[Interim] Chief Information Security Officer (CISO)

• Draft and maintain the organisation's information security policy framework
• Develop an Information Security Plan with a corresponding implementation roadmap
• Advise the board and senior management on security, privacy, and compliance
• Map and assess security risks across both IT and OT environments, and propose mitigating measures to safeguard business continuity
• Report on progress of the Cyber Security programme and observed risks
• Drive security awareness across the organisation
• Manage external suppliers to ensure they meet defined security requirements

Do you have a Bachelor's degree?, * HBO or WO degree with a specialisation in Information (Security) Technology or Cyber Security

• Minimum 5 years of experience in information security or cyber security
• Active certification in information security management: CISO, CISM, or CISSP
• Strong knowledge of relevant standards and frameworks: ISO 27001/27002/27017, IEC 62443-series, ISAE 3402, and BIO
• Experience with EDP audits and conducting internal compliance audits
• Broad technical knowledge of IT applications, infrastructure, networks, and security - with specific depth in Microsoft and Cloud architecture
• Working knowledge of Operational Technology (OT)
• Familiarity with vulnerability types, attack techniques, and security concepts
• Experience managing vendors against security requirements
• Full-time availability for the contract period, with flexibility on working hours
• Fluency in Dutch (required)

The following are a plus:

• Experience with project management methodologies such as PRINCE2 or Agile Scrum

Our client is one of the Netherlands' most established public transport operators, with nearly 150 years of history connecting a major Dutch city and its surrounding region. The organisation is undergoing active development across its IT and operational technology landscape - and is looking for a CISO to lead its information security function during a critical phase of that journey. Sitting within the Security Office (part of the CIO Office), you own the information security agenda end-to-end: policy, risk, compliance, and awareness. You advise the board, steer security implementation across IT and OT environments, and ensure the organisation meets its legal and regulatory obligations. This is a senior, autonomous role with direct board-level exposure and real mandate to shape how security is managed across a complex, operationally critical environment., Riverflex was founded in Amsterdam and London in 2018, eventually growing into a global team of consultants united by a mission to help courageous leaders drive transformative change. Today, we offer an integrated service through three service pillars: strategy and transformation consulting that Creates Change, talent services that Build Teams, and business-accelerating products that Augment Intelligence. For more information, visit www.riverflex.com.