Job Description
Description
Chief Information Security Officer (CISO)
Contract | Hybrid (Rotterdam) | 5-month contract, with option to extend up to 2 years | Start: ASAP
Our client is one of the Netherlands’ most established public transport operators, with nearly 150 years of history connecting a major Dutch city and its surrounding region. The organisation is undergoing active development across its IT and operational technology landscape — and is looking for a CISO to lead its information security function during a critical phase of that journey.
Sitting within the Security Office (part of the CIO Office), you own the information security agenda end-to-end: policy, risk, compliance, and awareness. You advise the board, steer security implementation across IT and OT environments, and ensure the organisation meets its legal and regulatory obligations. This is a senior, autonomous role with direct board-level exposure and real mandate to shape how security is managed across a complex, operationally critical environment.
About Riverflex
Riverflex was founded in Amsterdam and London in 2018, eventually growing into a global team of consultants united by a mission to help courageous leaders drive transformative change. Today, we offer an integrated service through three service pillars: strategy and transformation consulting that Creates Change, talent services that Build Teams, and business-accelerating products that Augment Intelligence. For more information, visit www.riverflex.com.
Responsibilities
Draft and maintain the organisation’s information security policy framework
Develop an Information Security Plan with a corresponding implementation roadmap
Advise the board and senior management on security, privacy, and compliance
Map and assess security risks across both IT and OT environments, and propose mitigating measures to safeguard business continuity
Report on progress of the Cyber Security programme and observed risks
Drive security awareness across the organisation
Manage external suppliers to ensure they meet defined security requirements
Job Requirements
HBO or WO degree with a specialisation in Information (Security) Technology or Cyber Security
Minimum 5 years of experience in information security or cyber security
Active certification in information security management: CISO, CISM, or CISSP
Strong knowledge of relevant standards and frameworks: ISO 27001/27002/27017, IEC 62443-series, ISAE 3402, and BIO
Experience with EDP audits and conducting internal compliance audits
Broad technical knowledge of IT applications, infrastructure, networks, and security — with specific depth in Microsoft and Cloud architecture
Working knowledge of Operational Technology (OT)
Familiarity with vulnerability types, attack techniques, and security concepts
Experience managing vendors against security requirements
Full-time availability for the contract period, with flexibility on working hours
Fluency in Dutch (required)
The following are a plus:
- Experience with project management methodologies such as PRINCE2 or Agile Scrum
Why This Role
Public transport infrastructure is operationally critical — the stakes for getting security right are real and tangible. You’ll have direct access to the board, a genuine mandate across both IT and OT environments, and the scope to build lasting security foundations for an organisation that serves hundreds of thousands of people. If you work best with autonomy, clear purpose, and senior-level visibility, this is the role.
Apply Now
Interested in this role? Submit your CV and a brief note on your relevant experience through the Riverflex website or reach out to our talent team directly.
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital status, medical condition, or disability. Even if you believe you do not tick all the aforementioned requirements for the role, we still encourage you to take the time to apply.
