Chief Information Security Officer (CISO)

Location: Tubize, Belgium

Thales people architect solutions at the heart of the defence-security continuum. Interoperable and secure information and telecommunications systems for defence, security, and civil operators, are based upon innovative use of radiocommunications, networks, and cybersecurity. We are ground breaking new digital technologies such as 4G/5G mobile communications, cryptography, cloud computing and big data for use in physical protection systems, and critical information systems.

Thales Belgium SA, Belgium competence center of Thales, is a company located on 2 sites, one in Tubize (near Brussels) and the other one in Herstal (near Liège). Thales Belgium, which employs more than 280 collaborators, is specialized in the design, development and supply of critical information systems for customers in the sectors of Defense, Security (including Cyber) and Aerospace.

Position Summary

The CISO is responsible for all aspects of information security and cyber security across all of IT including support developing, deploying and maintaining a robust security strategy with solid security policies; protocols and procedures across enterprise security architecture, security operations center, datacenter security, and network security including cloud and applications security with appropriate security measures and initiatives. This role also advises senior leaders and other stakeholders on the further development, implementation and management of a countrywide IT security infrastructure that contains appropriate control objectives for system integrity, availability, reliability, resilience, confidentiality and assurance to company, industry and international standards.
CISO Community: engage with and contribute to the group CISO community ; NG role: PO/SO for local security squad

Essential Functions / Key Areas of Responsibility

•      Identifying and prioritizing cybersecurity risks and reporting them to local CIO and EUROPE CISO.

•      Ensure strategic alignment of the region approach to IS/IT Security is compliant with legal and regulatory requirements, Group standards and aligned with business objectives.

•      Ensure security program & plans are in place and actions are implemented to manage the risk of adverse impacts from any external or internal attack on the region IT/IS are reduced to an acceptable level.

•      Ensure appropriate budget and resources are allocated to support the security program at region level

•      Be a member of the Group Information System Security Community – sets and approves IS security policy decisions and exceptions.

•      Ensure security incidents are coordinated and managed with the Central Security body through EUROPE CISO

•      Coordinate regionally under the supervision of the Cert Incident Response Activities.

•      Gain acceptance of proposed security solutions by the various security accrediting bodies within Group CISO

•      Respect Group IS/IT standards and strategy.

•      Review strategies, operational changes and projects to ensure appropriate security controls are applied.

•      Review proposed enterprise architecture strategies and designs to ensure that new risks are not introduced into company, and to suggest changes that may increase functionality and help reduce existing risks.

•      Maintain /Coordinate an understanding of current and emerging security threats that may affect the company now or in the future.

•      Undertake / Coordinate forensic investigations and analysis as required on company computer assets in support of HR led investigations.

•      Liaise with Legal in regards to export control requirements in systems and manage any e-discovery requirements that the company are required to undertake.

•      Undertake governance responsibilities for technology based Defense regulations and policies and report the company state of compliance to the Governmental Boards in charge.

•      Provide regular updates to the CIO and EUROPE CISO regarding achievements, issues and goals

•      Review and ensure the follow up of remediation plans with EUROPE CISO

•      Acts as the first point of contact for internal and external audits.

Minimum Requirements: Skills, Experience & Education

• Bachelors (Masters preferred) Information Technology and/or Information Security (Degree or equivalent).
• 5+ years of leadership experience overseeing security initiatives in a medium to large enterprise.
• Obtained one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC), ISO27001 Lead Implementer; Project Management Professional (PMP/Prince2); or other related certifications.
• Obtained Cosmic Top Secret (CTS) Security Clearance is a huge asset.
• Demonstrable experience of emergency preparedness, critical incident management, business continuity and disaster recovery.
• Experienced with medium to large IT Infrastructure and/or IT security projects, e.g. firewall deployment, NAC implementation, web proxy upgrade etc.
• Prior experience with information security framework, secure network architecture and design, cloud computing, and secure application architecture/design.
• Proven experience of leading a multidisciplinary team.
• Strong working knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment and monitoring tools, encryption, certificate authority, and cloud networks.
• Experienced in developing policies and procedures for identity and access management, security programs, security procedures, security standards, requirement definition, and project management plans.
• Adept in creating business cases and user cases including the ramification of various system, network and application security decisions and recommendations.
• Experience in managing IT responses to internal and external audit campaigns
• Articulate with strong verbal and written communication skills including technical and non-technical audiences.
• Business proficient  in English and French

Preferred Qualifications

•              Experienced in working within a centralized/decentralized matrix business environment.

•              Knowledge of SEI’s CMMI model for secure software development.

•              Broad experience of conducting risk assessments including presenting recommendations to c-suite

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!

Interested?
Apply now! Click on the button below to upload your profile and show your interest.

Diversity Statement
We actively support a working pattern that suits your lifestyle and helps you reach your ambitions. That means that equal opportunities, inclusion and an informal culture are integral to our success. It also means that your well-being and happiness matter to us! That’s why we offer you the flexibility to do what’s important to you; whether that’s part time hours, job sharing, remote working, or the ability to flex your start and finish times.