GRC & Compliance

Information Security Officer – Security Office Lead

Zuid HollandConsultancyHybrideSenioroverheid

Over de opdracht

You join a new security office within a leading organisation in the public sector. Your mission: translate security policy and frameworks into actionable governance for the organisation, manage the PDCA cycle (ISMS, GRC), and advise executive stakeholders on information security and privacy risks.

You work independently to embed security-by-design principles across all digital initiatives. You ensure technical solutions meet security and compliance requirements. You'll shape an emerging security function from the ground up—high impact, high autonomy.

Jouw werkzaamheden

Build and structure the security office, defining governance, roles, and compliance workflows
Translate security policy into practical frameworks aligned with NIS2, BIO2.0, and ISO 27001
Manage the PDCA cycle for the Information Security Management System (ISMS) and GRC processes
Advise senior leadership and governance bodies on security and privacy strategy
Integrate security-by-design principles into all digital initiatives and architecture decisions
Prepare and support external audits (ENSIA, ISO 27001 certification)
Drive GRC platform implementation and configuration (ServiceNow, Archer, or equivalent)

Tech Stack & Tools

Platforms & Tooling

ServiceNow GRCArcherOneTrust

Frameworks & Standaarden

ISO 27001NIS2BIO2.0ISMSPDCANIST Cybersecurity Framework

Cloud & Infrastructure

AWSAzure

Methodieken

Security-by-designRisk-based approachENSIA audit preparationEnterprise architecture

Certificeringen (pré)

CISSPCISMCRISCCISAISO 27001 Lead AuditorTOGAFArchiMate Practitioner

Must-haves

Bachelor's or Master's degree in IT, Computer Science, Cybersecurity, or related field
At least 5 years in IT security, architecture, or risk management in government or financial services
At least 3 years implementing NIS2, BIO2.0, or ISMS frameworks
Fluent in Dutch and English (C1 level) for cross-functional communication
Current certification: CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Auditor/Implementer
At least 2 years in second-line management within government or large public organisations

Nice-to-haves

Experience with GRC platforms (ServiceNow, Archer)
Knowledge of technical and security architecture principles (TOGAF, ArchiMate)
Cloud certifications (AWS Security Specialty, AZ-500, CCSK)
Hands-on audit preparation experience (ENSIA, ISO 27001)

Wat wij bieden

Build security governance from the ground up with full autonomy
Work with cutting-edge GRC and ISMS frameworks at government scale
Shape security strategy for a critical national organisation
Collaborate with executive stakeholders on high-impact initiatives
Competitive package aligned with public sector standards
Personal guidance from a dedicated MVPeople consultant who knows your niche

Het proces

Kennismaking

Telefonisch gesprek met je MVPeople consultant (binnen 24 uur)

Match & Brief

We bespreken de opdracht in detail en bereiden je voor

Klantgesprek

Introductie bij de opdrachtgever

Start

Contractering en onboarding

Details

Type

Consultancy

Locatie

Zuid Holland

Werkmodel

Hybride

Niveau

Senior

Sector

overheid

Geplaatst

25 maart 2026

Contact

MVPeople Group

jobs@mvpeoplegroup.com

Reageer direct Meer informatie

Vergelijkbare vacatures

Change ManagementConsultancy