Senior Technical Information Security Officer

Function description

This company is looking for an experienced Senior Technical Information Security Officer to support the technical design, implementation, operations and ongoing management of information security operations of the Information Security program as operated from the company head quarters. The role will report directly to the CISO and will have business interactions with key external vendors and suppliers and the business as required to effectively operate and support the information security program.

 

Key Responsibilities

1. Information Security Operations

  • Assist the CISO with Global and head office level information security projects
  • Manage and operate technical security operations of the Group level infrastructure and global IT landscape
  • Supporting the operations provided by the managed security services provider (outsourced)
  • Manage the security training and awareness program
  • Manage and support the Security Incident Response process
  • Manage vulnerability scanning and pen testing activities
  • Create information security status and performance reporting

2. Information Security Architecture and Program Design

  • Support the CISO with the development and implementation of formation security policies procedures and guidelines
  • Assist in reviewing/redesigning internal processes and systems to ensure information confidentiality, integrity and availability
  • Assist with developing, documenting and implementing an ISMS based on ISO 27001 and the ISF standards of good practice

3. Information Security Risk

  • Conduct information security risk assessments and maintain the information security risk and non-conformance registers ensuring that actions are completed by agreed target dates
  • Facilitate due diligence security assessments on potential and existing third party suppliers
  • Identify and implement security technologies and solutions in relation to identified business risk and in alignment with risk appetite
  • Manage Group level information security threats and vulnerabilities using the information security risk framework

4. Audit and Compliance

  • Conduct quarterly self-assessments to the information security controls framework based on ISF controls
  • Support the information security audit process
  • Assist the legal team with compliance efforts to ensure adherence to the Privacy Codes and GDPR

The candidate will coordination with other professionals and will be in close contact and relation with the following:  Internal

  • CISO
  • Enterprise Architect
  • Various business project managers
  • Other IT Competence Center Leads
  • Global IT Leadership Team
  • Group Information Security Officers
  • IT Operations

External

  • Consulting partners
  • Solution vendors
  • Implementation partners
  • Outsourcing partners

What the client requests

  • Academic level education preferably in Information Security, IT or Business Administration
  • Relevant professional qualifications (i.e.SSCP, CISSP, CISM, CRISC) are desirable but not essential
  • Approximately 5+years working experience in Information Security with experience in supporting roles in IT or IT Audit considered an asset
  • Comfortable to work with management level
  • Strong experience with the design, implementation, operation and support of information security related technologies  (i.e. firewalls, SIEM, endpoint protection, IAM, vulnerability scanning, etc.)
  • Hands on experience working with business enabled information security processes such as risk management, penetration testing, business continuity, awareness training, CSIRT, IT audit, data privacy, policy development, etc.
  • Strong experience with information security frameworks /standards  (ISF, ISO2700x, COBIT 4/5, NIST, CIS, etc.)
  • Track record of working in an international corporate environment with other disciplines  (Marketing, Sales, Customer Service, Operations, Finance, HR)
  • Experience with outsourced delivery, preferably including offshoring teams in India
  • Speaks and write fluently in English
  • Deciding and Initiating Action  (Making decisions; taking responsibility; acting with confidence; acting on own initiative; taking action; taking calculated risks)
  • Working with People  (understanding others; adapting to the team; building team spirit; recognizing and rewarding contributions; listening; consulting others; communicating proactively; showing tolerance and consideration; showing empathy; supporting others; caring for others; developing and communicating; self-knowledge and insight)
  • Relating and Networking  (building rapport; networking; relating across levels; managing conflict; using humor)
  • Writing and Reporting  (writing correctly; writing clearly and fluently; writing in an expressive and engaging Style; targeting communication)
  • Applying Expertise and Technology  (applying technical expertise; building technical expertise; sharing expertise; using technology resources; demonstrating physical and manual skills; demonstrating cross functional awareness; demonstrating spatial awareness)
  • Analyzing  (analyzing and evaluating information; testing assumptions and investigating; producing solutions; making judgements; demonstrating systems thinking)
  • Adapting and Responding to Change  (adapting; accepting new ideas; adapting interpersonal style; showing cross-cultural awareness; dealing with ambiguity)

Details

DienstverbandVast
Uren per week40 upw
RegioUtrecht
NiveauSenior
OpleidingsniveauWO