A major public water utility in Belgium needs a CISO to develop and maintain its information security programme, with a focus on NIS2 and ISO 27001 compliance. The role sits in the compliance department and combines roadmap ownership, stakeholder management and change management to embed security across technology and operations.
The mission
The organisation operates large-scale water treatment and sewerage services and treats information security as part of operational resilience and regulatory compliance. The security function must deliver a governance and risk framework that meets NIS2 requirements, aligns with ISO 27001 principles and supports GDPR obligations.
You will be the primary IT security advisor to the compliance team, working closely with the compliance manager, the DPO office and the Head of Legal with direct access to the executive team. On a day-to-day basis you will define the information security roadmap, monitor security projects, run risk assessments and lead incident response and awareness activities to reduce operational and regulatory risk.
Your responsibilities
- Define and maintain the information security roadmap, ensuring initiatives map to business priorities and regulatory timelines.
- Lead risk identification and remediation, producing measurable reductions in residual risk through controls, supplier assessments and mitigation plans.
- Direct incident response and post-incident investigations, coordinating technical teams, external responders and executive reporting.
- Drive compliance activities for NIS2, ISO 27001 and GDPR, preparing evidence for audits and tracking corrective actions.
- Communicate security strategy and progress to senior stakeholders, translating technical risk into business decisions and investment cases.
- Manage change by embedding security requirements into projects and monitoring delivery against milestones and KPIs.
Your profile
Essential skills
- Proven capability in information security governance and compliance, with practical knowledge of NIS2 and ISO 27001.
- Strong stakeholder management, able to engage operational teams, legal owners and executives to secure decisions and budgets.
- Demonstrated experience in project monitoring and roadmap delivery, keeping multiple security initiatives on track.
- Effective communication skills, able to write clear policies, produce executive briefings and run awareness sessions.
- Experience leading incident response and coordinating cross-functional technical and third-party teams.
- Comfortable with change management practices and integrating security into business-as-usual processes.
Preferred skills
- Experience in regulated or critical infrastructure environments is highly relevant.
Education
- Degree or equivalent experience in IT, information security or a related discipline.