Product Owner – Cybersecurity Testing & Exposure Management

Our client, a leading public sector organization focused on digital transformation, is seeking a Product Owner to lead their cybersecurity testing and exposure management services. The role involves defining the product vision, managing security testing roadmaps, and overseeing the delivery of high-quality vulnerability assessments through internal and external teams.

• Translate stakeholder requirements into a clear product vision, backlog, and roadmap for cybersecurity testing services.
• Coordinate and execute penetration tests on applications, APIs, and infrastructure in collaboration with external partners.
• Oversee ethical hacking initiatives, including vulnerability disclosure and bug bounty programs.
• Manage exposure management solutions such as vulnerability scanners and Attack Surface Management (ASM) tools.
• Review and validate technical security reports to ensure findings are accurate, reproducible, and include actionable remediation advice.
• Lead sourcing trajectories including RFI/RFP processes, vendor selection, and SLA definition.
• Monitor service performance through KPI tracking and drive continuous improvement of security testing methodologies.

• 5+ years of experience as a Product Owner or in a similar leadership role managing digital products.
• 5+ years of experience as a Security Consultant specializing in data, infrastructure, or applications.
• 5+ years of experience with exposure management solutions, including vulnerability scanners and Attack Surface Management (ASM).
• 5+ years of experience coordinating or performing penetration testing.
• You possess proven expertise in information security and the documentation of security processes and governance.
• You're able to provide a signed NDA as part of the application process.
• You are fluent in Dutch at a C2 level.

Nice to Haves

• 3+ years of experience managing RFI/RFP processes and vendor selection.
• 5+ years of experience with security frameworks such as ISO 27000, NIST, OWASP, COBIT, or CIS.
• 3+ years of experience in service governance, including SLA/KPI definition and service reviews.
• Knowledge of penetration testing standards such as OSSTMM and PTES.
• Professional certifications such as CISM, CISSP, or CEH.

• Start date: 11/05/2026.
• Duration: Until 15/07/2027.
• Work regime: Full-time.
• Location: Brussels.
• Working model: Hybrid.
• Contract: open to both permanent employees and freelancers.