Information Security Risk Officer

Governance, Risk management and compliance? With your current experience, you get excited right away! Three crucial elements in the role of our Information Security Risk Officer. 

As an Information Security Risk Officer, you will be responsible for managing the Information Security Governance, Risk, and Compliance program. Your role is critical in ensuring that our organization's information security practices are aligned with regulatory requirements, industry standards, and best practices. You will oversee the development, implementation, and maintenance of information security policies, risk management processes, and compliance initiatives.

Key Responsibilities:

Governance:

• Develop and maintain an Information Security Governance framework, ensuring alignment with the organization's overall governance structure.
• Collaborate with Head of Information Security, Business Information Security Officer and senior management to establish and monitor information security policies, procedures, and standards.
• Facilitate regular security governance meetings and provide updates to senior management.

Risk Management:

• Identify, assess, and prioritize information security risks.
• Develop and manage a comprehensive risk management program, including risk assessment methodologies and risk treatment plans.
• Work with business units to implement risk mitigation strategies and monitor their effectiveness.
• Conduct regular information security risk assessments and report findings to Head of Information Security and senior management.

Compliance:

• Ensure compliance with relevant information security laws, regulations, and industry standards (e.g., GDPR, ISO 27001, ISF, PCI DSS).
• Develop and maintain information security compliance policies, procedures, and controls.
• Coordinate and oversee information security compliance audits and assessments.
• Keep abreast of regulatory changes and update information security compliance programs accordingly.

Policy Management:

• Develop and manage a centralized information security policy framework.
• Collaborate with stakeholders to establish, review, and update information security policies and procedures as needed.
• Ensure information security policies are communicated, understood, and adhered to throughout the organization.

Reporting and Documentation:

• Prepare and present regular reports on information security GRC activities to senior management and relevant committees.
• Maintain accurate and organized records of information security governance, risk, and compliance activities.

Vendor Risk Management:

• Evaluate and manage third-party information security risks and relationships.
• Establish vendor risk assessment processes and criteria.

As a Information Security Risk Officer we believe the right candidate meets the following criteria:

• Bachelor's degree in Information Security, Cybersecurity, Business, or a related field (Master's degree preferred).
• Relevant professional certifications, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified Compliance and Ethics Professional (CCEP).
• Several years of experience in information security GRC management or related roles.
• Strong knowledge of information security governance, risk management, and compliance principles, practices, and regulations.
• Excellent communication, leadership, and negotiation skills.
• Analytical and problem-solving abilities.

About ERIKS Digital

We are ERIKS Digital. The global IT, technology, and data hub of ERIKS, a multinational industrial service provider with a strong presence in Europe and APAC. We’re a diverse and international team of smart, curious, hard-working colleagues who are energized to deliver our mission to become the world’s most digitally advanced specialized industrial service provider. Making not just ERIKS, but our entire industry more efficient, effective, and sustainable.

Every day, we work to digitally transform ERIKS; executing digital initiatives such as improving how all colleagues at ERIKS work with data, providing innovative digital solutions for our customers, and integrating digitally with all our trading partners: All while ensuring we improve the day-to-day operations of the thousands of our colleagues across ERIKS, that enable us to serve our customers.

Our strong team culture is fostered by an environment where you are encouraged to develop yourself, grow and with colleagues across ERIKS Digital and the rest of ERIKS.

Interested?
Do you have any questions or want to know more about this position or ERIKS Digital? Just call or app our recruiter Nena van Tricht at 31-(0)6 309 859 70. Are you up for this challenge? 

ERIKS Digital is an equal opportunity employer and strives for equal treatment for all genders. ERIKS Digital adheres to ethical recruiting methods ensuring that we do not discriminate against any candidate because of age, disability, gender reassignment, marriage or civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation. This is a fundamental part of our values and beliefs, and we strive to create an inclusive environment where everyone can reach their potential.