IT Security Risk Manager

What are you going to do?

As our new IT Security Risk Manager, you will be a part of the Global IT department, reporting to the Corporate IT Director. You will be the expert in the fields of information risk, cyber security and data protection (privacy). You play an important role in defining the cyber security strategy and roadmap for the organization. You will lead global and local IT support functions in the implementation of IT risk management, internal control and cyber security practices that are part of Van Leeuwen's security strategy and roadmap in support of the business plan.

Your responsibility is to continually improve the security posture through proactive risk management and the establishment of cyber security controls. You provide support to colleagues to ensure internal control and cyber security is addressed within business applications, infrastructure and the solutions used to securely storage, process and delete data. You take ownership of cyber security processes where needed.

Besides your internal role in which you guide global and local IT colleagues, you will also help the business by providing IT assurance and audit support, acting as the primary liaison to auditors. You will manage vendors on cyber security to optimize their value to the company. You will act as primary contact and escalation for managed security providers, threat intel and crisis response teams for cyber security incidents, ensuring timely identification, remediation and lessons learned.

Lastly, you will work on cyber security reporting, metrics and forecasting to Van Leeuwen’s leadership to make sure Van Leeuwen is constantly on top of and improving its IT information risk management and cyber security capabilities.

Who are you?

You are an experienced Manager in the field of information and cyber security and have about 10 years of work experience and a bachelor’s or master’s degree in this area. You are able to interact with multiple stakeholders within an international company and have the ability to translate complexity into simple, workable solutions. Competencies like analytical and organizational skills, strategic thinking, driving and motivating people through change and collaboration and communication with different stakeholders, are competencies that you are talented in.

Some practical skills you master:

• You have experience with risk assessments, threat modeling and information security reviews
• You have experience with vulnerability scanners, firewalls, network monitors, IAM, SIEM, IDS/IPS, PKI
• You have experience with cloud security and third party management
• You have in-depth knowledge of common standards, such as ISO27001, OWASP, SOC 2, NIST
• You have knowledge of privacy and data protection regulations, such as GDPR
• You have knowledge of enterprise IT and cloud-based architectures and technologies (Azure)
• You have knowledge of IT infrastructure, e.g. networking, datacenters, platforms, workplaces, mobiles
• CISA, CISM, CISSP, CRISC, ISO2700/1/2, ISO22301 knowledge and/or certification is a big plus.

What do we offer you?

In this position, you will be able to play a key role within the organization. The topic of information management and cyber security is high on the agenda at Van Leeuwen, which makes this a crucial role in the strategy and future of Van Leeuwen.

At Van Leeuwen we can offer an open working culture in an international and dynamic environment. There are short communication lines with much room for initiative and development. You will be working together with talented and committed colleagues. Furthermore, we offer you:

• Excellent employment conditions
• 27 holidays a year
• The possibility to further professionalize the IT landscape of a successful international company