CISO Security Architect / OT Expert

29-05-2026

Brussels

Provide guidance and detailed insights into potential cyber-attacks and risks through a holistic view aligned with the enterprise architecture methodology, principles, guardrails, and standards, in order to help SNCB prevent and mitigate cyber and information security risks in the digital transformation of its mission-critical and commercial functions. Security architects play a critical role in protecting the organization’s digital assets by ensuring that security measures are integrated into the IT architecture.

 

MAIN ACTIVITIES

 

Key Responsibilities with particular emphasis on OT Expertise

 

Design and Development:

Develop and implement security policies, protocols, and procedures.

Design secure network solutions and architectures to protect against cyber threats, in line with enterprise architecture methodology, principles, guardrails, and standards.

Support other architects to ensure security controls are embedded in system designs and architecture.

 

Risk Assessment and Management:

Review architecture proposals and provide feedback on residual risks to project managers and lead architects.

Participate in architecture councils and autonomously decide whether or not to allow a project to pass the “gate” in the development lifecycle.

Conduct security risk assessments and oversee the execution of penetration tests to identify vulnerabilities.

Develop risk mitigation strategies and recommend appropriate security controls.

Monitor and evaluate emerging threats to adjust security strategies accordingly.

Report existing vulnerabilities to the GRC Risk Team for proper registration in the risk register and risk reporting to the SNCB Risk Office.

 

Compliance and Standards:

Understand and provide guidance for compliance with relevant security standards (e.g., ISO 27001, NIST).

Develop and enforce security policies and standards across the organization, reporting to the CISO Management.

Work with regulatory bodies to ensure understanding of and adherence to legal and compliance requirements.

 

Collaboration and Communication:

Collaborate with IT and business units to integrate security requirements into all aspects of IT projects.

Work with IT teams, compliance officers, risk management, and other stakeholders to ensure security objectives are met.

Communicate security requirements and recommendations to both technical and non-technical audiences: Communicate security risks and solutions to management and stakeholders.

Provide guidance and training to IT staff on security best practices and policies.

 

Incident Response:

Support the response to security incidents and breaches.

Conduct investigations and post-incident analysis.

Propose action plans for timely resolution of security issues and implementation of corrective measures.

 

Technology Evaluation:

Evaluate and recommend security products and technologies.

Stay up to date with emerging security technologies and industry trends.

Oversee the deployment and configuration of security systems and tools.

Evaluate and select security technologies and tools that meet the organization’s needs.

 

Threat Modeling:

Create and implement a threat modeling methodology to further improve the existing risk management process.

Perform threat modeling for new and existing solutions across the IT landscape.

Provide advice during the design phase of projects on security requirements.

 

CISO Capabilities, Services, and Process Mapping:

Support the CISO management team with the creation, implementation, and maintenance of CISO capabilities, services, and processes.

Help define and prioritize security initiatives and projects.

 

Conformity Criteria

Masters in Cybersecurity, Computer Science, Mathematics, Physics or Engineering

Minimum 10 years of experience in the Cybersecurity Domain of which minimum 3 in critical infrastructure or defense

Minimum of 3 years of experience in OT within complex hybrid environments (IT, OT, IoT, Cloud, ERP)

Proficiency C1 in English and Proficiency C1 in either French or Dutch.

Trained in either ISO27001 Lead Auditor, IEC62443 or NIS2 Cyber Fundamentals

Mandatory reference attached to the CV of previous employer in critical infrastructure or defense

Willingness to come work on-site when needed

 

Evaluation criteria

As Evidenced by CV the following:

Proven Track Record of developing and maintaining security processes, policies, and standards that align with business objectives and applicable regulatory frameworks, including European Union and Belgian laws, as well as ISO 27001, IEC 62443, and the NIST SP series.

Proven Track Record of Experience in designing and implementing security architecture across network, application, data (network, SAP, ICAM, Authentication and authorization protocols, PKI, XDR, SIEM, Monitoring, auditing, AI, Cloud)

Proven Track Record of Expertise in risk assessment and gap analysis

Proven Track Record in large-scale security projects or industry-specific implementations

Proven Track Record of Experience in excellent communication, synthesis, and simplification skills.

Proven Track Record of interacting with diverse stakeholders (technical teams, business units, executive management).

Proven Track Record of Experience in structured, critical, and solution-oriented mindset, capable of challenging and proposing improvements.

Proven Track Record of Autonomy, rigor, strong sense of priorities, and change management skills.

Contact

NameEmail *PhoneCVSubjectMessage Send this message also to myself Agreed with privacy and cookie policy

Submit