Information Security Officer
The key role as information security officer is to deliver specific high added value information security and implement ISO 27001 compliant information security policies, controls and processes.
Main responsibilities but not limited to:
Security Policy Monitoring & Review
- Implement appropriate group wide Security policies (incl. technical)
- Monitor the effectiveness of action plans in addressing information risks.
- Prepare information security performance report based on results from analysis and correlation of information security events.
- Recommend suitable enhancements to improve information security performance.
- Review security policies, standards and procedures by considering the threats identified and other information collected.
Security Statistics & Dashboard
- Support the collection of risk (reporting) content for various operational and senior-leadership meetings, briefings and dashboards.
- Work with teams to implement automation for risk reporting and metrics collection.
- Assist in the design of risk dashboards to be shared at the executive, operational, and tactical levels.
Information Security Management & Governance
- Implement global ISO27001: 2022 Management System
- Defines, deploys and controls the management of information systems and services and data in line with the business imperatives.
- Takes into account all internal and external parameters such as legislation and industry standard compliance to influence risk management and resource deployment to achieve balanced business benefit.
- Deploys and manages the operational and specialist (for e.g. forensics, threat intelligence and intrusion detection) resources needed to ensure the capacity to manage security incidents, and makes recommendations for the continuous improvement of security policy and strategy.
- Implements the management of risk across information systems through the application of the enterprise defined risk management policy and procedure.
- Assesses risk to the organization's business, including web, cloud and mobile resources.
- Documents potential risk and containment plans.
Training and awareness
- Develop group wide information security related education and training programs to influence culture and behaviour of staff.
- Train staff and promote awareness of policies and standards.
- Liaise with other company functions to facilitate security awareness.
You have a Master’s or Bachelor’s degree (Informatics, Economist, Engineer or equal)
You have min of 5 year experience in similar function or at least responsible function in the IT security area.
Certifications in the areas of IT Security Governance (CISM), data privacy (IAPP) and Project Management (PMP, Prince2) are an asset
Knowledge of ITIL, COBIT, ISO 27001 Information security or other control frameworks.
You have the skill to balance data protection and business objectives.
Experience as an ISO 27001 lead implementer or auditor
You can reach a consensus about the correct IT security level with acceptable risk
Comfortable working without routine supervision
You speak fluent English (Dutch, Spanish, Portuguese are considered an asset)