IT Security Risk Manager

For our top client in Eindhoven, one of the biggest technical companies of the Netherlands, we are looking for a IT Security Risk Manager. The IT division supports information management, infrastructure and automation and optimization of key business processes across the company. The ICT infrastructure, hardware and applications are absolutely mission-critical for almost all our clients internal and external activities. A sub-department within the IT organization is the IT Competence Center Corporate. This competence center is responsible for innovation projects and changes in the IT systems supporting our corporate support organizations like Finance and HR. The Identity and Access Management expertise is part of this competence center.

The team is working in scrum methodology. Currently the companies IT department is in an Agile Transformation, in which SAFe (Scaled Agile Framework 5.0) will be implemented. This role will be responsible for managing and reporting on information security risks. This will include the Information Security and Safeguarding of Assets, as part of our Risk Universe items. In addition, this role will manage and report on the cross-sector Security risk register.

Maintain and develop our clients wide Information Security Risk Management means and methods

Perform information security risk assessments and propose mitigating controls

Drive risk mitigation based on agreed controls

Maintain our clients Security risk register and Cross-Sector Security Risk Register.

Perform and support risk reporting including tracking KRIs

Alignment with our clients sectors and their security risk registers

Manage the Exception process including reporting on a regular basis

Keep up with relevant international legislation, best practices, emerging threats, policies and benchmarks

Drive the GRC tooling implementation

Be the lead for the following focus groups

Information Security Risk Management

Strategic focus group development

Means and methods development

Competence and knowledge management

Bachelor or Master degree in a technical area

Minimum of 6 years of relevant experience in information security risk management

A strong background in IT or proven relevant experience in the IT security domain

Proven experience with the ISO27001/ISO31000 risk management framework

Information security risk management qualifications like CRISC, CISSP, CISA or CISM

Knowledgeable on global Privacy regulations.

To be discussed.