Director of Security

Director of Security

We are looking for a seasoned security executive to lead and implement TomTom’s security program. You will have overall responsibility of our security organization including Product Security (ensuring our products are secure by design and by default) and Governance Risk & Compliance (ensuring our business is compliant and trusted), Platform/Enterprise security ensuring the platforms that TomTom’ers use are secure and the Detection and Response capability.

In this role, you will bridge the gap between bureaucracy and innovation. Your mission is to prove that robust governance and rapid software development can coexist. You will lead a diverse team of security engineers, compliance analysts, risk managers, and penetration testers, driving a culture where security is a competitive advantage, not a bottleneck.

What you’ll do:

• Executive Leadership and Strategy

  Lead, mentor, and scale a global team of more than twenty security professionals while also guiding Security Team Leaders and overseeing hiring and career development. Ensure security acts as a true business enabler by providing clear reporting on cyber risks facing TomTom and advising sales teams during RFQs and RFIs so we are consistently seen as a trusted partner. Take ownership of security vendor selection and management and maintain budget control across tools and personnel.

• Product Security (The "Build")

  Drive the Secure by Design program by shaping an SSDLC that aligns with industry standards and supports a continuous improvement mindset. Build strong relationships with Engineering teams while translating security requirements into practical engineering work and technical debt decisions. Oversee the bug bounty program and internal penetration testing, ensuring fast triage and remediation that minimizes disruption to product development and reduces the overall risk from unresolved vulnerabilities.

• Governance, Risk, and Compliance

  Ensure the organization maintains compliance with certifications such as ISO27K, ISO21434, and TISAX while expanding into new ones as needed. Lead the shift from spreadsheet based governance to continuous control monitoring and manage the Vendor Risk Management program so our supply chain and use of AI or ML tools align with our risk appetite. Partner closely with Legal and Privacy teams to ensure compliance with relevant laws and regulatory expectations.

• Detection and Response

  Ensure our detection capabilities offer complete coverage and continue improving over time, including the relationship with any Managed Security Services Providers. Lead the Security Operations Response capability, including representing security within the TomTom Crisis Management Team, and consistently evaluate and improve how we respond to incidents.

What you’ll need:

• Bachelor's or master's degree in related field preferred
• 12+ years in Information Security leadership, with at least 5+ years in a senior leadership role managing people managers.
• Deep experience in SaaS / Software Development is required.
• You understand modern cloud architecture (AWS/Azure) and agile development.
• You must have a track record of managing both technical teams (SOC, Product Security) and process teams (Audit/Risk).
• Framework Fluency; deep understanding of NIST CSF, ISO 27001, and GDPR. Experience with ISO 21434 Un155/156 is a strong plus.
• Familiarity with modern development stacks (Kubernetes, Containers, Microservices, APIs) and the risks associated with them
• Knowledge of Enterprise platforms (Microsoft technologies, Windows, Linux and Apple technology) security
• Communication skills; ability to prevent or solve conflict between Security and stakeholders, communicate at all levels of an organization. Ability to translate security language into business language and KPIs

Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CSSLP (Certified Secure Software Lifecycle Professional)

What we offer

A competitive compensation package, of course.

Time and resources to grow and develop, including a personal development budget and paid leave for learning days, as well as paid access to e-learning resources such as O’Reilly and LinkedIn Learning.

Time to support life outside of work, with enhanced parental leave plus paid leave to care for loved ones and volunteer in local communities.

Work flexibility, where TomTom’ers, in agreement with their manager and team, use both the office and home to focus, collaborate, learn and socialize. It’s all about getting the best out of both worlds – we ask TomTom’ers to come to the office two days a week, and the remaining three are free to be worked in either location.

Improve your home office with a setup budget and get extra support with a monthly allowance.

Enjoy options to work from your home country and abroad for a set number of days each year, to visit family and friends, or to simply explore the world we’re mapping.

Take the holidays you want with a competitive holiday plan, plus an extra day off to celebrate your birthday.

Join annual events like our Hackathon and DevDays to bring your ideas to life with talented teammates from around the world.

Become a part of our inclusive global culture and have the chance to collaborate with a diverse community – we have over 80 nationalities at TomTom!

Meet your team

We're the Information Security Unit. We keep TomTom's data safe, securing product, service, customer and TomTom'er information. In our team, you'll help maintain data privacy and minimize risk wherever possible, ensuring that we continue to run smoothly and make a difference to lives around the world.

At TomTom...

You’ll help people find their way in the world.

Work with a team of 3,300+ unique, curious and passionate problem-solvers. Together, we’ll open up a world of possibilities for car manufacturers, enterprises and developers to help people understand and get closer to the world around them.