Passion is the difference between having a job or having a career!

Global IT Security & Compliance manager

Relatie van Yacht

9073038 | UTRECHT, NEDERLAND | ZZP | HBO | 8.000 p/m | publicatiedatum


Over de functie

The Global IT Security & Compliance Manager (CISO) serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. In addition, the Global IT information Security Officer ensures day-to-day IT operations are compliant with regulatory, organizational and commercial requirements that govern the company’s IT systems. A key element of the role is working with executive management to determine acceptable levels of risk for the organization. The Global IT Security & Compliance Manager must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure & compliant mode.

  • Manage the enterprise's information security & compliance organization, consisting of multiple direct reports and indirect reports in other (IT) departments. This includes hiring, training, staff development, performance management and annual performance reviews.
  • Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
  • Oversee the development, approval, training, and dissemination of security policies and practices.
  • Manages the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.
  • Develop and manage information security budgets, and monitor them for variances.
  • Oversee the creation and management of information security, compliance and risk management awareness training programs for all employees, contractors and approved system users.
  • Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
  • Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.
  • Provide strategic risk reviews for IT projects, including the evaluation and recommendation of (technical) controls.
  • Leads and monitors the IT Compliance team members to ensure compliance with regulatory, organizational and commercial requirements, including license management
  • Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
  • Coordinate information security and risk & compliance management projects with resources from the IT organization and business unit teams.
  • Oversee the creation and management of a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  • Ensure that IT programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
  • Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
  • Manage outsourcing contract with vendor that provides operational activities to detect and respond to security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
  • Manage outsourcing contract with vendor that provides operational activities to monitor the external threat environment for emerging threats, and ensure that relevant stakeholders are informed on the appropriate courses of action.
  • Coordinate the use of external resources involved in the security & compliance activities, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
  • Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
  • Advises the Global IT Director Service & Operations on IT Operational Governance, Risk & Compliance and delivers input regarding his/her specific responsibilities.
  • Expected to embody the values of the company and ensure compliance with international & local IT corporate policies & procedures (including deep understanding and strict adherence to guidelines on ‘Combined Business Model’).


  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.

Must have:
  • Minimum of 8 to 10 years of experience in a combination of risk management, information security and IT jobs. At least four must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Must be a critical thinker, with strong problem-solving skills.
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Privacy laws, etc. and industry standards like ISO 2700X and CoBIT
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
  • High degree of initiative, dependability and ability to work with little supervision.


Op aanvraag beschikbaar


Op aanvraag beschikbaar


Voor meer informatie neem je contact op met Michel Cnossen via telefoonnummer 06-83551426

Werken voor Yacht
Yacht is dé organisatie van en voor professionals. Wij verbinden professionals en organisaties die het verschil willen maken. Ons doel is optimaal resultaat: jou als professional uitdagend werk bieden waarmee jij de organisaties van onze opdrachtgevers blijvend verbetert. Behoor jij tot de beste professionals in jouw vak? Wil je samen met vakgenoten het verschil maken bij toonaangevende organisaties? We geloven dat diverse teams van belang zijn voor ons als lerende organisatie die voorop wil blijven lopen in de wereld van werk. Want juist verschillen tussen mensen zorgen voor groei. Van collega's, klanten, kandidaten en daarmee van Yacht. Heb jij een uniek talent? We ontmoeten je graag.


Uiteraard staat deze vacature open voor iedereen die zich hierin herkent.