The Chief Information Security Officer (CISO) is responsible for developing and overseeing the organization’s information security strategy to protect information assets, ensuring compliance with regulatory standards, and managing risk.
As a direct report to the Managing Partner, the CISO is a permanent member of the Management Committee.
This role involves leading the development, implementation, and maintenance of the information security strategy in alignment with ISO 27001 standards, ensuring that the Information Security Management System (ISMS) protects data integrity, confidentiality, and availability. The CISO will work closely with executive management to balance business objectives with security needs and ensure continuous alignment with ISO 27001 certification requirements.
The CISO collaborate with internal security operations, manage major incident response plans, and drive a culture of security awareness across the organization. This role requires deep expertise in risk management, compliance, and technical/organizational security measures.
The position also involves working with DPO, the Compliance & Risk Management function and Group security functions. In the Group security organization, the CISO reports to the CISO Europe DGDI and is the Entity CISO of Excellium Services Luxembourg and TCS Belgium.

Furthermore, the CISO:
• Is responsible for maintaining the ISMS;
• Is responsible for maintaining the ISO 27001 certification and compliance with PCI-DSS requirements;
• responsible for identifying, evaluating and reporting on information security risks in order to meet and align with compliance and regulatory requirements;
• Proactively work with business units to implement practices that meet defined policies and standards for information security;
• Playing the key role as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization’s information security policies.

Tasks and Responsibilities:
• Strategic Leadership
o Develop and manage an overarching information security strategy that supports the organization’s objectives while maintaining ISO 27001 compliance.
o Establish security policies, standards, and practices that reflect ISO 27001 standards and align with organizational goals.
o Collaborate with executive leaders and the board to communicate cybersecurity risks and align security efforts with strategic business goals.
o Drive the security awareness program and training initiatives across all levels to create a culture of security.
o Organize and lead Information Security Committees
o Ensure compliance with the changing laws and applicable regulations;
o Constantly update the information security strategy to leverage new technology and threat information;
o Communicate best practices and risks to all parts of the business.
o Schedule periodic security audits;
• ISO 27001 Compliance and Risk Management:
o Ensure that the ISMS is regularly reviewed, updated, and audited to maintain ISO 27001 certification.
o Conduct risk assessments and manage risk treatment plans in compliance with ISO 27001 standards, documenting identified risks, mitigations, and actions.
o Lead annual ISO 27001 audits, coordinate internal and external audits, and ensure continuous improvement of security controls to address emerging threats.
o Oversee and manage information security documentation, including policies, procedures, and evidence of compliance for audits.

• Security Operations, As the First Customer of Excellium Security Services:
o Collaborate with teams in security operations to monitor, identify, and respond to threats, ensuring an integrated approach to threat intelligence, vulnerability management, and incident response.
o Collaborate with teams in implementing robust technical controls (e.g., firewalls, SIEM, IDS/IPS) and ensure they comply with ISO 27001 requirements for protecting information assets.
o Collaborate with teams in developing and maintaining incident response protocols, including regular simulations and post-incident reviews, in alignment with the ISMS framework.
• Governance and Reporting:
o Establish security policies, processes and procedures that reflect ISO 27001 standards and align with organizational goals.
o Make sure that information security policies, processes and procedures are communicated to all personnel;
o Develop and maintain KPIs and other security metrics to measure effectiveness, report regularly to executive management, and ensure compliance with ISO 27001 performance requirements.
o Establish and maintain relationships with external auditors, regulators, and third-parties to ensure continued ISO 27001 alignment and address emerging risks and compliance requirements.

• Resilience:
o Ensure that disaster recovery and business continuity plans are in place and tested;
o Lead and organize resilience tests (BCP, DRP, Crisis Plan)
Skills

• Technical Expertise:
o Extensive knowledge of ISO 27001 standards, risk assessment methodologies, and security frameworks.
o Knowledge of PCI-DSS framework
o knowledge of security standards and frameworks (NIST, SANS CIS, etc.)
o Experience in managing ISMS documentation, control implementation, and remediation efforts.
o In-depth knowledge of IT security practices, including identity and access management, vulnerability management, network and operating system security, and application security
• Leadership and Communication:
o Strong leadership skills with the ability to guide cross-functional teams and communicate the value of security investments to executives and non-technical stakeholders.
o Proven ability to drive cultural change, promote security awareness, and instill a commitment to cybersecurity best practices across the organization.
o Experience in handling high-pressure situations, with clear decision-making and a proactive approach to risk management.
• Analytical and Strategic Thinking:
o Proficient in identifying, analyzing, and mitigating security risks while aligning with ISO 27001 and industry best practices.
o Strong data-driven decision-making skills, using metrics and reporting to drive continuous security improvement and compliance.
• Regulatory and Compliance Knowledge:
o Extensive knowledge of ISO 27001 standards, including Annex A controls, and experience with ongoing audit preparation, risk assessment, and compliance maintenance.
o Extensive knowledge of the CSSF regulation (Luxembourg)
o Familiarity with other regulatory frameworks (e.g., GDPR, DORA, NIS2)

If you are passionate about IT Security, if you are curious and on the lookout for the latest news, security flaws and technological advances, then apply!

Application can be submitted in English or French at recruitment@excellium-services.com