Information Security Risk Officer

On-site
Amsterdam, Noord-Holland, Netherlands
Security

Job description

Governance, Risk management and compliance? With your current experience, you get excited right away! Three crucial elements in the role of our Information Security Risk Officer.

As an Information Security Risk Officer, you will be responsible for managing the Information Security Governance, Risk, and Compliance program. Your role is critical in ensuring that our organization's information security practices are aligned with regulatory requirements, industry standards, and best practices. You will oversee the development, implementation, and maintenance of information security policies, risk management processes, and compliance initiatives.

Key Responsibilities:

Governance:

Develop and maintain an Information Security Governance framework, ensuring alignment with the organization's overall governance structure.
Collaborate with Head of Information Security, Business Information Security Officer and senior management to establish and monitor information security policies, procedures, and standards.
Facilitate regular security governance meetings and provide updates to senior management.

Risk Management:

Identify, assess, and prioritize information security risks.
Develop and manage a comprehensive risk management program, including risk assessment methodologies and risk treatment plans.
Work with business units to implement risk mitigation strategies and monitor their effectiveness.
Conduct regular information security risk assessments and report findings to Head of Information Security and senior management.

Compliance:

Ensure compliance with relevant information security laws, regulations, and industry standards (e.g., GDPR, ISO 27001, ISF, PCI DSS).
Develop and maintain information security compliance policies, procedures, and controls.
Coordinate and oversee information security compliance audits and assessments.
Keep abreast of regulatory changes and update information security compliance programs accordingly.

Policy Management:

Develop and manage a centralized information security policy framework.
Collaborate with stakeholders to establish, review, and update information security policies and procedures as needed.
Ensure information security policies are communicated, understood, and adhered to throughout the organization.

Reporting and Documentation:

Prepare and present regular reports on information security GRC activities to senior management and relevant committees.
Maintain accurate and organized records of information security governance, risk, and compliance activities.

Vendor Risk Management:

Evaluate and manage third-party information security risks and relationships.
Establish vendor risk assessment processes and criteria.

Job requirements

As a Information Security Risk Officer we believe the right candidate meets the following criteria:

Bachelor's degree in Information Security, Cybersecurity, Business, or a related field (Master's degree preferred).
Relevant professional certifications, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified Compliance and Ethics Professional (CCEP).
Several years of experience in information security GRC management or related roles.
Strong knowledge of information security governance, risk management, and compliance principles, practices, and regulations.
Excellent communication, leadership, and negotiation skills.
Analytical and problem-solving abilities.

About ERIKS Digital

We are ERIKS Digital. The global IT, technology, and data hub of ERIKS, a multinational industrial service provider with a strong presence in Europe and APAC. We’re a diverse and international team of smart, curious, hard-working colleagues who are energized to deliver our mission to become the world’s most digitally advanced specialized industrial service provider. Making not just ERIKS, but our entire industry more efficient, effective, and sustainable.

Every day, we work to digitally transform ERIKS; executing digital initiatives such as improving how all colleagues at ERIKS work with data, providing innovative digital solutions for our customers, and integrating digitally with all our trading partners: All while ensuring we improve the day-to-day operations of the thousands of our colleagues across ERIKS, that enable us to serve our customers.

Our strong team culture is fostered by an environment where you are encouraged to develop yourself, grow and with colleagues across ERIKS Digital and the rest of ERIKS.

Interested?
Do you have any questions or want to know more about this position or ERIKS Digital? Just call or app our recruiter Nena van Tricht at +31-(0)6 309 859 70. Are you up for this challenge?

ERIKS Digital is an equal opportunity employer and strives for equal treatment for all genders. ERIKS Digital adheres to ethical recruiting methods ensuring that we do not discriminate against any candidate because of age, disability, gender reassignment, marriage or civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation. This is a fundamental part of our values and beliefs, and we strive to create an inclusive environment where everyone can reach their potential.

Apply with Indeed unavailable

CV or resume

Upload your CV or resume file

Upload a file or drag and drop here

Accepted files: PDF, DOC, DOCX, JPEG and PNG up to 50MB.

My information

Fill out the information below

Full name

Email address

Phone number

Photo

Upload a file or drag and drop here

Accepted files: PNG, JPG and JPEG up to 20MB.

Cover letter

Upload your cover letter

Upload a file or drag and drop here

Accepted files: PDF, DOC, DOCX, JPEG and PNG up to 50MB.

Questions

Please fill in additional questions

Do you have a valued working permit?

Yes

Legal Agreements

ERIKS Digital processes your personal data in accordance with the privacy statement, included below. I hereby agree that ERIKS Digital may process my personal data in accordance with this statement and may keep my data during the recruitment process and for a period of 1 year thereafter in order to match my skills with future job opportunities with ERIKS Digital.
PRIVACY STATEMENT for Candidate Data
1.              Introduction 
This is ERIKS Digital's Privacy Statement for processing personal data of candidates or job applicants of ERIKS Digital B.V. and its group companies, hereafter ERIKS Digital, we or us.
At ERIKS Digital we take your privacy very seriously. We developed this ERIKS Digital Candidate Data Privacy Statement (“Privacy Statement”) to inform you of how we will use your personal data in relation to applications for roles with ERIKS Digital.
This Privacy Statement was last updated on 23-05-2018 and may be changed over time. You are advised to regularly review the Privacy Statement for possible changes.
2.              When does this privacy statement apply? 
This Privacy Statement is applicable to ERIKS Digital’s processing of all personal data of potential candidates or job applicants (candidates) processed in relation to our recruitment activities.
This Privacy Statement does not apply to employee data or data of our customers. For information on how ERIKS Digital protects data of customers please visit www.eriks.com. If you are an ERIKS Digital employee, you can find ERIKS Digital’s Data Privacy Statement on how ERIKS Digital uses employee data on the ERIKS Digital Intranet site.
3.              Who is responsible for your personal data? 
ERIKS Digital based at Wibautstraat 135, 1097 DN, Amsterdam and its corporate affiliates (collectively, “ERIKS Digital”) and/or its group companies are the data controller for the processing of your personal data. You can contact our Privacy Officer at hrprivacy@ERIKS Digital.com.
4.              For which purposes do we process your personal data? 
4.1           To find suitable candidates 
(a)           What does this purpose entail?
We collect your personal data from public profiles on LinkedIn or other social networks and other publicly-available websites if you reacted to the ERIKS Digital recruitment initiatives on such social networks and websites, or signed up via integrated functionality of such social networks, recruitment websites or our own websites. We also collect your personal data from such sources when you provided a link to your profile on any such site as part of your job application or curriculum vitae submitted with your job application.
We may also obtain your contact details from publicly available sources, including content that you have made public on LinkedIn or other social network sites or similar sites for professional purposes to make an initial contact with you for recruitment purposes. We will only contact you if you have made your contact details available to ERIKS Digital to contact you for recruitment purposes. We will provide you with a clear option to ask us to stop contacting you for career opportunities and remove your personal data from our systems.
(b)           On what legal basis do we process personal data for this purpose?
For this purpose, we process your personal data based on our legitimate interest. We process your personal data to find suitable candidates for vacancies at ERIKS Digital.
(c)            Which personal data do we process for this purpose?
For this purpose, we process the personal data you have made public through your public profiles on LinkedIn or other social networks and any correspondence between you and our internal recruiters. This includes your name, contact details if made available, current and past job titles, employment history, educational information, skills, recommendations, and curriculum vitae if you made it available.
(d)           How long do we retain your personal data for this purpose?
For this purpose, your personal data will be retained for as long as the purpose for which we collected it continues, unless a longer retention period is necessary to comply with legal requirements or protect our interests. If you submit a job application and become our employee, we will retain the information obtained during the recruitment process for the duration of your employment. If you applied for a job and were unsuccessful, ERIKS Digital may retain your personal data for a period of: 4 weeks from our final communication to you for future job opportunities. After this period, your personal data will be deleted from our systems.
4.2           To receive, review and reply to your job application 
(a)           What does this purpose entail?
If you contact one of our internal recruiters, apply for a vacancy or register through ERIKS Digital careers website, we include the personal data you provide us in our recruitment database. We will also process your personal data to manage and update our recruitment database.
(b)           On what legal basis do we process personal data for this purpose?
We process your personal data for this purpose as a preparatory step to possibly entering into an employment contract with you. You are not obliged to provide us with any personal data for this purpose. However, if we don’t receive sufficient information from you to consider your eligibility and to communicate with you, we won’t be able to consider you for a role at ERIKS Digital.
(c)            Which personal data do we process for this purpose?
For this purpose, we process your name, contact details, address (optional), country of residence, citizenship status, the role you apply for, and any recruitment information you provide to us, such as a link to your public social media account (for instance, LinkedIn) (optional), your curriculum vitae, employment history, education history, skills, motivation, gender (optional), disability (optional), current compensation, and whether you are subject to a non-solicitation agreement. Also, we process your correspondence with ERIKS Digital with regard to job applications.
(d)           How long do we retain your personal data for this purpose?
We will retain your personal data for this purpose as long as the application procedure for this position is open, unless a longer retention period is necessary to comply with legal requirements or to protect our interests. If you submit a job application and become our employee, we will retain the information obtained during the recruitment process for the duration of your employment.
If you applied for a job and were unsuccessful, ERIKS Digital may retain your personal data for a period of: 4 weeks from our final communication to you for future job opportunities, unless you gave us permission to keep your data for a longer period in order to match your skills with future job opportunities with ERIKS Digital. In this case we will keep your data for a period of 1 year. After this period, your personal data will be deleted from our systems.
4.3           To verify your job application information, check your references and assess your suitability for the role you applied for and to make you a job offer. 
Depending on the role you apply for, the job application process may include virtual or phone interviews, online assessments, on site interviews and/or psychological assessments, a language test, or system screenings to screen your fit for the job and ERIKS Digital culture. We will process your personal data to manage and execute this process and to process the feedback received about you. Our internal recruiter will inform you about the specific job application process for the role you have applied for. In addition, with your consent, our internal recruiters will check your references.
If you have successfully completed a job application procedure, we will prepare and email you an offer letter. This letter will include the employment conditions we would like to offer you at ERIKS Digital. This offer is still conditional on a satisfactory background check.
(b)           On what legal basis do we process personal data for this purpose?
We process your personal data for this purpose as a preparatory step to possibly entering into an employment contract with you.
You are not obliged to take part in any element of the job application process or otherwise provide us with any personal data for this purpose. However, if you do not engage in our job application process, we are not able to consider or offer you for a role at ERIKS Digital.
(c)            Which personal data do we process for this purpose?
For this purpose, we process the information you provided to us following 4.24.1, feedback received from the interviewers who spoke with you, the outcomes of any test you completed and any communications between us.
(d)           How long do we retain your personal data for this purpose?
For this purpose, your personal data will be retained for 4 weeks. After this period, your personal data will be deleted from our systems.
4.4           To check your background 
If you have accepted a conditional offer at ERIKS Digital, we will do a background check. Depending on your role with us, these background checks may be for verification of information provided by you to us and/or to verify information about criminal convictions.
(b)           On what legal basis do we process personal data for this purpose?
We process your personal data for this purpose as a preparatory step to possibly entering into an employment contract with you. You are not obliged to provide us with any personal data for this purpose. However, if we cannot perform a satisfactory background check, we are not able to consider you for a role at ERIKS Digital. We only perform background checks to the extent permitted by applicable law in your country.
(c)            Which personal data do we process for this purpose?
You will be approached by the ERIKS Digital recruiter to explain what information should be submitted for the background check procedure.
If we have any concerns following your background check, we will liaise with you directly.  If something on your background check indicates that we cannot hire you, we will notify you and provide you with a copy of your background check report, where required by applicable law. We will also provide you a reasonable period of time to dispute, correct, explain or otherwise respond regarding the information disclosed in the background check report, where required by applicable law.
(d)           How long do we retain your personal data for this purpose?
If you become our employee, we will retain the results of your background check for the duration of your employment. If you applied for a job and were unsuccessful, ERIKS Digital may retain your personal data for a period of: 4 weeks. After this period, your personal data will be deleted from our systems.
4.5           If you have been rejected for a particular role at ERIKS Digital, we process your personal data to inform you and communicate with you about vacancies that you may be interested in if you choose to. 
Sometimes, we just do not have the right role available for you yet. If you choose, we will keep information about you in our database and contact you if we have a new vacancy that may be of interest to you. We may also invite you for recruitment activities or communicate with you about job opportunities.
(b)           On what legal basis do we process personal data for this purpose?
For this purpose, we process your personal data based on your consent.
If you give us your consent to process your personal data for this purpose, you have the right to withdraw your consent at any time by sending an email to ﻿adriaan.vanderheijden@eriks.com. Please note that this will not affect the lawfulness of any processing based on your consent before the withdrawal.
(c)            Which personal data do we process for this purpose?
For this purpose, we process your contact details (such as your address and email address), the information you submitted to us in the course of previous job applications (for example, your resume) and a summary of how you performed during previous job applications with us.
(d)           How long do we retain your personal data for this purpose?
Your personal data will be retained for 1 year in our recruitment database for this purpose.  After this period, your personal data will be deleted from our systems.
5.              Who has access to your personal data? 
5.1           Access to your personal data within ERIKS Digital 
Your personal data can be accessed by relevant ERIKS Digital departments such as recruiters, hiring managers, ERIKS Digital employees directly involved in your job application process, employment counsel or other HR functions involved, and legal, compliance, data protection or integrity officers to the extent strictly necessary to fulfil their respective tasks. If your application indicates interest in working internationally, we may provide your personal data to our global affiliates, in connection with possible opportunities at those affiliates. If ERIKS Digital employs you within any of its affiliates, it will retain your personal data and may use it and disclose it to others for personnel, administrative, or other purposes related to your job application or employment with ERIKS Digital.
5.2           Access to your personal data by third parties 
The following third parties have access to your personal data where relevant for the provisioning of their products or services to ERIKS Digital:
Travel agencies
External assessment consultants
IT suppliers
Financial, tax or legal advisors
If the ownership or control of all or part of ERIKS Digital changes, we may transfer your personal data to the new owner.
We may also provide your personal data to federal, state, local, or other government agencies that have jurisdiction over matters related to employment. ERIKS Digital will not provide your personal data to other third parties unless it is required to do so by a valid court order, governmental agency order or information request, or unless it has a legitimate business purpose for doing so and the third party agrees to similar restrictions on disclosure and use of your personal data.
5.3           The use of your personal data by data processors 
When a third party processes your personal data solely following ERIKS Digital instructions, it acts as a data processor.  We enter into agreements with such data processors, relating to the processing of personal data.  In this agreement we include obligations to safeguard that your personal data are solely provided to the data processor to provide services to us,
5.4           Transfers of your personal data outside of your home country 
Your personal data may be processed by ERIKS Digital, its affiliated companies and ERIKS Digital’ trusted third party suppliers anywhere in the world, including in countries where data privacy laws may not be equivalent to, or as protective as, the laws in your home country.
We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws.
6.              How are your personal data secured? 
ERIKS Digital has taken adequate safeguards to ensure the confidentiality and security of your personal data. ERIKS Digital has implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, and against all other forms of unlawful processing (including, but not limited to unnecessary collection) or further processing consistent with applicable data protection and privacy laws.
For example, when we share your personal data with external suppliers, we may put in place a written agreement which commits the suppliers to keep your information confidential, and to put in place appropriate security measures to keep your information secure.
7.              Your rights 
Under applicable data protection and privacy laws, you may have rights to:
·       Access your personal data
You may ask us whether we process any personal data that relates to you. If this is the case, you may ask us to provide you with a copy of the personal data we process of you insofar as required by applicable data protection laws.
·       Correct and erase your personal data
You may request us to correct any inaccurate personal data we process of you. Also, you may ask us to erase the personal data that relate to you if they are no longer necessary for the purposes for which we processed them, if you have withdrawn your consent and we do not have another legal ground for processing your personal data, if your personal data have been unlawfully processed, if your personal data have to be erased following applicable EU or EU member state laws, or if it concerns a child’ personal data processed in relation to offering information society services.
·       Request the restriction of processing
You may request the restriction of the processing of your personal data if you have contested the accuracy thereof, if the processing is unlawful and you prefer restriction over erasure, if we no longer need your personal data for a purpose but you need them for the establishment, exercise or defence of legal claims, or while your exercised your right to object is being reviewed.
·       Object to processing your personal data
You may object to our processing of your personal data based on our legitimate interest. We will then no longer process your personal data for this purpose, unless we have an overriding legitimate interest to do so. You may also ask us to erase your personal data, unless there is an overriding legitimate interest for the processing.
You may also opt out from processing your personal data for direct marketing purposes.
·       Withdraw your consent to processing your personal data
You may withdraw your consent to the processing of your personal data (where ERIKS Digital is processing your personal information based on your consent).
·       Data portability
You may request receipt or transmission to another organisation, in a machine-readable form, of the personal information that you have provided to ERIKS Digital.
·       Lodge a complaint with supervisory authority
If you feel that we do not comply with the applicable privacy laws, you have the right to lodge a complaint with your local supervisory authority.
8.              Contact information If you have any questions regarding the processing of your personal data, send a request relating to any of your data protection rights, please contact our Privacy Officer. 

Information Security Risk Officer

On-siteAmsterdam, Noord-Holland, NetherlandsSecurity

Job description

Job requirements

Questions

All done!

On-site
Amsterdam, Noord-Holland, Netherlands
Security