Information Security Expert
π 36-40 hours per week
Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 β basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 β daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 β you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 β exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 3
DevOps @ 3
Communication @ 6
Reporting @ 3
Agile @ 3
- 1-2 β basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 β daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 β you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 β exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
You can imagine that security is a major asset within the bank. We're looking for an Information Security Expert who wants to play an important role in making sure that our 3rd parties donβt impact ABN AMRO. You will be responsible to manage, monitor and report on the performance and the status of the security posture of our vendors and improve our service. A challenging role for someone who likes to dive into complex processes and is good in cooperation and stakeholder management to work together to keep our vendor portfolio safe.
Responsibilities
- Govern and manage IT vendor relationships in terms of performance regarding the security aspects of the underlying contractual obligations.
- Execute Vendor Security Risk Assessments and perform follow up actions. Focus on the risks that matter, translate them into the business context and help your stakeholders to address security challenges.
- Ensure that information security risks are identified and managed effectively throughout all the stages of the relationship with external vendors.
- Review the applicability and the quality level of assurance reports issued by the third parties.
- Ensure continuous improvements are achieved both in the quality of reporting and service provided by the third party.
- Manage the IT security related part of a contract with the third party provider. Work together with functions such as legal, risk, procurement on contractual changes.
- Help solving security-related questions, take initiative and escalate in time if needed.
- Signal improvements related to the way of working inside the team and contribute to improving the excellence of our service offering.
- Stay up-to-date with emerging cybersecurity trends and the latest developments in the field of technology, information risk and threats; actively share this knowledge with your colleagues and help to determine if/when to integrate them into the assessment program.
Working environment
You will join the Supply Chain Security (SCS) team, part of the Corporate Information Security Office (CISO) department, within the Cyber Defence grid. CISO is responsible for the bank's information security globally, across all subsidiaries and countries. The grid Cyber Defence is responsible for the security operations activities of ABN AMRO, and within our team we continuously provide visibility into the security posture of the vendors of ABN AMRO. The Supply Chain Security team members are experienced in information security and vendor relations.
The SCS team currently consists of 20 members with different nationalities and is ready for further expansion. The working language within the team is English. The team works according to the DevOps & Agile methodology. You will often engage with various stakeholders such as other IT departments, business colleagues and software suppliers.
Requirements
- 5+ years of experience with setting up projects & deliverability's within supply chain security / TPSRM.
- 5+ years of experience with executing information security risk assessments.
- Knowledgeable on one or more areas such as security processes, technology architectures, network security, application security and vulnerability management.
- Excellent communication skills and strong analytical skills; ability to translate technical risks into business context and vice versa.
Benefits
- Attractive gross monthly salary based on a 36 hour work week, including holiday allowance and a flexible benefit budget (role placed in Hay level 11 or 10 depending on experience).
- Excellent pension scheme.
- Flexibility in working: working from home is possible in consultation with your team; ergonomic home office setup provided.
- Five weeks of vacation per year plus two mandatory days off; option to purchase up to four additional weeks.
- Five extra days off for personal development or volunteer work.
- Development budget of β¬1,000 per year (accumulates up to β¬3,000).
- Annual public transport pass with free public transportation throughout the Netherlands for both business and private use.
Other details
- Working language: English.
- Employment based on a 36 hour work week (brief indicates 36-40).