A. Purpose of the Job
The purpose of the function is to implement an IT security framework and to protect the company IT-systems, both at strategical and operational level.
The function also covers the management of the general IT governance.
B. Principal Accountabilities, Authorities & Activities
IT Security governance
• Implementing an information security framework
• Develop processes and procedures to embed IT security in the organization and to safeguard systems. This includes application development, database design, network, operating systems, Microsoft toolset and OT
• Control and ensure compliance with the security policies
• Define KPI’s
• Embed security in (business) processes: SDLC, IAM, data classification
IT Security Design & build
• Collaborate with business and IT colleagues to embed security in systems. Helps project teams comply with enterprise and IT security policies, industry regulations, and best practices.
• Define, implement and improve security solutions & services
• Identify and correct security flaws in existing systems
• Validate IT projects and changes to ensure they are designed and built securely
• Participate in the Architecture Review Board
IT Security Manage & operate
• Handle security alerts and steer or participate actively in incident response and resolution
• Remediate vulnerabilities, and support remediation
• Keep cyber security knowledge up to date
• Be the security expert for application development, database design, network, and/or platform (operating system) efforts. Support application teams to keep their systems secure.
• Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks. Communicate security risks and solutions to business partners and IT staff as needed.
• Collaborate on a daily basis with colleagues, coach and train them whenever needed to make IT security integral part of IT
• Reporting to Enterprise and Security Architect
• Knowledge of security frameworks (NIST, ISO 27001 & IS 27002, MITRE ATT&CK)
• Experience with EDR tools
• Experience with Vulnerability Management
• Familiarity with the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends
• Knowledge of networks
• Knowledge of Windows
• Security certifications are an asset
• Fluent in Dutch and English
Skills & attitudes
• Able to create structure, focus on main points and synthesise
• Operational, systematic
• Interest in new technologies and the security aspects of it
• Can create a proposal or framework
• Can get user buy-in
• Can implement processes
• Good oral and written communication skills, used to
o convince business of the need for a cyber security mindset and measures
o document solutions and processes
o communicate a solution to both technical people and managers
o communicate with vendors
• Project management skills, from project inception to project delivery
are essential cookies that ensure that the website functions properly and that your preferences (e.g. language, region) are saved.
allow us to analyse website use and to improve the visitor's experience.
allow us to personalise your experience and to send you relevant content and offers, on this website and other websites.