Security & Privacy Officer

Job description

Security is (y)our DNA. We are in need of a security purist who can’t wait to take full ownership of Zivver’s information security environment. Your digital expertise combined with excellent communication skills makes you the perfect fit to resolve complex security challenges and translate them into simple solutions and easy-to-execute actions. Quadrupling growth of users and employees, and managing changing expectations on a daily basis, sounds like a dream to you.


You will be part of the Security & Compliance team responsible for protecting Zivver from various threats and providing comfort to our customers about our security posture. It is our core job to protect the confidentiality, integrity, and availability of data. The focus of the Security & Privacy officer is on organizational security procedures, compliance, and privacy. You will monitor and ensure Zivver’s compliance with security standards such as ISO27001 and privacy legislation. Additionally, you will work on projects to solidify specific security areas such as supplier management, access management, and awareness. You will report to the Director of Security & Compliance and, together with two security engineers, you will bring the security and privacy measures to the next level.


You know that you can’t outrun hackers, you have to outsmart them - therefore our new Information Security Officer will be organized, precise and, above all else, an assertive self-starter. Security might be a team sport, but you will lead the way.


Hot Takes

  • ISMS, NEN, ISO, GDPR is your kind of dirty talk;
  • Risks are best when they are known and controlled;
  • Paper tigers are your worst nightmare; you’re not about to become Mr. Bureaucracy;
  • Hackers are real and we are ready for them!


What you'll do: 

  • Taking ownership of external security audits such as the ISO27001

  • Keeping the information security procedures at various departments up to date

  • Execution of control tasks for example access checks, supplier reviews,  and internal audits

  • Monitoring and enforcement of policies and procedures

  • Chasing the control owners to ensure they execute their control tasks

  • Setting up and implementing awareness activities

  • Reviewing new suppliers and tools

  • Providing a monthly report on the status of security to management

  • Taking part in the weekly Security meeting and flagging new risks and opportunities

  • Answering questions on security and privacy from customers, prospects, and colleagues

  • Handling of security incidents

  • Contributing to risk assessments, security and privacy projects, and help to obtain more security and privacy certificates


Benefits

  • An exciting, fast-growing, energetic environment

  • International diverse team with over 27 nationalities - and yes, we offer Dutch classes too!

  • We value a healthy life-work balance. We mean it when we say: Take a vacation! We offer unlimited holidays for you to take care of yourself whenever you need it.

  • HQ in Amsterdam where you’re able to work a few days a week & full home office support to make sure you’re all set

  • Working from Bali, the US or Spain? Any place, anywhere: we fully support temporary working from X

  • At least €1.000,- per year on personal development budget

  • All the relocation benefits you need for a fresh start

  • Don’t worry about tomorrow: we’ve got you covered with a pension plan

Requirements

Expertise you'll bring:

  • You have an HBO or University degree in a related field;

  • You have detailed knowledge of ISO 27001, NEN 7510, ISAE3000D, GDPR, and comparable international norms relating to (cloud) information security, information security management systems, and assurance;

  • You have 5+ years of working experience of which 3 years in governance and compliance;

  • You’re fluent in English & Dutch

  • You have an affinity with IT and software development

  • You have a CIPP/E certificate or are willing to obtain it


Soft skills you'll bring: 

  • You are a self-starter, but know how to involve your stakeholders

  • You’re straightforward, keen to give conductive feedback and a positive team player

  • Proud of successes, peeved by mistakes, resilient to recover and learn

  • You consider risk something that is not to be ‘taken’ but to be ‘managed’

  • You’re cool and calm in a crisis and take time to consider all possibilities before making big decisions

  • You appreciate the value of complex, detailed, and audited norms bring to the security, integrity, and availability of information


If you’re still reading and excited about this role, we welcome your application even if you think you don’t meet all the requirements. We understand that no candidate is perfect, and would love to hear your story. Keen to learn a bit more? Keep reading.


A day at HQ

You arrive at the office feeling excited and confident about the days ahead. Last week you attended a summit with other Information Security Specialists and were inspired; today is the day you’re setting up, according to best practices, an Enterprise Risk Assessment.

In the morning you attend a meeting with Zivver leadership to discuss things like physical assets operated by employees, security components deployed (such as firewalls and intrusion detection systems), data repositories, identification and authentication mechanisms, a listing of all applications, and much more. Around 11:30 a.m. it’s time to host the monthly Security Awareness 101 for new Zivvys. The more experienced colleagues get their advanced awareness sessions at a later stage.

After lunch, you dig into our ISMS documentation. The chapter on Vendor Information Security Check needs simplification. Later in the afternoon, you write a brief update for the Board and General Counsel for the bi-weekly Security Core. You prepare the necessary proposals so that on Friday decisions are made, ensuring Zivver maintains its speed and flexibility.

The day is drawing to an end. You updated the off-boarding procedure a few weeks back and now you’re checking if everything went as smoothly as possible. You’re about to close your laptop when Olivier drops in, asking if you’re up for a beer at the Humming Bar. It’s been quite a day, so that seems like an awesome plan!