Chief Information Security Officer (CISO)

A major federal agency responsible for social and reception services is strengthening its information security and IT resilience. The Chief Information Security Officer will own cyber security strategy and governance, leading cryptography, identity and access management (IAM) and perimeter controls such as firewall management across the organisation.

The mission

The role sits at the intersection of executive leadership, the IT department and federal authorities, with a focus on information security and resilience. You will maintain and evolve a compliance posture that meets NIS2 and GDPR requirements, oversee security audits, and ensure technical protections from endpoint to network, including Microsoft EntraID and client/server architecture.

Day to day you will set security strategy and policies, assess and report IT risk to the executive team, and coordinate incident response with the IT department. You will lead the writing and enforcement of security procedures, run periodic controls, drive employee awareness programmes, and act as the primary cybersecurity interlocutor with federal auditors and regulators.

Your responsibilities

• Define and maintain the organisation-wide information security strategy, policies and governance to protect confidentiality, integrity and availability.
• Lead incident response and coordinate communication with IT, executive leadership and federal authorities to contain and remediate security events.
• Report IT risk and security metrics to the Executive, translating technical findings into business risk and control recommendations.
• Drive compliance activities for NIS2 and GDPR, organise and support federal audits, and implement remediation plans from audit findings.
• Oversee technical protection measures including cryptography, IAM, firewall configuration and endpoint controls to reduce exposure and detect threats.
• Design and manage periodic security controls and awareness campaigns to raise staff maturity and reduce human risk.

Your profile

Essential skills

• Minimum 10 years of enterprise IT experience with at least 5 years focused on information security, either operational or organisational.
• Proven technical knowledge of cryptography, identity and access management, firewall technologies and general network architecture.
• Practical experience with Microsoft EntraID, client/server architectures and network technologies in an enterprise environment.
• Demonstrated ability to align cybersecurity risk with operational priorities and to communicate risk decisions to non-technical executives.
• Experience implementing and reporting on NIS2 and GDPR compliance, and managing federal security audits.
• One or more of the following certifications is strongly preferred: CISSP, CISM, CISA, ISO27001 or ISO27005.

Education

• Master in Computer Science, Information Security, Systems Engineering or equivalent professional experience.