Job Description & How to Apply Below
The Business Information Security Officer (BISO) acts as the primary point of contact for business units on all information security matters. You will play a key role in embedding the "security by design" principle across projects and operations, ensuring that risks are properly identified, assessed, and mitigated.
You will operate at the intersection of business, IT, and security, supporting both delivery teams and governance initiatives, while contributing to the organization's compliance efforts (notably ISO 27001 and NIS2).
Key responsibilities
Business partnering & Security advisory:
Act as the main security point of contact for assigned business units
Support stakeholders in adopting and implementing security by design principles
Translate security risks into actionable business and technical requirements
Secure project delivery (SDLC / s-SDLC):
Integrate security requirements throughout the Software Development Life Cycle (SDLC) and Secure SDLC (S-SDLC)
Collaborate closely with architects to ensure solutions align with security standards and best practices (infrastructure, cloud, network segmentation, etc.)
Define, document, and validate security requirements for projects and RFPs
Risk management:
Identify, assess, and document information security risks
Support the business in conducting risk assessments and defining mitigation strategies
Apply recognized methodologies such as EBIOS Risk Manager (or Agile Rm) where relevant
Vendor & solution Security:
Contribute to the selection of vendors by evaluating security posture and compliance
Ensure third-party solutions meet internal security requirements
Governance, risk & compliance (GRC):
Support Theciso Ingrc activities, including:
Reviewing and updating security policies
Designing and refining procedures and processes (e.g., SDLC frameworks)
Contribute to compliance initiatives, particularly:
ISO 27001
NIS2 directive readiness
Security projects:
Support and contribute to the implementation of key security initiatives such as:
IAM (Identity & Access Management)
PAM (Privileged Access Management)
Other transversal security programs
Incident & crisis management:
Actively support the organization during security incidents or crises
Collaborate with cross-functional teams to contain, remediate, and resolve incidents
Profile & skills
Technical expertise:
Strong understanding of IT environments
Infrastructure & networks (including network segmentation)
Cloud environments (Azure, AWS, or GCP)
Proven experience embedding security into projects (SDLC / Secure SDLC)
Solid knowledge of: ISO 27001
Security governance and risk frameworks
Familiarity with: EBIOS Rm / Agile Rm (considered a strong plus)
Functional skills:
Ability to bridge the gap between technical teams and business stakeholders
Experience in risk assessment, requirements definition, and RFP processes
Strong analytical mindset with a pragmatic approach to problem-solving
Languages:
Fluent in English
French/Dutch is a strong asset
Position Requirements
10+ Years
work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×