Security Manager 

Amsterdam

12 month contract

*What are you a part of?*
You contribute to the realization of the program objectives within the NIS2 program. You participate in sub-projects and ensure the implementation of adequate integrated information security within the established legal frameworks.

*Your role*
As a Security Manager, you actively contribute to achieving adequate integrated information security within the clusters. The focus is on more technical and physical security measures for IT and OT (Operational Technology) and translating the normative measures from the BIO and CSIR into operational measures.

The Security Manager is responsible for describing, implementing, executing, and safeguarding tactical policy frameworks. The scope for the Security Managers includes physical and technical management measures.
• Assists with performing risk analyses (including data classifications and BIAs).
• Participates in sub-projects to implement tactical security measures within the program’s scope or to maintain and improve their quality.
• Provides direction to the program and sets frameworks for sub-projects by drafting tactical policies aligned with the organization’s risk appetite. These policies are developed per topic in accordance with CSIR and/or BIO 2.0.
• Drafts physical and technical policy frameworks in consultation with the business, ensures these documents are approved by (corporate) management, and publishes them in an accessible “Rotterdam Policy House” for employees.
• Ensures the inclusion of physical and technical measures in the Rotterdam ISMS (IRM360), assigns ownership to these measures, and describes the required evidence.
• Monitors and reports on the extent to which projects implement the physical and technical measures effectively.
• Prepares the pre-project phase with the Information Analyst as part of project preparation.

Your profile
As a Security Manager, you are entrepreneurial and capable of fulfilling an authoritative role. You maintain a professional attitude, adhering to standards within the field. You can manage conflicting interests and are a true team player. Lastly, you are communicative (both verbally and in writing), results-oriented, and aware of your surroundings.

Requirements
• At least 3 years of work experience as a cybersecurity specialist, gained in the past 5 years.
• A completed higher education (HBO) degree in Business Administration or Computer Science.
• Completed CISM and CISSP training/certifications.
• Demonstrable knowledge and experience with ISO 27001 and BIO (Baseline Information Security for Government).
• At least 3 years of experience implementing information security measures and systems.
• Knowledge of privacy (GDPR) and/or a privacy certification (CIPP).
• Knowledge of security audits (CISA or RE knowledge is a plus).

Preferences
• Experience with OT/ICS security.
• Ability to transfer knowledge and experience in providing training sessions.