As a Cyber Security Analyst you will manage information security risks in the R&D domain, which is a challenging position in an Intellectual Property driven enterprise.
In the client security governance information security risk management is Embedded in the sectors itself via so-called sector Security risk management.

As part of this cloud information security risk manager profile you will be responsible for:
. Assessing and advising R&D cloud initiatives on risk to information security and compliance aspects.
. Deliver and monitor security requirements in line with the sensitivity and importance of the subject.
. Communicate and advise security risk management, projects, business and IT partners on information security improvements and requirements by ensuring business agility.

The majority of the work will focus on R&D cloud initiatives but will also contain on-prem projects

Key responsibilities:
Ensure security risks do not exceed the risk appetite by timely identifying and assessing risks and propose mitigating controls conform best practice, policies and standards. Identify gaps, propose improvements and update/create policies, standards, means and methods. Monitor and report adherence to required security controls.
This role focusses on information security in the Cloud (IaaS/PaaS/SaaS) domain by amongst others performing information security risk management activities in cloud initiatives during the various phases to ensure security by design. Besides these domains you will be expected to also perform/assist in generic security risk assessments and support the Cloud Enablement team as a whole

Job Description
. Performing information security risk management activities in cloud initiatives. Provide risk mitigating controls and guidance to the DevOps teams. Report to risk owners on residual risks.
. Contribute to improving means and methods related to our focus domains.
. Actively participate in agile, SAFe ceremonies by ensuring security considerations are part of the continuous improvement cycle
. Align with other cloud security competences (IT and Business) within the security community.
. Perform, advice and follow up on generic risk assessments and identified risks.
. Drive mitigation of agreed controls
. Update the D&E security risk register
. Ensure compliance to security policies and standards
. Alignment with IT (-security) on controls and activities required

Experience:
. 5+ years of relevant experience in information security risk management.
. Proven understanding/knowledge/experience in the IT security domain.
. Proven experience with the ISO27001 risk management framework.
. Solid knowledge on IaaS, PaaS and SaaS (information) security risks(preferably on Azure and GCP)
. Affinity with Research and Development processes, way of working and culture.
. At least a bachelor degree and or relevant education in Information Security, Audit and or Cloud.
. In possession of valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP, etc).
. Pro; Knowledge of export regulations.
. Pro; experience in working in Agile (SAFe) environments
. Pro; Able to understand and translate IT threats and vulnerabilities to business risk.
. Pro: Experience or affinity with traditional or GenAI solutions - or willingness to educate
. In possession of a valid work permit for The Netherlands.

Are you interested in this opportunity and do you meet the requirements? Please get in touch with Marco Eindhoven of Global Enterprise Partners on telephone number or mail