WHO ARE WE?

VIB (Vlaams Instituut voor Biotechnologie) is an entrepreneurial non-profit research institute, with a clear focus on ground-breaking strategic basic research in life sciences and operates in close partnership with the five universities in Flanders.

The ICT department at VIB ensures that assets, technology, information, and data are managed securely and efficiently. Our focus includes:

• Defining and enforcing security policies and best practices for ICT systems, information, and data.
• Maintaining and improving the ICT infrastructure, including networks, hardware, and critical systems.
• Securing applications, managing information and data, and supporting software integration.

To strengthen our cybersecurity posture, VIB in Ghent is looking for an Information Security Officer to bridge the gap between information security and our academic research environment.

WHAT CAN WE OFFER YOU?

• An open-ended contract.
• Competitive salary based on experience and expertise.
• A strong salary package with multiple benefits (e.g. internet allowance, meal vouchers, smartphone, …).
• You will work within an innovative, challenging and international working environment in the large life-sciences network of VIB.
• We offer opportunities for personal development. Taking additional training and courses is certainly possible if relevant to the performance of the job.
• Our offices are located at VIB headquarters in Ghent. Possibility of homeworking (2 days/week), with balance between working from a remote location and from the office. We are flexible regarding work location and working hours.
• We are an organization that values diversity in backgrounds and in experiences. Diversity not only includes race and gender identity, but also nationality, age, disability status, sexual orientation, religion and many other parts of one’s identity. VIB is therefore looking for candidates who share a passion for science that generates an impact on society and care deeply about supporting each other’s growth.

WHAT’S THE ROLE ABOUT?

As Information Security Officer, you will play a central role in managing and strengthening VIB’s overall information security posture. You will ensure that risks are identified and addressed across the organization and lead efforts to build a resilient, secure digital environment that supports VIB’s research mission. In addition to managing general security governance, you will help VIB become and remain NIS2 compliant – translating complex requirements into practical, people-focused solutions. You’ll drive internal security efforts across VIB, working closely with operational teams, researchers, and support units to embed practical, risk-based security into daily activities. In collaboration with external partners, you’ll help shape and implement controls, guide maturity improvements, and ensure that policies are not just written – but understood, applied, and continuously improved. You will report to the ICT Director of VIB.

WHAT ARE YOUR RESPONSIBILITIES?

As an Information Security Officer, you will:

Project ownership and coordination

• Lead the implementation and follow-up of the NIS2 compliance program across VIB.
• Act as the key internal driver of VIB’s information security efforts, ensuring alignment with both operational and research realities.
• Serve as the central liaison with our external partner, translating their expertise into VIB’s unique academic-research and decentralized context.
• Coordinate cross-unit security efforts, assigning clear responsibilities and ensuring measurable progress.
• Support and coach local ICT teams and policy/process owners in executing and sustaining improvements.

Security governance and risk management

• Own and drive VIB’s overall information security governance, covering risk assessment, mitigation, documentation, and oversight.
• Perform and document risk analyses for new tools, platforms, research initiatives, and collaborations.
• Coordinate and lead incident response for high or critical impact incidents, including reporting to the Centre for Cybersecurity Belgium (CCB) when required.
• Maintain a practical and up-to-date register of information security risks and associated treatment plans.
• Ensure alignment with ISO/IEC 27001 best practices and NIS2 requirements — without requiring formal certification.
• Manage the yearly review cycle of security policies, processes, and compliance documentation.

Policy and process enablement

• Translate high-level security objectives and policies into concrete, accessible procedures tailored to VIB’s environment.
• Conduct asset mapping and security interviews with researchers and operational teams to understand real-world workflows.
• Ensure processes are usable and aligned with researcher and support team needs — not just regulatory demands.
• Maintain documentation that is fit for daily use, not just for audits.

Awareness and culture building

• Design and lead awareness and behavior change programs (e.g., phishing simulations, e-learning, infographics, onboarding materials).
• Foster a security-by-design culture in collaboration with ICT and research units, promoting early engagement in tool development and procurement.
• Actively engage with stakeholders across all levels to normalize security discussions as part of everyday work.