Vacancy: Information Security & Privacy Expert

Referencecode JRQ$486-32104

Employment

(Fulltime 38h/wk)

"As an Information Security & Privacy Expert, your challenge is to protect our business critical information to meet customer, supplier and employee expectations while considering legal obligations.”

What you will do every day

As a result of our rapid international expansion we continuously strengthen our European Risk Assurance team. In this team you work in close cooperation with team members in other areas of expertise, such as Enterprise Risk Management, Fraud Management, Compliance and Internal Audit. As Information Security & Privacy Expert you report directly to the Information Security and Privacy Manager and work in close cooperation with other business departments both at Group Head Office and in the countries. Your work focuses on both Information and Privacy Risk Management.

The main purpose of you job is to help manage Information Security & Privacy risks on an ongoing base and help implement Action’s Information Security & Privacy Roadmap.

Areas of responsibility

Impact Assessments

  • Coordinate and support the execution of information security- and privacy impact assessments;
  • Discuss assessment outcomes with stakeholders and supervise the process of verification of the effective implementation of recommendations.

Implementation

  • Support the execution of and coordinate activities relevant to the implementation of Action’s Information Security and Privacy Roadmap and deliver hands on support;
  • Identify information security and privacy process requirements, automation and cost saving opportunities, control optimizations and value-added recommendations;
  • Prioritize requirements based on risk and reward evaluation;
  • Coordinate solid and timely implementation of requirements to ensure continuous compliance with laws and regulations, including review of IT architecture, operations and security management;
  • Review and challenge business areas compliance in respect of information security and privacy standards and assesses whether behaviour in the organization meets the Action’s information security and privacy policies and procedures;
  • Create a network of privacy champions within the organisation to assist with identification and management of information security and privacy risks.
  • Direct the design, preparation and delivery of information security and privacy risk and control (awareness)trainings.

Standards, procedures and guidance

  • Support the Information Security & Privacy Manager in developing, reviewing and updating information security and privacy standards, providing guidance to management and employees, including mandatory requirements and guidelines for functional areas setting clear guidance to assist them to comply with these requirements;
  • Draft and implement information security and privacy controls for existing business processes and new initiatives;
  • Document information security and privacy risks and controls in Action’s Governance, Risk and Compliance application.

Incident management

  • Provide guidance to management on information security and privacy events and issues;
  • Assess or participate in the remediation of information security and privacy incidents.

Stakeholder Management

  • Build and maintain relationships with Risk Assurance key stakeholders, both at Group Head Office and in the countries;
  • Ensure proper communication between all relevant stakeholders;
  • Pro-actively share information across the organization, to effectively share best practices and avoid “re-inventing the wheel”.
  • Support the Information Security & Privacy Manager in preparation of senior management (Executive Board and Directors) reporting on information security and privacy performance.

What characterizes an Information Security & Privacy Expert at Action

Competencies

  • Relevant Master’s degree (WO Level) in information security, audit or IT, (about to be) qualified as RE or CISA, as well as educational background in Privacy is required;
  • Approximately 3-5 year experience in the domain of Information Security Management and/or Privacy Management;
  • Solid understanding of Internal Control and Privacy standards;
  • Solid understanding of ISO27001 and ISO27002 standards;
  • Solid understanding of relevant laws and regulations related to Information Security and Privacy;
  • Knowledge of and experience in documentation systems for processes, risks and controls;
  • Strong Project and Stakeholder Management skills;
  • Experience in the retail sector preferred;
  • Fluent in English (speaking and writing), fluency in French and German preferred.

Requirements

  • Analytical mind-set and ability to relate strategic company objectives to own activities;
  • Hands on mentality and excellent communication skills, including good presentation and report writing skills;
  • Acts with integrity and constructive critical mind-set;
  • Proposes and implements efficient and effective working methods with the least possible complexity;
  • Demonstrates a high level of pragmatism;
  • Is very organised, can structure activities and projects, sticks to agreements within deadlines and according to guidelines;
  • Works efficiently and effectively, also when under time pressure;
  • Works effectively with others to achieve common targets.

This is what we offer as Information Security & Privacy Expert

Working conditions

• Market-based salary o.b.v. a 38-hour working week

• Bonus arrangement on personal and business goals

• A laptop and a iPhone

• 15% staff discount on your purchases from Action

Personal growth

We open stores every week at home and abroad. The rapid growth makes Action a successful organization with a rapid development and because of this the expectation is that the department will expand rapidly, so there are plenty of opportunities.

In addition, the expansion of Action within several business units brings challenges in the design of our processes. With an enterprising and proactive attitude you can contribute to the further professionalization of our Risk Management department and further develop you as a content specialist.

Questions?

For  more details about the content of  this position, please contact Maaike Moolenaar (Information Security and Privacy Manager). For more information about the application process, you can contact Yaseen Schrueder (Recruiter). Both can be reached via 0228-565080. You can only apply via the online application form.

Are you ready for a challenging Information Security and Privacy role in retail and do you want to help build the future of a successful fast growing European discounter?