Omschrijving

The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). The ISO needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations. Responsibilities: Co-managing the design and operation of the ISMS based on ISO 27001. Organizing and guiding periodic risk assessments (e.g., using IRAM or ISO 27005) and translating outcomes into priorities. Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles. Conducting or coordinating third-party risk assessments (supply chain risks). Supporting the implementation of legal frameworks like NIS2 and ISO 27001. Developing and maintaining practical security policies, standards, and guidelines. Guiding internal controls, audits, and management reporting. Deliverables: A fully operational and maintained ISMS (ISO 27001 compliant). Completed and documented periodic risk assessments (IRAM/ISO 27005) with clear action plans. Established and embedded secure-by-design processes for new IT projects and architecture. Executed third-party risk assessments for key suppliers. Fully developed and practically implemented security policies and guidelines

De informatieanalist analyseert op basis van organisatieonderzoek de behoeften aan informatie van een organisatie en/of gebruikers. Hij vertaalt de onderzoeksresultaten in geïdentificeerde objecten en in het informatie- of gegevens- of datamodel. Ook wel functioneel ontwerp genoemd. Het vakgebied informatievoorziening vernieuwt zichzelf voortdurend en geeft mogelijkheden voor vernieuwing of verbetering van IV-bedrijfsprocessen en organisatie. Informatieanalyse toont zich initiatiefvol in de vertaling van technologische en maatschappelijke ontwikkelingen, maar ook in het (doen) uitvoeren van onderzoek naar de kwaliteit van de IV-bedrijfsprocessen en het vertalen daarvan naar realistische mogelijkheden voor verbetering van- en consequenties voor de IV-bedrijfsvoering

Aanvullende kennisgebieden

Architectuur : TOGAF practitioner Bestuurlijke informatica : Bachelor Bedrijfskundige Informatica Informatiebeveiliging : Information Security Foundation based on ISO/IEC 27002 Ontwikkeling informatiesystemen : Ontwikkeling Informatiesystemen Foundation, Object Oriëntatie Foundation Applicatiemanagement : Applicatiemanagement Foundation Servicemanagement : ITSM Foundation; ITIL Foundation

Functie eisen

Certificaat
Informatiemanagement

• Active certification such as CISSP, CISM, CRISC or equivalent are required.
• Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).
• Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).

Governance, Risk, and Compliance (GRC) within a complex organization

• Familiarity with NIS2, supply chain security, and third-party risk management.

Minimum 8 years of experience in information security or cybersecurity.

Extensive experience with Governance, Risk, and Compliance (GRC) within a complex organization (5 years)

Functiewensen

Experience working within the government, public sector, or other strongly governed, complex environments. Pragmatic approach; the ability to translate complex security issues into workable solutions that fit the scale of the organization. Strong advisory skills; the ability to independently prepare decisions, structure dossiers, and clearly communicate with both technical specialists and management

Strong analytical skills and experience with risk management. Ability to structure and professionalize security governance. Excellent communication skills (bridging the gap between tech and management). Independence and a strong sense of responsibility. Pragmatic mindset with a focus on workable solutions. Organizational sensitivity and administrative insight.

Experience with ISO 27001 ISMS implementation and maintenance. Knowledge of NIS2 requirements and implementation. Experience with supply chain security and third-party risk assessments. Familiarity with secure-by-design and secure-by-default principles.

Inzetgegevens
13-04-2026 tm 12-10-2026 met optie verlenging
36 uur per week
Den Haag
ZZP: Nee

Stuur ons uiterlijk 25 maart 2026, voor 12:00 uur jouw NL CV in Word, motivatie, beschikbaarheid en uurtarief.

Met vriendelijke groet,

Naima Moro
Resource Manager
+31 634323034