...
Tekst logo luidt "DE Publieke Partner" in vette letters, geflankeerd door horizontale lijnen boven en onder.

Information Security Officer (ISO) – EZK

Logo van het Ministerie van Economische Zaken en Klimaat van Nederland, met een blauw embleem met een wit Nederlands wapen en tekst in het Nederlands.

Aanvraagnummer: 34782
Contractvorm: Detachering
Organisatie: Ministerie van Economische Zaken en Klimaat
Locatie: Den Haag - Zuid-Holland
Uren per week: 36 per week
Tarief: 85 - 105 per uur
Duur van de opdracht: 6 maanden
Regio: Zuid-Holland
Startdatum: 13-04-2026
Optie tot verlenging: Mogelijk, maar nog niet bekend
Sluitingsdatum: 24-03-2026 Sluit morgen om 16:00

LET OP! Deze opdracht is gesloten


ZZP mogelijk: richttarief: 102,-

Opdrachtomschrijving
The purpose of this assignment is to act as the right-hand to the CISO by managing the day-to-day operations of the Information Security Management System (ISMS). The ISO needs to achieve a seamless translation of strategic security frameworks into concrete, practical measures, ensuring security is structurally embedded in NEO's daily business operations.

  • Co-managing the design and operation of the ISMS based on ISO 27001.
  • Organizing and guiding periodic risk assessments (e.g., using IRAM or ISO 27005) and translating outcomes into priorities.
  • Ensuring security is included in architecture and new projects via secure-by-design and secure-by-default principles.
  • Conducting or coordinating third-party risk assessments (supply chain risks).
  • Supporting the implementation of legal frameworks like NIS2 and ISO 27001.
  • Developing and maintaining practical security policies, standards, and guidelines.
  • Guiding internal controls, audits, and management reporting.

Deliverables

  • A fully operational and maintained ISMS (ISO 27001 compliant).
  • Completed and documented periodic risk assessments (IRAM/ISO 27005) with clear action plans.
  • Established and embedded secure-by-design processes for new IT projects and architecture.
  • Executed third-party risk assessments for key suppliers.
  • Fully developed and practically implemented security policies and guidelines.

Achtergrond opdracht
Reports to: CISO, Department Corporate Professions. Works closely with: IT/Security team, Information Manager, Enterprise Architects, Legal/Compliance. Acts as primary point of contact for information security governance, risk management, and ISMS operations within NEO.

Eisen

  • Active certification such as CISSP, CISM, CRISC or equivalent are required.
  • Proven experience with ISO 27001 (setting up/maintaining an ISMS) and risk analysis methodologies (IRAM, ISO 27005 or similar).
  • Familiarity with NIS2, supply chain security, and third-party risk management.
  • A completed higher professional (HBO).
  • Minimum 8 years of experience in information security or cybersecurity.
  • Extensive experience with Governance Risk and Compliance (GRC) within a complex organization (5 years).

Wensen

  • Strong analytical skills and experience with risk management.
  • Ability to structure and professionalize security governance.
  • Excellent communication skills (bridging the gap between tech and management).
  • Independence and a strong sense of responsibility.
  • Pragmatic mindset with a focus on workable solutions.
  • Organizational sensitivity and administrative insight.
  • Experience with ISO 27001 ISMS implementation and maintenance.
  • Knowledge of NIS2 requirements and implementation.
  • Experience with supply chain security and third-party risk assessments.
  • Familiarity with secure-by-design and secure-by-default principles.

Competenties

  • Experience working within the government, public sector, or other strongly governed, complex environments.
  • Pragmatic approach; the ability to translate complex security issues into workable solutions that fit the scale of the organization.
  • Strong advisory skills; the ability to independently prepare decisions, structure dossiers, and clearly communicate with both technical specialists and management.

Aanvullende Informatie
Doorleen is niet toegestaan.