In Luxembourg, like in many other countries, information security has become a central issue for private companies and public organizations. Today, information is the main asset of a company for its business and, at the same time, regulations are imposing more and more rules regarding its management. As a consequence, in Luxembourg, a clear need has emerged regarding the development of new learning trajectory fulfilling the requirements of the new job profile associated with a Chief Security Officer. This need was relayed by the national professional security association which asked for the development of a new education program targeting professional people engaged in a lifelong learning trajectory. The paper reports on the rigorous and scientific participatory approach for producing the adequate learning program meeting requirements elicited from the professional association members. The authors present the skills card that has been elaborated for capturing these requirements and the program, which has been built together with the University of Luxembourg for matching these requirements. This program proposes a holistic approach to information security management by including organization, human and technical security risks within the context of regulations and norms.