Huxley Associates Belgium - BISO

The Business Information Security Officer (BISO) acts as the primary point of contact for business units on all information security matters. You will play a key role in embedding the "security by design" principle across projects and operations, ensuring that risks are properly identified, assessed, and mitigated.

You will operate at the intersection of business, IT, and security, supporting both delivery teams and governance initiatives, while contributing to the organization's compliance efforts (notably ISO 27001 and NIS2).

Key responsibilities

Business partnering & Security advisory:

Act as the main security point of contact for assigned business units

Support stakeholders in adopting and implementing security by design principles

Translate security risks into actionable business and technical requirements

Secure project delivery (SDLC / s-SDLC):

Integrate security requirements throughout the Software Development Life Cycle (SDLC) and Secure SDLC (S-SDLC)

Collaborate closely with architects to ensure solutions align with security standards and best practices (infrastructure, cloud, network segmentation, etc.)

Define, document, and validate security requirements for projects and RFPs

Risk management:

Identify, assess, and document information security risks

Support the business in conducting risk assessments and defining mitigation strategies

Apply recognized methodologies such as EBIOS Risk Manager (or Agile Rm) where relevant

Vendor & solution Security:

Contribute to the selection of vendors by evaluating security posture and compliance

Ensure third-party solutions meet internal security requirements

Governance, risk & compliance (GRC):

Support Theciso Ingrc activities, including:

Reviewing and updating security policies

Designing and refining procedures and processes (e.g., SDLC frameworks)

Contribute to compliance initiatives, particularly:

ISO 27001

NIS2 directive readiness

Security projects:

Support and contribute to the implementation of key security initiatives such as:

IAM (Identity & Access Management)

PAM (Privileged Access Management)

Other transversal security programs

Incident & crisis management:

Actively support the organization during security incidents or crises

Collaborate with cross-functional teams to contain, remediate, and resolve incidents

Profile & skills

Technical expertise:

Strong understanding of IT environments

Infrastructure & networks (including network segmentation)

Cloud environments (Azure, AWS, or GCP)

Proven experience embedding security into projects (SDLC / Secure SDLC)

Solid knowledge of: ISO 27001

Security governance and risk frameworks

Familiarity with: EBIOS Rm / Agile Rm (considered a strong plus)

Functional skills:

Ability to bridge the gap between technical teams and business stakeholders

Experience in risk assessment, requirements definition, and RFP processes

Strong analytical mindset with a pragmatic approach to problem-solving

Languages:

Fluent in English

French/Dutch is a strong asset