Information Security Specialist

What you will do

To further strengthen our Security Office, imec is looking for an Information Security Specialist who will help ensure compliance with regulatory and contractual security obligations, reinforce our risk‑aware culture, and safeguard imec’s critical information assets.

You will contribute to the governance, risk management, compliance, and incident response activities of the Security Office.

GOVERNANCE

You help translate our security strategy into clear, actionable practices across imec.

• Contribute to the implementation of imec’s information security strategy and roadmap.
• Develop, maintain, and communicate domain‑specific policies, standards, processes, and procedures.
• Act as a liaison between the Security Office and imec’s business units on information security matters.
• Support business and IT stakeholders in drafting risk mitigation plans and follow‑up on their execution.
• Align with relevant imec departments on security requirements for critical information assets.
• Provide input for regular reporting, KPIs, and management dashboards.

RISK MANAGEMENT

You identify and assess risks and ensure appropriate controls are in place.

• Perform information security risk assessments across applications, technologies, and business processes.
• Identify, analyse, and evaluate risks and translate findings into clear, actionable recommendations.
• Assess new technologies introduced into the environment and determine required security controls.
• Prepare risk reports, define mitigating measures, and track closure of risk actions.
• Coordinate the exception management process, including documentation, approvals, and follow‑up.
• Stay current with emerging threats, best practices, and relevant security legislation.
• Lead the third‑party security assessment process, including onboarding reviews and periodic reassessments.
• Review vendor security documentation (SOC reports, ISO certificates, questionnaires, etc.).
• Collaborate with Procurement and Legal to ensure appropriate security clauses in supplier and partner agreements.

COMPLIANCE

You ensure imec meets the requirements of relevant security standards and regulations.

• Support imec’s compliance with ISO 27001, NIS2, TISAX, CyFun, NIST, and other applicable frameworks.
• Assist in mapping and maintaining controls across frameworks and keeping documentation up to date.
• Support internal and external audits, including preparations, evidence collection, and follow‑up of findings.
• Monitor adherence to security policies and standards across imec.

INCIDENT RESPONSE

You help improve imec’s resilience through effective incident management.

• Coordinate information security incident response activities.
• Prepare incident summaries and post‑incident reports for management stakeholders.
• Drive structural improvement actions and track lessons learned until closure.

What we do for you

We offer you the opportunity to join one of the world’s premier research centers in nanotechnology at its headquarters in Leuven, Belgium. With your talent, passion and expertise, you’ll become part of a team that makes the impossible possible. Together, we shape the technology that will determine the society of tomorrow.

We are committed to being an inclusive employer and proud of our open, multicultural, and informal working environment with ample possibilities to take initiative and show responsibility. We commit to supporting and guiding you in this process; not only with words but also with tangible actions. Through imec.academy, 'our corporate university', we actively invest in your development to further your technical and personal growth. 

We are aware that your valuable contribution makes imec a top player in its field. Your energy and commitment are therefore appreciated by means of a market appropriate salary with many fringe benefits. 

Who you are

Experience & knowledge

• At least 3 years of experience in information security management or consulting.
• Strong knowledge of international standards and frameworks (ISO 27000 series, TISAX, CyFun, NIST).
• Good understanding of security processes, technologies, and architectures.
• Ability to translate technical risks and requirements into clear business language.
• Knowledge of product security and understanding of the EU Cyber Resilience Act (CRA) is a strong asset.

Skills & mindset

• Excellent communication skills with technical and non‑technical audiences.
• Strong critical thinking and analytical skills.
• Demonstrated ability to identify risks in business processes, operations, and technology projects.
• Detail‑oriented and organized, able to work independently and in cross‑functional teams.
• Proactive, hands‑on, and solution‑oriented mindset.
• Ability to act as a subject‑matter expert and explain complex topics clearly.

IMEC and its affiliates will not accept unsolicited resumes from any source other than directly from a candidate. IMEC will consider unsolicited referrals and/or resumes submitted by vendors such as search firms, staffing agencies, professional recruiters, fee-based referral services and recruiting agencies (hereafter “Agency”) to have been referred by the Agency free of charge. IMEC will not pay a fee to any Agency that does not have a prior written agreement with IMEC, validated by its HR department, in place regarding a specific job opening and allowing to submit resumes.