Chief Information Security Officer (CISO)

Job Description : Chief Information Security Officer

Blauwtrust Groep provides high-quality financial services and products to the Dutch mortgage market. The company focuses on consumers as well as brokers and investors. Blauwtrust Groep consists of multiple operating companies – with more than eight hundred employees in total – that operate the entire value chain together, from management and administration to in-house advisory offices.

Chief Information Security Officer

Blauwtrust Groep sets up group-wide strategy, goals and parameters in order to give guidelines to the operating companies and to provide them with the appropriate support in, amongst other things, information (technology) security.

In this context, we are looking to hire a Chief Information Security Office (CISO) who will support the group operating companies seated in the Netherlands and in Tunis. He or She reports to the CTO based in Capelle, Netherlands.

As a Chief Information Security Officer, you will:

• Identify security risks and threats, and work with the security team as well as internal stakeholders to develop plans to mitigate them.
• Oversee the security team seated in Capelle and Tunis, which involves assigning tasks, delegating responsibilities, and providing guidance and mentorship.
• Define and maintain the overall security objectives aligning with business goals.
• Define and maintain information security policies and procedures.
• Lead efforts to educate employees on cybersecurity best practices, often with the security team developing and delivering training activities.
• Oversee the implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS), ensuring adherence to the ISO27001 standard.
• Specifically for the ISO27001:2022 transition, lead the teams in identifying the changes required to the ISMS documentation, policies, and procedures to align with the new standard's structure and focus.
• Plan external ISO27001 audits and prepares internal stakeholders for such audits via dry runs and dedicated workshops.
• Lead ISO27001 certification initiatives for operating companies, from initiation to delivery.
• Maintain action plans to close external and internal security audit findings.
• Lead the security team in developing and practicing incident response plans to address cyberattacks.
• Communicate the security posture and risks to executives and the board of directors.
• Harmonize security initiatives and activities across the group and its operating companies, including the initiation of transition from ISO27001 to a SOC2 certification and implementation of the DNB GPIB standard.
• Report together on the security posture to clients, ensuring alignment with their expectations.
• Manage client requests for security audits, providing them with the necessary reports and evidence.

What do we like to see?

• You have an academic background as an IT Engineer or Master’s degree graduate in Information Security.
• You have at least 10 years’ of experience in IT and security among financial services company.
• You have a relevant experience in information security and/or IT security (experience in Azure is a plus).
• You are familiar with implementing information security management systems.
• You are familiar with security standards and regulations such as GDPR, ISO27001, SOC2 and DNB GPIB (ISAE3402 is a plus).
• Certifications required: Lead Auditor ISO/IEC 27001, ISO 27001 Lead Implementer, ISO/IEC 27032 Lead, ISO 22301 Lead Implementer, CISA Certified Information Systems Auditor.
• You are well organized and have a structured approach to plan and follow-up on activities.
• You have the ability to build strong relationships and create synergy with interdisciplinary teams.
• You have a former experience in managing people in multicutural environment.
• You are fluent in English, in reading, writing, speaking and listening, and preferable fluent in Dutch.

What do we offer you?

The Blauwtrust Group is looking for professionals with expertise. Conversely, you can also expect a lot from us. A pleasant, collegial culture with plenty of room for initiatives and many development opportunities. You will also receive a complete and attractive package of employment conditions, including:

• A monthly salary between €5,869 and €8,385 gross based on a 40-hour work week & 200 vacation hours
• A company car or mobility allowance
• Performance bonus
• Expense allowance
• Favorable pension scheme, a bicycle plan, and the possibility to buy and sell vacation days
• Numerous training and development opportunities for both broad and advanced growth
• Flexible working options, including the possibility to work partially from home
• A centrally located modern office on the edge of Rotterdam and in Capelle aan den IJssel, with good accessibility by public transport and free parking. Our office is near the Rotterdam Kralingse Zoom metro station and the A16 highway.

For questions, you can contact Amin Fategh, Corporate Recruiter BTG, at amin.fategh@blauwtrustgroep.com.

*Acquisition in response to this vacancy is not appreciated.