Functieomschrijving:

Opdrachtbeschrijving

The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). The ISO needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations.

Responsibilities

• Co-managing the design and operation of the ISMS based on ISO 27001.
• Organizing and guiding periodic risk assessments (e.g., using IRAM or ISO 27005) and translating outcomes into priorities.
• Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles.
• Conducting or coordinating third-party risk assessments (supply chain risks).
• Supporting the implementation of legal frameworks like NIS2 and ISO 27001.
• Developing and maintaining practical security policies, standards, and guidelines.
• Guiding internal controls, audits, and management reporting.

Deliverables

• A fully operational and maintained ISMS (ISO 27001 compliant).
• Completed and documented periodic risk assessments (IRAM/ISO 27005) with clear action plans.
• Established and embedded secure-by-design processes for new IT projects and architecture.
• Executed third-party risk assessments for key suppliers.
• Fully developed and practically implemented security policies and guidelines.

Achtergrond opdracht

Reports to: CISO, Department Corporate Professions. Works closely with: IT/Security team, Information Manager, Enterprise Architects, Legal/Compliance. Acts as primary point of contact for information security governance, risk management, and ISMS operations within NEO.

Over de klant:

Organisatorische context

Het ministerie van Klimaat en Groene Groei werkt (KGG) samen met zijn partners aan een schoner en sterker Nederland. Door te werken aan een klimaatneutrale samenleving en door te investeren in mensen, innovatie en duurzame energie. Zodat we de kansen kunnen pakken voor een duurzame toekomst en ervoor zorgen dat iedereen hieraan een bijdrage kan leveren. Nu én later.

Eisen:

• Active certification such as CISSP, CISM, CRISC or equivalent are required.
• Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).
• A completed higher professional (HBO) education.
• Minimum 8 years of experience in information security or cybersecurity.
• Extensive experience with Governance, Risk, and Compliance (GRC) within a complex organization.

Wensen:

• Experience working within the government, public sector, or other strongly governed, complex environments.
• Pragmatic approach; the ability to translate complex security issues into workable solutions that fit the scale of the organization.
• Strong advisory skills; the ability to independently prepare decisions, structure dossiers, and clearly communicate with both technical specialists and management.
• Strong analytical skills and experience with risk management.
• Ability to structure and professionalize security governance.
• Excellent communication skills (bridging the gap between tech and management).
• Independence and a strong sense of responsibility.
• Pragmatic mindset with a focus on workable solutions.
• Organizational sensitivity and administrative insight.
• Experience with ISO 27001 ISMS implementation and maintenance.
• Knowledge of NIS2 requirements and implementation.
• Experience with supply chain security and third-party risk assessments.
• Familiarity with secure-by-design and secure-by-default principles.

Competenties:

• Experience working within the government or complex environments.
• Pragmatic approach with strong advisory skills.
• Excellent communication and organizational sensitivity.

Opdrachtdetails:

Interesse?

Stuur ons dan uiterlijk 25 maart 2026, voor 17:00 uur je recente CV + motivatie voor deze rol, samen met je beschikbaarheid/geplande vakanties en je all-in uurtarief excl. BTW.

Voor vragen over deze procedure kunt u contact opnemen met Rogier Reijgwart

"Houd er rekening mee dat vacatures soms eerder kunnen sluiten. Om uw aanbieding zo goed en snel mogelijk te verwerken, vragen wij u vriendelijk om deze altijd via onze website in te dienen. Aanbiedingen die wij zonder overleg per e-mail ontvangen, kunnen wij helaas niet in behandeling nemen."