Hydria wishes to hire an internal auditor in the context of preparation for verification and certification on NIS. The auditor must be an experienced infosecurity specialist who is well-versed in the NIS2 legislation.

This assignment aims to engage a specialist in order to

• undertake the necessary actions based on the CyberFundamentals Framework (guiding Hydria in setting up a security policy in accordance with art 30 and following of the NIS2 law and solutions, drafting or adapting policies, documenting and adjusting processes), specifically for Hydria but fully according to the guidelines of and using materials provided by the CCB to achieve the NIS-2 Basic security level in a timely manner, at the latest by April 18, 2026,
• conduct an internal audit, in preparation for the verification by an assessment body, with the goal of identifying any remaining shortcomings and resolving them in a timely manner,
• represent Hydria during the verification itself by an accredited and recognized conformity assessment body.

The person

• knows Hydria and the sectors in which Hydria operates well;
• has a good affinity with the functioning of governments;
• has solid experience working on IT projects;
• understands the legal framework under which Hydria operates;
• has at least 15 years of experience in information security (practical, organizational, and legal aspects);
• holds a degree in civil engineering, industrial engineering, or a master's in computer science, preferably complemented by a master's degree in management (MBA);
• has proven experience in drafting disaster recovery plans and business continuity plans;
• has excellent knowledge of security in an industrial environment (including OT security);
• has extensive experience in performing risk analyses and frameworks such as ISO2700X, ETSI, etc;
• has excellent knowledge of the NIS2 legislation, and also of the common frameworks around it;
• has strong technical knowledge of and practical experience with the conformity requirements of the frameworks accepted by the Belgian legislator in the context of NIS2 compliance (CyFun, ISO27001), preferably with hands-on experience regarding concrete measures (network segregation, cryptography, SSL certificates, etc);
• has demonstrable experience in screening/negotiating with/auditing suppliers, both in terms of privacy and in terms of information security in general;
• has a good understanding of authentic sources;
• has good demonstrable contacts with supervisory authorities such as the data protection authorities, the CCB, etc;
• has excellent experience in risk management and knows related frameworks;
• has concrete experience in monitoring, managing, and reporting data breaches and incidents in general, and can translate this to legal requirements;
• has experience in drafting data classification systems and accompanying acceptable use policies;
• is skilled in analyzing problems and finding solutions.

Additional information:

The assignment can be extended to a maximum duration (including the initial duration) of 880 working days.