Chief Information Security Officer

The Company

Our client is a world leader in their specialities. They create trust in their customers' products, services, processes, (management) systems and employees. They do so in a wide variety of markets segments, ranging from construction and energy supply to drinking water, healthcare, food, feed & farming. Areas of expertise include management systems, corporate social responsibility and lab testing, among many others. They have clients in manufacturing and process industries, (business) services, public and private utilities, governments and international institutions. They employ over 5,500 people in more than 100 offices in over 40 countries across the world, mainly in Europe, Asia and Latin America.

Chief Information Security Officer – The Role

Role overview

The CISO defines and maintains the corporate information security policy and organizes and directs the information security of the international organization according to the needs and risk appetite of the organization.

The CISO defines and maintains the information security policy, based on a risk management approach and taking into account the information security threat picture, trends and organizational needs. Set up the international information security organization, determine the necessary resources and their use on concrete security measures. Initiates and coordinates the implementation of information security for the entire organization and supervises it. Ensures an appropriate level of information security and information security behavior in the organization, based on the needs and risk appetite of the organization. Considered by internal and external stakeholders to be the expert in the field of information security.

The CISO is responsible for:

• Drawing up, adjusting, renewing and revising information security policies and the resulting plans;
• Setting up and maintaining the international information security organization;
• Coordinating and advising on handling security incidents;
• Alignment of information security with the different countries and business units;
• Ensuring compliance with information security requirements;
• Promoting information security awareness across the organization;
• Advising and supervising information risk analyses;
• Performing information security assessments and internal audits.

The CISO realizes:

• Information security project portfolio;
• Organization-wide information security activities and projects;
• Monitoring the relevant risks to the organization;
• Monitoring compliance with policies and laws and regulations;
• Coordinated response to serious information security or ICT incidents;
• Organization-wide guidelines, standards, methods and techniques for information security.

Key tasks and factors of success

• Defines the information security policy for the whole organization;
• Organizes information security and the necessary expertise;
• Ensures coordination between information security and other security domains, including privacy protection, physical security and continuity management;
• Set up and maintain an information security-calamity organization;
• Coordinates response to serious information security or ICT incidents;
• Provides a project portfolio for information security;
• Initiates and coordinates organization-wide information security activities and projects;
• Provides organization-wide guidelines, standards, methods and techniques for information security;
• Monitors and safeguards the quality of information risk analyses, security designs and solutions;
• Monitors and safeguards compliance with information security requirements and architecture and consistently applies Security-by-Design and Privacy-by-Design;
• Monitors and safeguards information security awareness within the organization
• Monitors the relevant risks to the organization;
• Ensures that the organization is sufficiently prepared for future information security risks and ICT security risks;
• Monitors and safeguards the quality of information security assessments;
• Monitors the compliance of the organization with information security policy and laws and regulations based on assessments, tests, reviews and audits; 
• Informs management about the status of information security and incidents and presents improvement proposals.

Profile Chief Information Security Officer

The CISO is a professional (m/f) who has the following characteristics:

• Academic work and thinking level;
• At least 5 years of work experience in the field of information security;
• Relevant training as well as technical knowledge in the field of information security, demonstrable by certifications such as CISM, CISA, CISSP or SANS.
• Experience in working in constantly changing international organizations;
• Experience in positioning an international decentralized security organization;
• Knowledge of technology in general and able to understand it in depth where necessary;
• Knowledge of risk management for information security;
• Experience in applying and policy development based on ISO 27001/27002 or standards frameworks based on them such as BIR/BIO/BIHO;
• Experience in managing the organization's broad security awareness activities;
• Experience with incident management (CERT);
• Knowledge of the relevant legal frameworks and their impact on information security;
• Experience with SOC/SIEM services, preferably based on Microsoft technology;
• Experience with the use of services from market parties;
• You have an excellent command of both the Dutch and English languages (oral and written).

Skills Chief Information Security Officer

• Excellent communication and presentation skills;
• Policy development and administration skills;
• Collaboration expertise;
• Supervisory and incident management skills;
• Knowledge of regulation and standards compliance.

Details