Chief Information Security Officer (CISO)

Contract Hybrid (Rotterdam) 5-month contract with option to extend up to 2 years Start: ASAP

Our client is one of the Netherlands most established public transport operators with nearly 150 years of history connecting a major Dutch city and its surrounding region. The organisation is undergoing active development across its IT and operational technology landscape and is looking for a CISO to lead its information security function during a critical phase of that journey.

Sitting within the Security Office (part of the CIO Office) you own the information security agenda end-to-end: policy risk compliance and awareness. You advise the board steer security implementation across IT and OT environments and ensure the organisation meets its legal and regulatory obligations. This is a senior autonomous role with direct board-level exposure and real mandate to shape how security is managed across a complex operationally critical environment.

About Riverflex

Riverflex was founded in Amsterdam and London in 2018 eventually growing into a global team of consultants united by a mission to help courageous leaders drive transformative change. Today we offer an integrated service through three service pillars: strategy and transformation consulting that Creates Change talent services that Build Teams and business-accelerating products that Augment Intelligence. For more information visit .

Responsibilities

• Draft and maintain the organisations information security policy framework

• Develop an Information Security Plan with a corresponding implementation roadmap

• Advise the board and senior management on security privacy and compliance

• Map and assess security risks across both IT and OT environments and propose mitigating measures to safeguard business continuity

• Report on progress of the Cyber Security programme and observed risks

• Drive security awareness across the organisation

• Manage external suppliers to ensure they meet defined security requirements

Job Requirements

• HBO or WO degree with a specialisation in Information (Security) Technology or Cyber Security

• Minimum 5 years of experience in information security or cyber security

• Active certification in information security management: CISO CISM or CISSP

• Strong knowledge of relevant standards and frameworks: ISO 27001/27002/27017 IEC 62443-series ISAE 3402 and BIO

• Experience with EDP audits and conducting internal compliance audits

• Broad technical knowledge of IT applications infrastructure networks and security with specific depth in Microsoft and Cloud architecture

• Working knowledge of Operational Technology (OT)

• Familiarity with vulnerability types attack techniques and security concepts

• Experience managing vendors against security requirements

• Full-time availability for the contract period with flexibility on working hours

• Fluency in Dutch (required)

The following are a plus:

• Experience with project management methodologies such as PRINCE2 or Agile Scrum

Why This Role

Public transport infrastructure is operationally critical the stakes for getting security right are real and tangible. Youll have direct access to the board a genuine mandate across both IT and OT environments and the scope to build lasting security foundations for an organisation that serves hundreds of thousands of people. If you work best with autonomy clear purpose and senior-level visibility this is the role.

Apply Now

Interested in this role Submit your CV and a brief note on your relevant experience through the Riverflex website or reach out to our talent team directly.

We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment hiring training promotion or other employment practices for reasons of race color religion gender sexual orientation national origin age marital status medical condition or disability. Even if you believe you do not tick all the aforementioned requirements for the role we still encourage you to take the time to apply.