Business Information Risk and Security Officer eTeam UK in The Hague
Purpose of the job
The Business Information Risk Security officer seeks to prevent damage as a result of breach of information, implement information risk management and monitor compliance with laws and regulations. Maintains and continually improves the Information Security Management System.
- Develops policies and contributes into annual security plan;
- Creates awareness on the importance of information security for the group;
- Provides information security goals;
- Develops a strategy to achieve information security goals.
- Provides functional guidance to Information Security functions;
- Acts as project manager or client for group-wide projects in the field of information security & risk;
- Organizes and facilitates group consultation for information security & risk management and coordination.
- Implementing (methods / techniques and tools, advice)
- Directs the development of implementation directives;
- Initiates and information security & risk awareness programs;
- Facilitates risk analysis and develops of control measures;
- Checks if implementation guidelines are aligned with policies and recommends improvements;
- Advises management in case business policy decisions have implications for information security & risk.
- Interprets and presents the impact of changes raised on every tier of enterprise architecture and enterprise environmental factors.
- Assesses reports from internal and external audit agencies on relevance to information security & risk;
- Assesses alignment of information security & risk reports from information security & risk functions with implementation guidelines;
- Provides assignments for internal investigations and audits;
- Maintains a central registration of information security & risk incidents, including current status;
- Assesses developments in society, the industry and the information security & risk field.
- Adjust information security & risk vision, strategy and policy and facilitates adaptation of implementation guidelines based on evaluations.
- Takes ownership on information security operational processes