Job Specifications
What you will do
To further strengthen our Security Office, imec is looking for an Information Security Specialist who will help ensure compliance with regulatory and contractual security obligations, reinforce our risk‑aware culture, and safeguard imec’s critical information assets.
You will contribute to the governance, risk management, compliance, and incident response activities of the Security Office.
GOVERNANCE
You help translate our security strategy into clear, actionable practices across imec.
Contribute to the implementation of imec’s information security strategy and roadmap.
Develop, maintain, and communicate domain‑specific policies, standards, processes, and procedures.
Act as a liaison between the Security Office and imec’s business units on information security matters.
Support business and IT stakeholders in drafting risk mitigation plans and follow‑up on their execution.
Align with relevant imec departments on security requirements for critical information assets.
Provide input for regular reporting, KPIs, and management dashboards.
RISK MANAGEMENT
You identify and assess risks and ensure appropriate controls are in place.
Perform information security risk assessments across applications, technologies, and business processes.
Identify, analyse, and evaluate risks and translate findings into clear, actionable recommendations.
Assess new technologies introduced into the environment and determine required security controls.
Prepare risk reports, define mitigating measures, and track closure of risk actions.
Coordinate the exception management process, including documentation, approvals, and follow‑up.
Stay current with emerging threats, best practices, and relevant security legislation.
Lead the third‑party security assessment process, including onboarding reviews and periodic reassessments.
Review vendor security documentation (SOC reports, ISO certificates, questionnaires, etc.).
Collaborate with Procurement and Legal to ensure appropriate security clauses in supplier and partner agreements.
COMPLIANCE
You ensure imec meets the requirements of relevant security standards and regulations.
Support imec’s compliance with ISO 27001, NIS2, TISAX, CyFun, NIST, and other applicable frameworks.
Assist in mapping and maintaining controls across frameworks and keeping documentation up to date.
Support internal and external audits, including preparations, evidence collection, and follow‑up of findings.
Monitor adherence to security policies and standards across imec.
INCIDENT RESPONSE
You help improve imec’s resilience through effective incident management.
Coordinate information security incident response activities.
Prepare incident summaries and post‑incident reports for management stakeholders.
Drive structural improvement actions and track lessons learned until closure.
What we do for you
We offer you the opportunity to join one of the world’s premier research centers in nanotechnology at its headquarters in Leuven, Belgium. With your talent, passion and expertise, you’ll become part of a team that makes the impossible possible. Together, we shape the technology that will determine the society of tomorrow.
We are committed to being an inclusive employer and proud of our open, multicultural, and informal working environment with ample possibilities to take initiative and show responsibility. We commit to supporting and guiding you in this process; not only with words but also with tangible actions. Through imec.academy, 'our corporate university', we actively invest in your development to further your technical and personal growth.
We are aware that your valuable contribution makes imec a top player in its field. Your energy and commitment are therefore appreciated by means of a market appropriate salary with many fringe benefits.
Who you are
Experience & knowledge
At least 3 years of experience in information security management or consulting.
Strong knowledge of international standards and frameworks (ISO 27000 series, TISAX, CyFun, NIST).
Good understanding of security processes, technologies, and architectures.
Ability to translate technical risks and requirements into clear business language.
Knowledge of product security and understanding of the EU Cyber Resilience Act (CRA) is a strong asset.
Skills & mindset
Excellent communication skills with technical and non‑technical audiences.
Strong critical thinking and analytical skills.
Demonstrated ability to identify risks in business processes, operations, and technology projects.
Detail‑oriented and organized, able to work independently and in cross‑functional teams.
Proactive, hands‑on, and solution‑oriented mindset.
Ability to act as a subject‑matter expert and explain complex topics clearly.
About the Company
At imec, we shape the future by enabling nano- and digital technology innovation that enhances quality of life--together with partners from the industry, government, and academia. Our R&D is built on three core pillars:
- a unique 2.5-billion-euro 300mm semiconductor pilot line
- over 6,000 colleagues from around the world
- an ecosystem of 600+ world-leading industry partners and a global academic network
Since 1984, imec quickly made its name as the leading research hub for advanced CMOS scaling and continues to set the ...
Know more