Information Security Officer

Job description

ERIKS Digital, the unit within ERIKS that is responsible for all digital activities of ERIKS, including E-Commerce and IoT, is scaling fast. As we are growing, so are the security risks. We are looking for an Information Security  Officer to strengthen security within our organisation. This is a challenging role within a scale-up like environment beholding 100+ people of which half are techies. The spirit and way of working is young, dynamic and agile. We are working on exciting projects (Data, eCommerce and IoT), either mature or in a starting phase. This role is crucial for growing our capabilities in this digital world.

 

Your main responsibility is to identify, assess and manage the information security risks that ERIKS Digital faces and to implement the SHV and ERIKS policies for information security with the right balance between minimal risk and optimal business value. So we expect you to be business savvy enough to act on strategic and tactical level, but also hands-on enough to support the DevOps and development implementations. 

 

You are the only Information Security Officer within ERIKS Digital, so you will be involved in all major EPICS/User stories and ongoing activities addressing information security aspects. In addition, you are part of the global ERIKS Information Security team. Next to that you will be working closely with our CTO, our Compliance Officer and our local security champions within the development teams. You report hierarchically to the CFO of ERIKS Digital and functionally to the ERIKS Group CISO. All in all a challenging role that will give you the opportunity to cover and develop a very broad range of your security skills.


Job duties and responsibilities

  • Identify, assess and manage the IT risks that ERIKS Digital faces
  • Implement, maintain and monitor a practical and useable information security management system and security strategy aligned with minimum ERIKS Corporate standards, SISP (Security Framework) and ERIKS Business (Risk) Support Framework (EBSF)
  • Increase awareness among the employees regarding security, risk and compliance
  • Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies
  • Write (or adapt from ERIKS corporate standards) and implement security-related policies, standards and procedures and focus on continues improvement
  • Translate security needs of the business into technical and operational measures
  • Monitor and report about suppliers’ and own critical security KPIs
  • Ensure that the technical environment is operating under security, compliance and risk structure
  • Keep abreast of security incidents and act as primary control point during significant information security incidents/breaches, and coordinate responses towards the ERIKS CISO and the Digital CTO
  • Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk
  • Provide advice to the business and IT with regards legislation and internal and external regulations
  • Coordinate all information technology and security, governance, risk and compliance related audits (internal and for external suppliers). Provide guidance, evaluation and advocacy on audit responses. Provide prospective customer information security questionnaire responses for the businesses
  • Work with ERIKS Digital’s management, ERIKS Group CISO and Compliance Officer to build and implement cohesive security, governance, risk and compliance programs for ERIKS to effectively address local laws and regulatory requirements
  • Examine impacts of new technologies and suppliers on the overall information security. Establish processes to review implementation of new technologies to ensure security compliance 

Requirements

We are looking for someone with: 

  • University degree level of education 
  • Wide coverage of information technology knowledge. Preferably in a Digital native environment and preferably experience in the work field of development of Webshops, Data, Gateways and IOT
  • Proven knowledge of, and experience with information security (e.g. CISSP, CISM, CISA, ISO-27001, ISO-30000, CSSLP, or equivalent certification) and implementing IT controls (e.g. COBIT, SOX)
  • Ability to fulfil an expert role and be the source of security information for the organisation
  • Experience with implementing IT controls to ensure compliance to EU privacy legislation
  • Minimum of 2 years of experience in a similar job
  • Strong personal leadership skills to be able to lead by influence (not hierarchy)
  • Proactive and power of persuasion
  • Creative approach to problem-solving with the ability to focus on details, whilst maintaining the “big picture” view
  • Experience in interacting with both business and IT individuals at all levels
  • Flexible and adaptable to changing priorities
  • Excellent communication skills at all levels, including written and spoken English

What we offer:

  • A driver seat in a fast growing organisation where security is an important topic
  • Chance to really build something and shape our security vision and operations
  • A broad role, possibility to work in all aspects of Information Security
  • Tech environment, smart and fun colleagues to work with
  • A good salary, pension scheme, 30 paid holidays and more
  • A good (and healthy if you choose) lunch, cool office near Amstel station
  • We want you to grow and develop, online learning platforms, training possibilities ao