Key responsibilities

Establish Governance and Build Knowledge 

• Establish and maintain the cybersecurity governance structure
• Provides regular reporting on the status of the cybersecurity program
• Develops, socializes and coordinates approval and implementation of security policies
• Directs the creation of a targeted cybersecurity awareness training program for all employees
• Advises on the cyber risk posture of the organization, including the mandatory application of controls
• Coordinates security programs globally and mobilize employees in all locations

Lead the Organization 

• Leads the cybersecurity function across the company
• Determines the cybersecurity approach and operating model in consultation with stakeholders
• Manages an effective cybersecurity organization, consisting of direct reports and dotted line reports.
• Defines and facilitates the processes for cybersecurity risk and for legal and regulatory assessments.
• Ensures that security is embedded in the project delivery process by providing the appropriate cybersecurity policies, practices and guidelines
• Manages and contains cybersecurity incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
• Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
• Develops and oversees effective resilience policies and standards
• Coordinates the development of implementation of incident response plans and procedures
• Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem
   

Set the Strategy 

• Develops a cybersecurity vision and strategy
• Develops, implements and monitors a strategic, comprehensive cybersecurity program to ensure appropriate levels of confidentiality, integrity, availability of information assets owned, controlled or/and processed by the organization as well as the meeting of safety, privacy, reliability and resilience requirements as needed.
• Works effectively with business units to facilitate cybersecurity risk assessment and risk management processes.
   

Build the Network and Communicate the Vision 

• Creates the necessary internal networks
• Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks
• Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies
• Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures.

• Demonstrated experience and success
• Master’s degree in computer science, engineering, or a relevant field.
• Minimum of 15 years of experience in information technology and data management, with a proven track record as Chief Information Security or in a similar managerial role within an international environment
• Preferably, knowledge of the Life Science environment.
• Excellent organizational and leadership skills, with a proven ability to effectively lead and manage teams. 
• Strong managerial qualities coupled with strategic vision and a business mindset to define the Information Security roadmap and execution plan.
• Extensive knowledge of IT systems, data and infrastructure.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
• Sound knowledge of business management and a working knowledge of cybersecurity risk management and cybersecurity technologies
• Experience in managing IT systems and large company-wide projects.
• Financial/budget management, scheduling and workforce management

Languages

Fluent in English and French ideally

Location

Ghent, Paris or Rotterdam preferably.

Reporting

The position will report to the Group CIO