Senior Security Consultant

De Watergroep's ICT landscape consists of a combination of on premise solutions and cloud solutions. Besides a number of business packages, the main technologies present are Windows, MS SQL and Azure

For the implementation of the NIS directive and the associated planned implementation of ISO 27001 within the industrial domain, De Watergroep is looking for a senior security consultant with the following duties:
- analysing, optimising and documenting security procedures
- making functional and technical analyses for improvement projects within The Water Group
- assisting with security incidents
- following up security tickets
- performing and improving/automating daily, weekly and monthly security checks
- helping to develop and roll out new security controls
- evaluating the security of De Watergroep's main suppliers
- maintaining an operational risk register
- assisting in maintenance of the intranet page

De Watergroep is the largest drinking water company in Flanders. We supply drinking water to over 3 million customers in 180 Flemish municipalities. As an integrated water company, we also operate as a sewerage manager and realise (at home and abroad) customised industrial water projects for companies.
You will join the ICT department and will report to the head of the ICT department.

- Higher education (Master or Bachelor) with business or technical/engineering background or equivalent through experience.
- Demonstrated security expertise with advising at strategic level. E.g. for supporting the CISO of the Flemish Government, and leading officials or other policymakers with security oversight.
- Demonstrable expertise in specific knowledge domain of information security (e.g. optimisation of information security governance, working out and implementing a cybersecurity plan of approach, defining the risk appetite in consultation with the Flemish Government and working out cost-effective means to meet it).
- Proven experience in analysing, optimising and documenting security processes and governance, in particular those of the Flemish Government (after an induction period)
- Demonstrable experience in both functional and technical environments in which the projects are situated.
- At least 8 years of relevant experience
- Knowledge and experience via certificates depending on domain of expertise (e.g. CISM, CISSP, CEH).
- Ability to establish new and optimise existing business processes through knowledge of the security application domain, security strategies and goals of the customer
- Trusted advisor with strong communication skills, highly customer-oriented
- Develop and follow up vision, organisation - business strategy and roadmap, within the indentified business objectives
- Excellent knowledge of security management techniques and or frameworks (e.g.: ISO27000 series, COBIT for Security, NIST, OWASP, CIS Critical Security Controls for Effective Cyber Defense)
- Able to transfer expert knowledge in this area
- Knowledge of specific security tooling for e.g. vulnerability analysis, pen testing, PAM (e.g. CyberArk), Encryption (e.g. Voltage).
- Knowledge of MS office such as PowerPoint and Excel