We are looking for a Senior Information Risk Management Officer. The field of expertise of Risk, Security and Compliance is changing rapidly. The traditional way of securing is not sufficient in a world of internet connectivity, ‘internet of things’, Cybercrime and Cloud. We will need to be aware of Cybercrime-as-a-service, advanced persistent threats, privacy regulations, the value of data, resilience in ‘due diligence’, integrated reporting and the market conditions.
Your main responsibilities
- Maintains and facilitates ORM governance and committee structure and liaise with other function areas with regards to the ORM sub processes;
- Monitors the compliance to (local) regulations on international insurance progams;
- Monitors relevant developments and inititates change.
2. Risk identification
- Initiates, coordinates and carries out High Level Risk Assessments. Generates reports and recommendations and advises on business improvements;
- Initiates, coordinates and implements Risk & Control Self Assessments. Coordinates, in consultation with business management, and monitors the follow-up to the outcome of the Self Assessments;
- Reports on the Risk & Control Self Assessments, including coverage percentages and risks;
- Monitors the follow up on the outcomes of the assessments;
- Develops, maintains and facilitates Operational Risk awareness programs;
- Gives presentations on various ORM topics to increase risk awareness;
- Advises BU ORM on local risk awareness programs;
- Monitors developments and changes in the regulations regarding ORM and Insurable Risk.
3. Risk measurement & monitoring
- Advises and maintains relationships with internal clients such as senior management, other staff departments and business units on the topic of Insurable Risk Management;
- Calculates premiums for the various business units given the international insurance programs;
- Maintains the claims database and monitors pending claims;
- Responsible for the registration and analysis of incidents and periodic reporting to the business management. Maintains contact with the stakeholders about incident reports, discusses them and makes recommendations;
- Initiates, coordinates and determines, in consultation with business management, the projects for which risk analysis must be carried out;
- Analyses projects/improvement measures in relation to risk findings and advises on possible solutions.
4. Risk mitigation
- Provides advice in order to mitigate the risks, periodically reviews accepted risks and provides reporting on these risks;
- Is responsible for the execution of the various international insurance programs;
- Negotiates with external insurance brokers and insurance companies on the fees and premiums for the international insurance programs;
- Evaluates current policies and negotiates in cooperation with the insurance broker on terms and premiums.
5. Strategy, projects and Advice
- Develops ORM / Insurable Risk strategy and translates this strategy into operational guidelines and principles;
- Participates in ORM projects (ORM, IRM, Security);
- Initiates, guides and executes complex long running projects.
6. Policy and advising
- Coordinates and implements the policy in the field of Operational Risk Management;
- Translates and implements strategic and tactical policy into operational rules/procedures in the field of operational risk management;
- Initiates and communicates about new controlled standards so that the control and management mechanisms become/are an integrated part of the business processes and products;
- Supports the ORM management in drawing up and updating the policy and developing the ORM services.
Your experience and skills
- University degree in Information Technology, Security or Audit;
- At least 3- 5 years of professional experience in the IT Risk Management, IT Security or IT Audit;
- Relevant experience in the Financial services industry;
- Multiple industry recognized certifications like CISSP, CRISC, CSSP (Cloud), CPT is a big plus;
- Experience in Agile/Scrum methodology is a big plus;
- Passion and knowledge for IT and IT Security and modern cloud technologies.
- Strong analytical and quantitative skills
- Excellent and natural communicator; excellent written and verbal communication skills (English and Dutch), able to construct and explain a comprehensive, logical argument
- Results oriented, precise, attention to detail
- Proactive self-starter, working independently
- Strong interpersonal, influencing and negotiating skills
Your team and challenge
The field of expertise of Risk, Security and Compliance is changing rapidly. The traditional way of securing is not sufficient in an world of internet connectivity, ‘internet of things’, Cybercrime and Cloud. We will need to be aware of Cybercrime-as-a-service, advanced persistent threats, privacy regulations, the value of data, resilience in ‘due diligence’, integrated reporting and the market conditions.
CIO Security, Risk and Compliance is responsible for building a risk management framework to assure a proper process for identifying managing risks is in place and the process actually works.
CIO /SRC advises the Executive Board on the implementation of the Office Risk Management organisation, processes and systems and on solving the ORM issues, and provides functional leadership regarding the ORM function, framework and processes, and to take functional decisions if and when required;
ORM determines the Regulatory and economic operational risk capital charge and monitors the key risks of NN Group and ensure that the NN risk policies and minimum standards are fully implemented.
Due to constantly changing market environments and the increased role of technology within the insurance industry we need to innovate and transform our global IT organization. We need to become truly agile in our way of working and implement innovative solutions to support the NN business units. At the same time we also need to integrate our NN Group and Delta Lloyd businesses e.g. our processes, systems and products.
From an innovations perspective we need to create oversight of the IT developments in the different countries (including NL) but also see where we can upscale over the countries and the Netherlands. We need to innovate and find new ways of to solve our legacy issues f.i. with introducing Robotics, AI. Furthermore we need to drive our journey implementing the DevOps way of working including a solid target IT landscape that supports this way of working.
We offer you
- A work environment that is characterized by an professional atmosphere and collegiality;
- Plenty of opportunities to develop yourself, craftsmanship and development are our top priority;
- The opportunity to work with professional and expert colleagues who have a tremendous drive to do good, in the interest of the client and with an eye for society together;
- Modern compensations & benefits with room for your own choices.
This is a feature in scale 12 for 40 hours and the location is Den Haag.
How to apply
Would you like to apply for this job? Then apply directly via the button under this vacancy.
Do you have questions about this position or application process, please ask Hugo van Zelm van Eldik, Recruiter, via firstname.lastname@example.org, telephone 0031 70 513 80 67
Warning: only applications with CV and motivation letter will be taken in to consideration.
An assessment can be part of the application.
Acquisition regarding this vacancy is not appreciated