Domain Lead ISMS

As the ISMS (Information Security Management System) Area Lead at YPTO, you will be responsible for overseeing the SNCB’s ISMS, providing guidance to the Information Security Steering Committee for implementation of information security policy in the organization. Additionally, you will act as an authority in developing, implementing, and maintaining the ISMS, and its policies, as well as the authority for appropriate audit conformity, in alignment with academic theories, industry standards, and legal requirements. Your role will also involve promoting cybersecurity awareness and best practices within the organization.

Continuous Improvement of the ISMS:

• Develop a repeatable and quantitative ISMS management process based on academic theories, industry standards, and models.

• Identify improvements to enhance the efficiency and consistency of the ISMS and policy management process through tooling.

• Ensure prioritization and quality assurance of tasks within the GRC team, the ISSG and the GRC team.

• Provide coaching and guidance to the CISO, GRC team and the ISSG, as needed.

Assist in the selection of new team members with the requisite qualifications and skills.

Improve and Maintain the ISMS policy management process:

• Enhance and maintain the GRC team's capabilities and services to SNCB.

• Align the ISMS and policy management process with other SNCB policy management processes.

• Manage all aspects of the lifecycle management of capabilities and services, including designing, implementing KPIs/KRIs, documenting procedures, identifying and addressing operational and quality risks to the program in cooperation with the Risk lead, and monitoring external suppliers.

• Report to internal stakeholders on KPIs, planning, capacity, and quality.

Knowledge Transfer:

• Collaborate with other leads of the GRC Team to enable synergies.

• Assist colleagues within the CISO office and Ypto in understanding information security and risk management.

• Mentor junior CISO team members to facilitate their professional development.

Requirements

• 10 years of relevant experience in information security management.

• Certifications such as CISSP, CISA, CISM, ISO27001 lead implementer or auditor, CRISC are considered advantageous.

• Master's degree or higher, preferably with a background in statistics and econometrics.

• Proficiency in Dutch or/and French (C2) (both is preferable) and English (C1).

• Expert knowledge of cybersecurity and privacy standards, frameworks, policies, regulations, and best practices.

• Proven track record of implementing an ISMS in large organizations.

• Experience with ISMS tooling (e.g., CertKit, Sprinto, Cyberday, Vanta, OneTrust or LogicGate: ) is a plus.

• Strong network and active participation within the GRC and/ or Information Security  Community is preferred.

                                                                                                                                     

Our offer

Within our open corporate culture, you contribute to the digital transformation of SNCB. You will have a job with social impact and ample opportunity to make your own contribution. In addition to a good work-life balance and a competitive salary, you will receive the following benefits:

• the possibility to work remotely + flexible working hours;

• 35 days of leave;

• a company car + a public transport season ticket;

• a target bonus;

• a comprehensive insurance package (affiliation without own contribution, excl. outpatient costs for family members);

  • hospitalisation and dental care for the whole family;

  • outpatient costs (= medical costs separate from hospitalisation);

  • group insurance: supplementary pension, work disability and death (cafeteria plan);

  • accidents at work (extralegal);

• meal vouchers and eco-vouchers;

• net allowances for remote working and carwash + internet budget.