You are here
Security Risk, Audit and Threat Specialist
- International innovative company
- Security professional with security related certifications
About Our Client
The main purpose of the Security Risk, Audit and Threat specialist is to manage the "Security Risk profile" by creating and keeping the overview of current risks, audit findings, planned audits, emerging threats in the market and in the company, compliancy to policies and laws, and treatment plans to mitigate all known risks.
- Implementation and maintenance of the Information Security Management System according to ISO27001 to make sure all the necessary measures are taken for proper security management.
- Implementation and maintenance of the Governance, Risk and Compliance (GRC) management system to manage compliance with policies and laws for a multitude of company assets.
- Actively manages the security risk management process; create transparent overview and feeds in the overall plan function for mitigation actions that are required with an up to date risk register.
- Implement and maintain the risk reporting format for periodic reporting to management.
- Actively manages security audits; internal and external. Secure regular audit reporting and follow up on findings.
- Execute (smaller) local audits.
- Analyze information security incidents and determine the associate risk and propose treatments.
- Keep track and follow what is happening in the outside world on threats and vulnerabilities reported, breaches, attacks, etc. and analyze if this could also be applicable to the organization.
- Proactively define and initiate risk reduction measures, like adding controls and fixing issues on the basis of identified active threats or threats that are likely to become active in the (near) future.
- Give trainings, educate other departments and support knowledge transfer within the company and outside the company in the security domain.
The main challenges involve giving advice in a highly technical and complex environment, while keeping knowledge up to date in a fast changing market. You will have to deal with ad-hoc requests and short timelines within the local and international organization.
The Successful Applicant
- Minimum of 5 years experience within the Security sector
- A relevant university or bachelor degree;
- Experience within an international, large organization is preferred;
- Expert knowledge in the area of Security Risk Management (e.g. CISSP, CISM certification);
- Detailed knowledge of information security (ISO27000) series framework, including implementation and application of measures;
- Ideally, you will have experience with auditing (e.g. CISA, RE certification) and knowledge of law and regulations (Dutch Telecom law ,Sox, Privacy, PCI-DSS), and governance frameworks (COSO, COBIT,ITIL, ISO);
- Strong communication, presentation and relationship management skills;
- Fluent Dutch and English written and spoken skills.
What's on Offer
A challenging job within an international organization combined with a good remuneration package.