Own and maintain the Information Security Management System (ISMS) in line with ISO 27001 amongst other ISO standards.
Drive the implementation roadmap, perform gap analyses, create risk treatment plans, policy framework, and controls.
Prepare for and manage external certification and surveillance audits.
Conduct internal audits and track corrective actions to closure.
Identify process improvements and increase cybersecurity awareness.
Maintain the information security risk register and ensure risks are assessed, accepted, or treated.
Monitor compliance with internal policies and applicable regulations (NIS2, GDPR from an IT security angle).
Provide security input to new IT projects, system implementations, and vendor assessments.
Manage vulnerability assessments, patch compliance tracking, and penetration testing cycles.
Own the incident response process for security events — detection, containment, reporting, post-incident review.
Oversee access management principles and periodically review user rights.
Coordinate security awareness training and phishing exercises across the organisation.
Report on security posture and KPIs to IT management and where relevant to senior leadership.
Act as the point of contact for information security questions from internal stakeholders, clients, and auditors.
Requirements
Bachelor's degree in IT security, cybersecurity, computer science, or a related field from a university of applied sciences (HBO).
3 to 5 years of hands-on experience in an information security or IT security role; this means not just advisory work, but actual implementation and operations.
Demonstrated experience running or contributing to an ISO 27001 programme (gap analysis, audits, controls, risk assessments).
Solid understanding of IT systems — networks, servers, endpoints, Active Directory, cloud services — at a level that lets you have a credible technical conversation.
ISO 27001 Lead Implementer or Lead Auditor certification is a strong plus; solid working knowledge of the standard is a must.
Familiarity with vulnerability management tooling, SIEM concepts, and endpoint security.
Fluent in English; Dutch is an advantage for day-to-day interaction with colleagues.
You are prepared to travel to Ardena sites on an occasional basis (approximately 5% of your time).
Tech Stack
Cloud
Cyber Security
Benefits
A role with real scope and visibility in a growing, international CDMO.
Attractive employment conditions.
Flexible working hours to support work–life balance.
A collaborative, international working environment with engaged and knowledgeable colleagues.
A challenging and impactful leadership role in a learning organisation that supports professional growth.
An open corporate culture with short communication lines.