Security Risk ManagerSoftware / IT Medior Zuid-Holland
We are looking for a Security Risk Manager to strengthen the Security Risk Management function on a temporary basis. Our client has a security governance where security risk management is embedded on sector level. The Security Risk Manager drives risk identification and risk mitigation within his/her responsibility area in close cooperation with the Sector Security Risk Manager.
For our client I am looking for a Security Risk Manager with 3-7 years of experience.
Wat verwachten we van jou?
- Master degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering).
- Information security risk management qualifications like CISSP, CISA or CISM. Experience
- Minimum of 5 years of relevant experience in information security risk management.
- Experience with the ISO27001/2 risk management framework/control.
- Cooperation with and understanding of the IT security domain.
- Basic project management experience
- Knowledgeable on multiple laws and regulations; e.g. GDPR and US export regulations. Personal skills
- Relationship builder; able to create and maintain a trusted network on all levels.
- Good communication, influencing and negotiating skills.
- Able to inspire and motivate people.
- Strong analytical skills.
- Pro-active and self-motivated with the proven ability to drive results.
- Pragmatic, hands-on mentality, motivated by realizing goals rather than personal acknowledgement.
- Able to plan and prioritize.
- Creative when handling problems.
- Flexible, adapting to company culture and individual behavior.
- Fluent in English (written and verbal).
Wat kun jij verwachten?
- A competitive salary based on your experience and education;
- Good secondary conditions such as 25 holidays, Flexible work hours and 8% holiday allowance;
- Courses to develop yourself professionally and personally;
- Discount on your healthcare and referral bonusses;
- Nice yearly events with the Trinamics team
Ensure that security risks do not exceed the organization risk appetite by timely identifying risks and maintaining the security risk register, assessing risks, driving risk mitigation and monitoring and reporting on progress.
- Identify risks and perform/facilitate risk assessments.
- Drive mitigation of risks; propose mitigating controls in accordance with sector risk appetite and drive implementation and use.
- Keep track of risks and their status in the sector security risk register and report to stakeholders; have a clear oversight on the status of current security controls for the sector.
- Stakeholder management: ensure awareness and ownership of risks/mitigations.
- Ensure compliance to security policies and standards.
- Align with IT security department on IT specific aspects of risk assessments.
- Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks.