• Educate senior management about cybersecurity risks, threats and their impact to the organisation

Key skills

• Assess and enhance an organisation’s cybersecurity posture
• Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks
• Analyse and comply with cybersecurity-related laws, regulations and legislations
• Implement cybersecurity recommendations and best practices
• Manage cybersecurity resources
• Develop, champion and lead the execution of a cybersecurity strategy
• Influence an organisation’s cybersecurity culture
• Design, apply, monitor and review ISMS (directly or outsourced)
• Review and enhance security documents, reports, SLAs and ensure security objectives
• Identify and solve cybersecurity-related issues
• Establish a cybersecurity plan
• Communicate, coordinate and cooperate with internal and external stakeholders
• Anticipate required changes to the organisation’s information security strategy and formulate new plans
• Define and apply maturity models for cybersecurity management
• Anticipate cybersecurity threats, needs and upcoming challenges
• Motivate and encourage people

Technical and Domain Knowledge

• ISO 27001/27002, NIS2, GDPR (> 10 years, last experience this year)
• Regulatory Compliance: experience in aligning organizations with GDPR and NIS2 (> 5 years, last experience this year)
• Implementation SOC/SIEM (> 5 years)
• Deep expertise in Identity and Access Management (> 10 years, last experience this year)
• Practical experience with Security & Infrastructure Cloud Solution (> 5 years, last experience this year)
• Risk management and compliance frameworks (> 10 years, last experience this year)
• Governance and policy development (> 10 years, last experience 10 years)
• Incident response coordination (> 15 years)

Communication and Relationship Skills

• Communication (oral and written, and towards non-technical stakeholders)
• Stakeholder Management (> 15 years, last experience this year)
• Client and Internal Relations
• Leadership and Collaboration
• Professional English is required
• French and/or Dutch is required
• Fluency in both (FR/NL) is an asset

Experience and Project Management

• Experience with information security or IT governance
• Experience with strategic projects and PMO (> 15 years, last experience this year)
• Experience with cybersecurity project: governance, roadmap execution, and security program management (> 10 years, last experience this year)
• Proven track record in the public and regulated sectors drafting technical RFPs and managing procurement processes (> 10 years, last experience this year)
• Familiarity with public sector and procurement processes

Education Degree

• Master’s degree
• Certifications (an advantage): CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementor

In practice

Start date: 01/04/2026
Duration: 110 days
Working hours: Full time (40 hours/week)
Work location: rue Royale 202A, 1000 Brussels

Working conditions: At least two days per week in the office, depending on tasks and in agreement with the team; remote work permitted either from home or at the employer’s premises (in Belgium)
Team: Multidisciplinary, a mix of internal and external collaborators