Security is (y)our DNA. We are in need of a security purist who can’t wait to take full ownership of Zivver’s information security environment. Your digital expertise combined with excellent communication skills makes you the perfect fit to resolve complex security challenges and translate them into simple solutions and easy-to-execute actions. Quadrupling growth of users and employees, and managing changing expectations on a daily basis, sounds like a dream to you.
You will be part of the Security & Compliance team responsible for protecting Zivver from various threats and providing comfort to our customers about our security posture. It is our core job to protect the confidentiality, integrity, and availability of data. The focus of the Security & Privacy officer is on organizational security procedures, compliance, and privacy. You will monitor and ensure Zivver’s compliance with security standards such as ISO27001 and privacy legislation. Additionally, you will work on projects to solidify specific security areas such as supplier management, access management, and awareness. You will report to the Director of Security & Compliance and, together with two security engineers, you will bring the security and privacy measures to the next level.
You know that you can’t outrun hackers, you have to outsmart them - therefore our new Information Security Officer will be organized, precise and, above all else, an assertive self-starter. Security might be a team sport, but you will lead the way.
What you'll do:
Taking ownership of external security audits such as the ISO27001
Keeping the information security procedures at various departments up to date
Execution of control tasks for example access checks, supplier reviews, and internal audits
Monitoring and enforcement of policies and procedures
Chasing the control owners to ensure they execute their control tasks
Setting up and implementing awareness activities
Reviewing new suppliers and tools
Providing a monthly report on the status of security to management
Taking part in the weekly Security meeting and flagging new risks and opportunities
Answering questions on security and privacy from customers, prospects, and colleagues
Handling of security incidents
Contributing to risk assessments, security and privacy projects, and help to obtain more security and privacy certificates
An exciting, fast-growing, energetic environment
International diverse team with over 27 nationalities - and yes, we offer Dutch classes too!
We value a healthy life-work balance. We mean it when we say: Take a vacation! We offer unlimited holidays for you to take care of yourself whenever you need it.
HQ in Amsterdam where you’re able to work a few days a week & full home office support to make sure you’re all set
Working from Bali, the US or Spain? Any place, anywhere: we fully support temporary working from X
At least €1.000,- per year on personal development budget
All the relocation benefits you need for a fresh start
Don’t worry about tomorrow: we’ve got you covered with a pension plan
Expertise you'll bring:
You have an HBO or University degree in a related field;
You have detailed knowledge of ISO 27001, NEN 7510, ISAE3000D, GDPR, and comparable international norms relating to (cloud) information security, information security management systems, and assurance;
You have 5+ years of working experience of which 3 years in governance and compliance;
You’re fluent in English & Dutch
You have an affinity with IT and software development
You have a CIPP/E certificate or are willing to obtain it
Soft skills you'll bring:
You are a self-starter, but know how to involve your stakeholders
You’re straightforward, keen to give conductive feedback and a positive team player
Proud of successes, peeved by mistakes, resilient to recover and learn
You consider risk something that is not to be ‘taken’ but to be ‘managed’
You’re cool and calm in a crisis and take time to consider all possibilities before making big decisions
You appreciate the value of complex, detailed, and audited norms bring to the security, integrity, and availability of information
If you’re still reading and excited about this role, we welcome your application even if you think you don’t meet all the requirements. We understand that no candidate is perfect, and would love to hear your story. Keen to learn a bit more? Keep reading.
A day at HQ
You arrive at the office feeling excited and confident about the days ahead. Last week you attended a summit with other Information Security Specialists and were inspired; today is the day you’re setting up, according to best practices, an Enterprise Risk Assessment.
In the morning you attend a meeting with Zivver leadership to discuss things like physical assets operated by employees, security components deployed (such as firewalls and intrusion detection systems), data repositories, identification and authentication mechanisms, a listing of all applications, and much more. Around 11:30 a.m. it’s time to host the monthly Security Awareness 101 for new Zivvys. The more experienced colleagues get their advanced awareness sessions at a later stage.
After lunch, you dig into our ISMS documentation. The chapter on Vendor Information Security Check needs simplification. Later in the afternoon, you write a brief update for the Board and General Counsel for the bi-weekly Security Core. You prepare the necessary proposals so that on Friday decisions are made, ensuring Zivver maintains its speed and flexibility.
The day is drawing to an end. You updated the off-boarding procedure a few weeks back and now you’re checking if everything went as smoothly as possible. You’re about to close your laptop when Olivier drops in, asking if you’re up for a beer at the Humming Bar. It’s been quite a day, so that seems like an awesome plan!