ZZP mogelijk: richttarief: 102,-

Opdrachtomschrijving
Let erop dat u voordat u een kandidaat aanbiedt de Aanbiedingsrichtlijnen doorneemt, gebruik maakt van het “standaard reactie formaat” (downloadbaar tijdens aanbiedingsprocedure) en dat het aangeboden CV een Word-document is van maximaal 5 A4.
De aanbesteding EZ is (mede) gegund aan de combinatie Yellow Friday en Sogeti. De inleen van niet-eigen personeel geschiedt door Yellow Friday. De contractering (en dus ook het accountmanagement) geschiedt door Sogeti. Er is hier geen sprake van doorleen en tariefstapeling, omdat we naar EZ toe één aanbieder zijn
The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). The ISO needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations. Responsibilities:

• Co-managing the design and operation of the ISMS based on ISO 27001.
• Organizing and guiding periodic risk assessments (e.g., using IRAM or ISO 27005) and translating outcomes into priorities.
• Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles.
• Conducting or coordinating third-party risk assessments (supply chain risks).
• Supporting the implementation of legal frameworks like NIS2 and ISO 27001.
• Developing and maintaining practical security policies, standards, and guidelines.
• Guiding internal controls, audits, and management reporting.

Deliverables:

Achtergrond opdracht

Reports to: CISO, Department Corporate Professions Works closely with: IT/Security team, Information Manager, Enterprise Architects, Legal/Compliance Acts as primary point of contact for information security governance, risk management, and ISMS operations within NEO.

Eisen

• Active certification such as CISSP, CISM, CRISC or equivalent are required.
• Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).
• Familiarity with NIS2, supply chain security, and third-party risk management.
• A completed higher professional (HBO)
• Minimum 8 years of experience in information security or cybersecurity (8 jaar)
• Extensive experience with Governance Risk and Compliance (GRC) within a complex organization (5 jaar)

Wensen

• Strong analytical skills and experience with risk management.
• Ability to structure and professionalize security governance.
• Excellent communication skills (bridging the gap between tech and management).
• Independence and a strong sense of responsibility.
• Pragmatic mindset with a focus on workable solutions.
• Organizational sensitivity and administrative insight.
• Experience with ISO 27001 ISMS implementation and maintenance.
• Knowledge of NIS2 requirements and implementation.
• Experience with supply chain security and third-party risk assessments.
• Familiarity with secure-by-design and secure-by-default principles.

Competenties

• Experience working within the government, public sector, or other strongly governed, complex environments.
• Pragmatic approach; the ability to translate complex security issues into workable solutions that fit the scale of the organization.
• Strong advisory skills; the ability to independently prepare decisions, structure dossiers, and clearly communicate with both technical specialists and management.

Aanvullende Informatie
Doorleen is niet toegestaan. Levering door Yellow Friday aan EZK geschiedt via Sogeti. Hier is geen sprake van ketenvorming/doorleen, want Yellow Friday heeft de aanbesteding samen met Sogeti uitgevoerd en is formele onderaannemer.