Information Security and Risk Specialist

Information Security & Risk Specialist (ISO 27001:2022) – Energy

Location: Brussels

Hybrid: 2 days a week

My client is looking for an Information Security Specialist to join the team in Brussels. The successful candidate will have the opportunity to work in a hybrid model, allowing for a blend of remote and in-office work to support a good work-life balance. You will work within the Service Delivery team. You will be managing all security related activities for the software development and service coordination in scope of the business. This role will expand in the future into further business areas with a long-term security impact beyond.

Responsibilities and tasks

• Maintain and continuously improve the specific security policies.
• Ensure security integration into the Software Development Lifecycle (SSDLC) by collaborating with product owners to implement security best practices.
• Lead and follow up on non-functional security testing (code scanning, penetration testing, threat modelling) and the yearly security auditing campaign, ensuring follow-up as part of the risk management process.
• Manage the related security risks in the context of our software development and coordination activities, work with product owners and software development teams on managing identified risks.
• Provide security expertise to testing teams to enhance security coverage in functional test cases.
• Organise and perform security trainings for the teams.
• Support the architecture design activities with security related knowledge.
• Act as the single point of contact for the business, while advising and coordinating its activities related to overall parties’ compliance and risk management.
• Represent in security related forums on association level.
• Support activities of our digital section to increase organizational maturity in terms of information security.

Profile

• 5+ years of experience in IT and cybersecurity domains.
• Degree in IT (Information Technology), OT (Operational Technology), or equivalent experience.
• CISSP certification or equivalent experience would be an asset. Additional certifications such as CISM, OSCP, CEH, or equivalent are considered a strong asset. Proven experience in implementing and monitoring Information Security Management Systems (ISMS) is essential.
• Strong knowledge of information security standards such as ISO 27001:2022, ISO 27002.
• Technical expertise in security technologies such as cryptography, network security, intrusion detection, access control models, authentication mechanisms, and security policies (GPOs).
• Experience with security monitoring tools (e.g., SIEM, IDS/IPS). Strong analytical and risk management skills, with the ability to assess and mitigate security risks.
• Strong experience in security governance, risk assessments, and project coordination.
• Familiarity with issue tracking and content management systems (e.g., JIRA, SharePoint, or similar tools) is beneficial.
• Excellent written and verbal communication skills in English, with the ability to collaborate across technical and business teams.
• Ability to work both independently and as part of a team in a self-organized manner.
• Experience working in international teams is preferred.