Open/Close

Head of Information Security

Corporate Services Office
Belgium - Liège

Scope

The Head of Information Security is responsible for defining and steering EVS's global security strategy in alignment with corporate priorities, regulatory requirements (NIS2, CRA, ISO27000, NIST, etc.), and operational needs. Acting as a strategic advisor and governance lead, the Head of Information Security will design, implement, and animate the cybersecurity governance model, while supporting the structuring of operational and tactical roles across the organization.  This role is intended to establish a sustainable, business-aligned, and collaborative approach to information security, with a clear separation between governance and operational execution. 

Job Description

Cybersecurity Strategy & Roadmap  

  • Define and validate the overall cybersecurity vision and strategic objectives.
  • Establish and maintain a multi-year cybersecurity roadmap aligned with business risk appetite, regulatory compliance, and transformation goals.
  • Prioritize key areas such as access control, data protection, incident response, and infrastructure hardening.

Governance Structure Implementation

  • Deploy the cybersecurity governance model based on 3 levels: strategic (LT/Head of IT), tactical (Cybersecurity IT operations manager and R&D Security lead), and operational (Cyber Analysts, SOC).
  • Clarify roles, responsibilities, and escalation paths across IT, R&D, and corporate teams.
  • Drive the formalization of policies, charters, and decision-making processes.
  • Ensure that a BCP/DRP framework is defined, approved and monitored for the wider organisation.

Regulatory & Risk Alignment 

  • Define and maintain the security control framework of EVS, ensuring regulatory compliance (NIS2, CRA, GDPR) and alignment with recognised standards (ISO/IEC 27001, NIST CSF, CyFun framework of the CCB). Define the control baseline and assess the effectiveness.
  • Lead the formalization of the Information Security Management System (ISMS) baseline.
  • Provide status and reports on: ISMS effectiveness and maturity progression, regulatory compliance status (NIS2, CRA, GDPR), risk register evolution and treatment plans, findings and remediation from external audits (CAB, regulatory inspections), internal Audit findings on cybersecurity topics and management responses

Cross-Functional Collaboration

  • Work closely with the R&D Security, Head of IT Department and the Transformation Office to embed security into product, digital and infrastructure initiatives.
  • Interface with Legal, Compliance, and Procurement on risk and contractual matters.
  • Promote awareness and a security culture throughout the organization.
  • Support HR in obtaining security clearance of resources upon request.
  • Collaborate with Facility on the improvement of physical security

Lead incident response efforts

  • Define and deploy an incident response framework.
  • Ensure post-incident remediation and lessons learned 

Coaching & Handover

  • Coach the Security Officers to take ownership of mitigation actions. Guide the organization to create hands-on policies and implement procedures and measurable controls.
  • Ensure sustainability of the model through documentation and knowledge transfer. 

EXPECTED DELIVERABLES (1-6 MONTHS)

  • Formalized cybersecurity governance model and documentation
  • Prioritized cybersecurity roadmap (2025-2027)
  • ISO27001 compliance action plan
  • Integrate NIS2 & CRA EU regulation and NIST standards into the ISMS baseline 
  • Defined roles, processes and coordination flows for SOC, operational security and project security
  • Executive-level dashboard for security KPI’s, risks, and progress tracking
  • Defined BCP/DRP action plan

Profile

  • 10-15 years of experience in cybersecurity or information risk management
  • Experience with compliance frameworks (ideally ISO27001)
  • Experience building and maturing an ISMS
  • Great business acumen with demonstrated leadership in complex organizations
  • Strong interpersonal and communication skills
  • Demonstrated crisis and incident leadership
  • Strong decision-making skills
  • Fluent in English, knowledge of another language is an asset

Offer

Becoming Part of the EVS Team not only means that you will receive a competitive salary in line with your skills and the market, but also a range of other additional wellness and healthcare benefits. Our flexible schedules and hybrid way of working (homeworking) policies will help you preserve your work-life balance. EVS will give you the tools to develop your skills and your career by giving you the opportunities of internal mobilities and a wide range of trainings. We encourage our motivated talents with a friendly, lively, and inclusive environment.

Check out our website if you want to know more about why you should join EVS !

Apply for this job