Information Security & Privacy Expert - Retail

The Information Security & Privacy Expert is part of the Risk Assurance team and reports directly to the Information Security & Privacy Manager. The focus of this function is supporting the implementation and maintenance of an effective and efficient Information Security and Privacy framework for the organization. The Information Security & Privacy Expert contributes to developing, implementing and monitoring the company's Information Security & Privacy Roadmap and managing the associated Information Security & Privacy risks on an ongoing base.

• Information Security- and Privacy Impact Assessments

- Coordinates and supports the execution of information security- and privacy impact assessments of existing legal, organizational, operational and technical controls;

- Discusses assessment outcomes with stakeholders and supervise the process of verification of the effective implementation of recommendations.

• Identify Information Security & Privacy process requirements

- Identifies information security and privacy process requirements and automation opportunities, cost saving opportunities, control optimizations and value-added recommendations and assists with implementation;

- Prioritizes requirements based on risk and reward evaluation;

- Creates a network of privacy champions within functional areas in the organisation to assist with identification and management of information security and privacy risks.

• Information Security and Privacy implementation

- Supports the execution and coordinates all actions relevant to the implementation of the Information Security and Privacy Roadmap and delivers hands on support;

- Coordinates solid and timely implementation of all necessary requirements to ensure continuous compliance with the GDPR, including review of IT architecture, operations and security management;

- Reviews and challenges business areas compliance in respect of information security and privacy standards and assesses whether behaviour in the organization meets the information security and privacy policies and procedures;

Directs the design, preparation and delivery of information security and privacy risk and control (awareness)trainings.

• Information Security & Privacy incidents

- Provides guidance to management on information security and privacy events and issues;

- Assesses or participates in the remediation of information security and privacy incidents.

• Information Security & Privacy standards, procedures and guidance

- Supports the Information Security & Privacy Manager in developing, reviewing and updating information security and privacy standards, providing guidance to management and employees, including mandatory requirements and guidelines for functional areas setting clear guidance to assist them to comply with these requirements;

- Designs and implements information security and privacy controls for existing business processes and new initiatives;

- Provides guidance on information security and privacy incidents identified by functional areas.

• Risk Management and Internal Control

- Implements and continuously enhances information security and privacy processes, methodologies and templates;

- Documents information security and privacy risks and controls in the Governance, Risk and Compliance application;

- Supports the Information Security & Privacy Manager in preparation of senior management (Management Board and Directors) reporting on information security and privacy performance.

• Stakeholder Management

- Builds and maintains relationships with Risk Assurance key stakeholders, both at HQ andinternationally;

- Ensures proper communication between all relevant stakeholders;

- Pro-actively shares information across the organization, to effectively share best practices andavoid “re-inventing the wheel”.

• Economic grade, WO level (master degree). A relevant information security, audit or IT educational background ((about to be) qualified as RE or CISA), as well as an educational background on Privacy is required;
• Approximately 5 years working experience in the domain of Information Security Management and/or Privacy Management;
• Solid understanding of Internal Control and Privacy standards;
• Solid understanding of ISO27001 and ISO27002 standards;
• Solid understanding of relevant laws and regulations related to Information Security and Privacy;
• Knowledge of and experienced in documentation systems for processes, risks and controls;
• Experience in the retail sector preferred;
• Fluent in English (speaking and writing), fluency in French and German preferred.

This company is Europe’s big retail hit. In almost 25 years they’ve grown from a small group of shops in the Dutch province of Noord-Holland, to the best and fastest-expanding retail chain in Europe. From a handful of stores to over 1000 shops in 7 countries (the Netherlands, Belgium, Luxembourg, Germany, France, Austria and Poland). And they’re adding more every day. Today, they have more than 40,000 enthusiastic employees.