CISO as a service
About the role
Security posture changes every day, but most organisations measure it once a year. Cyfora builds the SaaS security platform that extends that into an ongoing picture: continuous cybersecurity assurance, so an organisation knows where it stands every single day.
Many of our customers need security leadership but don't have a CISO of their own. That's where you come in. As our CISO as a Service, you become their security leader: setting the strategy, driving the roadmap, and reporting to their management as if you were part of their team.
You won't be doing this with slides alone. Our platform gives you a live view of each customer's posture, so your advice is grounded in what's actually happening, not in last year's audit. You'll also feed what you see in the field straight back into our product.
What you'll do
Act as the CISO for a portfolio of customers. Own their security strategy, roadmap, and risk posture as if it were your own.
Run risk assessments and translate the findings into a pragmatic, prioritised plan the customer can actually execute.
Guide customers through the frameworks that matter to them: ISO 27001, NIS2, DORA, TISAX.
Report to customer management and boards. Make security posture understandable and decisions easy.
Help customers prepare for incidents, and stand beside them when the bad day comes.
Use the Cyfora platform daily, and shape it: your field experience drives what we build next.
What we're looking for
Proven experience leading security programmes, as CISO, vCISO, security consultant, or security lead.
Comfortable switching context between customers of different sizes, sectors, and maturity levels.
Deep, practical knowledge of security governance, risk, and compliance, paired with enough technical depth to challenge an architecture diagram, not just review a policy.
Hands-on experience with frameworks such as ISO 27001 and NIS2, and the judgement to know what adds real security versus what's just paperwork.
A risk-based, pragmatic mindset. You help customers move forward safely, rather than saying no.
A trusted-advisor personality: you build relationships, listen first, and tell customers what they need to hear.
Clear communicator in Dutch and English, from technical deep-dives to boardroom summaries.
Nice to have
Certifications such as CISSP, CISM, or ISO 27001 Lead Implementer.
Experience in regulated sectors (finance, healthcare, critical infrastructure).
An informed opinion on securing AI and LLM-based systems.
What we offer
Real ownership and visible impact. You are the security leader for your customers, and they'll notice the difference you make.
Variety: multiple environments, one team, and a platform that does the heavy lifting.
A direct say in how our services and product evolve. What you learn at customers shapes what we build.
A competitive salary plus the usual Belgian package: meal vouchers, hospitalisation and group insurance, company car, and 32+ days of leave (20 statutory + ADV).
Hybrid working. Onsite with customers, office, and home office.
Interested?
Send your CV to jobs@cyfora.be.