The field of expertise of Risk, Security and Compliance is changing rapidly. The traditional way of securing is not sufficient in a world of internet connectivity, ‘internet of things’, Cybercrime and Cloud. We will need to be aware of Cybercrime-as-a-service, advanced persistent threats, privacy regulations, the value of data, resilience in ‘due diligence’, integrated reporting and the market conditions.
CIO Security, Risk and Compliance department is responsible for building a risk management framework to assure a proper process for identifying and managing risks is in place and ensure that the process actually works.
CIO /SRC advises the Executive Board on the implementation of the Information Risk Management organization, processes and systems and on solving the Information Risk Management (IRM) issues, and provides functional leadership regarding the IRM function, framework and processes, and to take functional decisions if and when required within the CIO group.
Currently we are looking for an Information Risk Management Professional.
Your main responsibilities
The IRM Professional analyses the inherent risks of the CIO group, and provides review on the risk limiting measures. The IRM Professional acts as an expert on IT and information risks towards the senior management.
In this context the IRM Professional shall execute the following tasks (non exhaustive list) for one or more CIO departments:
Facilitate and monitor the design and operational effectivness of IT controls and processes.
Challenge the first line in implementing a secured architecture aligned with the business goals and future plans.
- Implement and execute penetration testing and threat modelling for applications and infrastructure components based on criticality of assets;
- Review security alert notifications and validate that appropriate ation was taken by the 1st line engineers and management;
- Align with the asset owners in performing an effective vendor risk assessment and follow up on the process;
- Track progress status around remediation activities to clsoe gaps from policy compliance assessments and various other risk assessments;
- Maintains and facilitates IRM governance and committee structure and liaise with other function areas with regards to the IRM sub processes;
- Perform expert based risk assessments (and facilitate risk & control self assessments) on the CIO department;
- Analyse IT incidents reported by staff and report lessons learned to the CIO management;
- Advises and maintains relationships with internal clients such as senior management, other business on the topic of IT & Information Risk Management;
- Develop, plan and coordinate the execution of security awareness training in creating a strong risk aware culture within the CIO group.
Your experience and skills
- University degree in Information Technology, Security or Audit;
- At least 3- 5 years of professional experience in the IT Risk Management, IT Security or IT Audit;
- Relevant experience in the Financial services industry;
- Multiple industry recognized certifications like CISSP, CRISC, CSSP (Cloud), CPT is a big plus;
- Experience in Agile/Scrum methodology is a big plus;
- Passion and knowledge for IT and IT Security and modern cloud technologies;
- Strong analytical and quantitative skills;
- Excellent and natural communicator; excellent written and verbal communication skills (English and Dutch), able to construct and explain a comprehensive, logical argument;
- Results oriented, precise, attention to detail;
- Proactive self-starter, working independently;
- Strong interpersonal, influencing and negotiating skills.
Your team and challenge
Due to constantly changing market environments and the increased role of technology within the insurance industry we need to innovate and transform our global IT organization. We need to become truly agile in our way of working and implement innovative solutions to support the NN business units. At the same time we also need to integrate our NN Group and Delta Lloyd businesses e.g. our processes, systems and products.
From an innovations perspective we need to create oversight of the IT developments in the different countries (including NL) but also see where we can upscale over the countries and the Netherlands. We need to innovate and find new ways of to solve our legacy issues f.i. with introducing Robotics, AI. Furthermore we need to drive our journey implementing the DevOps way of working including a solid target IT landscape that supports this way of working.
We offer you
- A work environment that is characterized by an professional atmosphere and collegiality;
- Plenty of opportunities to develop yourself, craftsmanship and development are our top priority;
- The opportunity to work with professional and expert colleagues who have a tremendous drive to do good, in the interest of the client and with an eye for society together;
- Modern compensations & benefits with room for your own choices.
This is a feature in scale 12 for 40 hours and the location is Den Haag.
How to apply
Would you like to apply for this job? Then apply directly via the button under this vacancy.
Do you have questions about this position or application process, please ask Hugo van Zelm van Eldik, Recruiter, via firstname.lastname@example.org, telephone 0031 70 513 80 67
Warning: only applications with CV and motivation letter will be taken in to consideration.
An assessment can be part of the application.
Acquisition regarding this vacancy is not appreciated