[Interim] Chief Information Security Officer (CISO)

Job description

This interim Chief Information Security Officer (CISO) role sits within the Security Office (part of the CIO Office) and owns the information security agenda end-to-end: policy, risk, compliance, and awareness.

You advise the board, steer security implementation across IT and OT environments, and ensure the organisation meets its legal and regulatory obligations. This is a senior, autonomous role with direct board-level exposure and a mandate to shape how security is managed across a complex, operationally critical environment.

Responsibilities

• Draft and maintain the organisation's information security policy framework
• Develop an Information Security Plan with a corresponding implementation roadmap
• Advise the board and senior management on security, privacy, and compliance
• Map and assess security risks across both IT and OT environments, and propose mitigating measures to safeguard business continuity
• Report on progress of the Cyber Security programme and observed risks
• Drive security awareness across the organisation
• Manage external suppliers to ensure they meet defined security requirements

Job Requirements

• HBO or WO degree with a specialisation in Information (Security) Technology or Cyber Security
• Minimum 5 years of experience in information security or cyber security
• Active certification in information security management: CISO, CISM, or CISSP
• Strong knowledge of relevant standards and frameworks: ISO 27001/27002/27017, IEC 62443-series, ISAE 3402, and BIO
• Experience with EDP audits and conducting internal compliance audits
• Broad technical knowledge of IT applications, infrastructure, networks, and security — with specific depth in Microsoft and Cloud architecture
• Working knowledge of Operational Technology (OT)
• Familiarity with vulnerability types, attack techniques, and security concepts
• Experience managing vendors against security requirements
• Full-time availability for the contract period, with flexibility on working hours
• Fluency in Dutch (required)

The following are a plus:

• Experience with project management methodologies such as PRINCE2 or Agile Scrum

Why This Role

Public transport infrastructure is operationally critical — the stakes for getting security right are real and tangible. You'll have direct access to the board, a genuine mandate across both IT and OT environments, and the scope to build lasting security foundations for an organisation that serves hundreds of thousands of people. If you work best with autonomy, clear purpose, and senior-level visibility, this is the role.