Information Security - Program Manager

The organisation is a large federal public-sector body responsible for critical services, currently strengthening its information security governance and compliance. The role Information Security - Program Manager will support the CISO team by owning programme-level delivery across Identity and Access Management and SOC/SIEM-related initiatives, coordinating policy, compliance and strategic PMO activities.

The Mission

The immediate project is to consolidate the organisations information security strategy and roadmap, align ISMS controls with ISO 27001 and NIS2 requirements, and accelerate GDPR compliance work across business units. Work spans a multidisciplinary team of internal and external collaborators, involves drafting procurement documentation for technical suppliers, and feeds monthly maturity and compliance reports into executive briefings. The assignment starts in April 2026 and runs for 110 days.

Day to day you will prepare the strategic files the CISO uses in governance forums, track KPIs and maturity levels, and coordinate delivery of cross-cutting security projects such as IAM improvements, SOC/SIEM deployment and incident-response exercises. You will run workshops, support internal audits and risk assessments, and ensure projects and policies remain aligned with regulatory timelines and resource constraints.

Your Responsibilities

• Lead programme coordination to deliver the information security roadmap, ensuring milestones, budgets and supplier procurements stay on track
• Own compliance reporting and maturity tracking, producing clear outputs for senior management and auditors
• Drive governance and policy updates, translating ISO 27001, NIS2 and GDPR requirements into implementable controls and procedures
• Coordinate technical project delivery for IAM and SOC/SIEM, ensuring operational requirements and handover to operations are met
• Facilitate stakeholder workshops, awareness campaigns and training plans that raise organisational security maturity
• Support incident response coordination and post-incident reviews to improve processes and reduce repeat risks

Your Profile

Essential Skills

• Deep practical expertise in Identity and Access Management, with more than 10 years of hands-on experience
• Proven track record implementing SOC/SIEM and coordinating incident response, 5+ years
• Strong experience with ISO 27001/27002, NIS2 and GDPR compliance and translating regulation into policy, 5-15+ years as indicated
• Demonstrable PMO and programme management experience on strategic cybersecurity projects, 10+ years
• Experience drafting technical RFPs and managing procurement in public or regulated sectors
• Ability to communicate complex security topics to non-technical senior stakeholders and influence decision-making

Languages

• English, C1
• French, B2 (or higher) — fluency in both French and Dutch is an asset
• Dutch, B2 (or higher)

Education

• Masters degree or equivalent experience

Certifications such as CISSP, CISM, CISA, CRISC or ISO 27001 Lead Implementer are an advantage.