What impact will you make?
The CISO will lead the Security team and will be part of the Management Team of IT in the Netherlands. Your main role is to lead the implementation of standardized and compliant regulatory processes and to operate security management monitoring programs and risk management activities. You will be involved in local, European and Global initiatives and other work groups.
You will report to the CIO and will act as an advisor to the Management Team of the IT organization, as well as the NWE (North West Europe) Security team. You will advocate a culture of information security and risk awareness across the organization. We will make use of your managerial skills to align the teams output with our high security standards.
This is how
You will perform the following activities:
• Coordinate and facilitate the implementation of the NWE cyber strategy at the local level in strong collaboration with the functional leads.
• Oversee and enhance locally-delivered security capabilities/services, in line with the security target operating model and local (regulatory) requirements.
• Facilitate and lead the transition from local to NWE and global security services by managing associated risks.
• Provide leadership and direction on information risk management (technical, legal, regulatory compliance and security management).
• Ensure that information handling policies, procedures, processes and training are consistently delivered and applied working with 2LoD Risk functions at local levels.
• Manage local security incidents and act as the primary coordinator during significant security incidents; develop notification thresholds and procedures for requesting support from the central security organization.
• Represent local security in Cyber Acceleration Programme projects; ensure local security requirements are met and delivered.
• Appraise senior management of material weaknesses, internal control failing or non-compliance with regulatory requirements and NWE policies in relation to information risk management.
• Liaise regularly with the CISO and functional leads to discuss the NWE’s risk posture including components such as compliance, audit and internal findings, loss events, including management and reporting on KPIs and KRIs.
• Manage the risk assessment, remediation and monitoring of information and technology risks associated with the business working with 2LoD Risk functions at local levels.
• Manage metrics and reporting for local requirements; deliver effective, relevant and timely reports on findings from any information handling incidents in relation to the risk and compliance policies.
• Provide inputs to relevant governance bodies e.g. Security Council (including metrics, reports, risks and incident details, progress reporting and escalation matters), and required outputs (approvals, further escalations, actions to follow-up) and prepare reports for the business.
• In collaboration with NWE functional and other geographical Information Security leaders, influence the overall security evolution in the organization.
• Responsible for attracting, managing, professional development and retention of internal and/or external security personnel in response to temporarily increased workload.
• Recommend and assist functional leaders to provide business cases for the acquisition of new security solutions to meet NWE and local security requirements.
• Provide non-functional management activities in common with local HR processes.
With offices across the Netherlands and more than 6000 employees Deloitte is a leading organization in the field of Audit, Tax, Consulting, Financial Advisory Services and Risk Services. Innovation and initiative are key.
Deloitte IT, with about 160 employees, provides information and communication technology, online services, access systems, audio-visual equipment, building management, facilities management and cabling for all Deloitte departments. IT professionals like to work with us because of innovative character of our activities. Our culture is described as dynamic, informal, innovative, social, international, team-oriented, results-oriented and challenging.
What we offer
• A work environment with enthusiastic colleagues
• Working in an environment with the latest ICT technologies
• Internal career opportunities
• Role-related training
• Competitive salary
• Personal development plan
• Continuous developments in ICT area
• 26 vacation days
• NS Business Card
• Mobility scheme
What you offer
• You have at least 5 years in-depth knowledge of information security and risk management methodologies.
• You have strong oral and written skills to drive IT and business engagement when developing security risk requirements and related business cases.
• You have a proven track record in service delivery, influencing and partnering with senior business and IT leaders and executives, regarding security risks, controls, and governance.
• Knowledge of European Union Directives including privacy regulations and cross border personal data transfer requirements (GDPR).
• Up-to-date knowledge of cyber and information security trends and threats.
• Experience in developing, managing and retaining talent.
• Professional certification in CBCP, CISSP, CISM, CISA or equivalent would be an advantage.
• A motivated team player and strong communicator
Lets make impact. Apply now!
Please contact us today for an introduction. Click on the button below and fill in your personal information.
If this position does not fit you, and you know someone who fits perfectly to the outlined profile, please forward the vacancy.
Acquisition regarding this vacancy is not appreciated.