For people who are experienced in InfoSec and have a special love for tech, this may be your next career step. This company we are providing with an Information Security officer, responsible for policy & implementation is working a lot with development, e-commerce and IoT.
This is a challenging role within a scale-up like environment beholding 100+ people of which half are techies. They are part of a global company. The spirit and way of working is young, dynamic and agile. They are working on exciting projects (Data, eCommerce and IoT), either mature or in a starting phase. This role is crucial for growing their capabilities in this digital world.
Your main responsibility is to identify, assess and manage the information security risks that our customer faces and to implement policies for information security with the right balance between minimal risk and optimal business value. So we expect you to be business savvy enough to act on strategic and tactical level, but also hands-on enough to support the DevOps and development implementations.
You are the only Information Security Officer within our customer, so you will be involved in all major EPICS/User stories and ongoing activities addressing information security aspects. In addition, you are part of the global Information Security team. Next to that you will be working closely with their CTO, their Compliance Officer and their local security champions within the development teams. You report hierarchically to the CFO. All in all a challenging role that will give you the opportunity to cover and develop a very broad range of your security skills.
Job duties and responsibilities
- Identify, assess and manage the IT risks that customer faces
- Implement, maintain and monitor a practical and useable information security management system and security strategy aligned with minimum customers standards, SISP (Security Framework) and Customers Business (Risk) Support Framework (EBSF)
- Increase awareness among the employees regarding security, risk and compliance
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies
- Write (or adapt from customers corporate standards) and implement security-related policies, standards and procedures and focus on continues improvement
- Translate security needs of the business into technical and operational measures
- Monitor and report about suppliers’ and own critical security KPIs
- Ensure that the technical environment is operating under security, compliance and risk structure
- Keep abreast of security incidents and act as primary control point during significant information security incidents/breaches, and coordinate responses towards stakeholders.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk
- Provide advice to the business and IT with regards legislation and internal and external regulations
- Coordinate all information technology and security, governance, risk and compliance related audits (internal and for external suppliers). Provide guidance, evaluation and advocacy on audit responses. Provide prospective customer information security questionnaire responses for the businesses
- Work with customers Digital’s management and Compliance Officer to build and implement cohesive security, governance, risk and compliance programs for ERIKS to effectively address local laws and regulatory requirements
- Examine impacts of new technologies and suppliers on the overall information security. Establish processes to review implementation of new technologies to ensure security compliance
We are looking for someone with:
- University degree level of education
- Wide coverage of information technology knowledge. Preferably in a Digital native environment and preferably experience in the work field of development of Webshops, Data, Gateways and IOT
- Proven knowledge of, and experience with information security (e.g. CISSP, CISM, CISA, ISO-27001, ISO-30000, CSSLP, or equivalent certification) and implementing IT controls (e.g. COBIT, SOX)
- Ability to fulfill an expert role and be the source of security information for the organisation
- Experience with implementing IT controls to ensure compliance to EU privacy legislation
- Minimum of 2 years of experience in a similar job
- Strong personal leadership skills to be able to lead by influence (not hierarchy)
- Proactive and power of persuasion
- Creative approach to problem-solving with the ability to focus on details, whilst maintaining the “big picture” view
- Experience in interacting with both business and IT individuals at all levels
- Flexible and adaptable to changing priorities
- Excellent communication skills at all levels, including written and spoken English
What does the customer offer:
- A driver seat in a fast growing organisation where security is an important topic
- Chance to really build something and shape our security vision and operations
- A broad role, possibility to work in all aspects of Information Security
- Tech environment, smart and fun colleagues to work with
- A good salary, pension scheme, 30 paid holidays and more
- A good (and healthy if you choose) lunch, cool office near Amstel station
- We want you to grow and develop, online learning platforms, training possibilities ao
|Uren per week||40|