Security Officer

Dear CISO Security Officer, you are the IT Security conscience of Rabobank.

You and your job

You challenge the business to embed IT security by design. Nudging the plethora of DevOps teams to achieve adherence to policy and standards from the get-go. Seducing them to shift left, meaning that security built-in early has more effect per euro than as an afterthought. Or, worse, as a surprise when all hard work is done and ready to ship into production.

Your principal business counterparts are those responsible for the technology stacks that run the bank, as well as their Security Professionals, your peers in the business, and the Security Champions, often DevOps engineers who promote IT security from day-to-day. You translate technical risks into clear business insights and drive secure implementations across internal systems, cloud services and partner environments.

You will operate in a global environment where threats evolve continuously, and where shared responsibility and collaboration are key. You are part of the CISO Office and liaise with the CISO Policy unit, the Red Team, the Cyber Threat Intelligence unit, the Awareness department and a highly capable support office who know how to move our colleagues in the bank. You develop an open dialogue with the 2LoD and Audit. Your direct peers will be a team of 20-odd seasoned Information Security Officers with diverse skills and backgrounds, all focused on ensuring high-quality engineering while remaining demonstrably in control.

Practical Examples

• Empowering our business counterparts into understanding how IT risks affect the bank.
• Balance AI adoption with digital sovereignty, appreciating the drive to innovate in a responsible manner within our risk appetite, together with architects, policy makers and executives.
• Explain your concerns in a way that resonates and shows alternatives to accomplish what needs to get done within set boundaries.
• Empathically draw boundaries by explaining why certain hard limits exist, respectfully yet unambiguously.
• Review high-risk third parties with procurement and those who feel a compelling business need to employ such parties.
• Co-author standards that apply for foundational components of our technology stack such as low-code platforms, the use of cryptography, or the use of AI and its implications on vulnerability management.

“No day is the same within security; we design secure solutions and advise business and IT on implementation across global environments. Our mission is clear: keep the bank safe 24/7.”

Sander, Manager

The 20 colleagues in the Security Experts team safeguard Rabobank’s information security by advising, assessing and improving risk management across domains. Working together is the way we work; as one pragmatic, analytical and expert team at Rabobank.

You and your talent

Experience & Background

Please demonstrate in your writing:

• To judge IT risk, you need to understand IT and the dynamics in a modern IT department.
• Working and thinking level at least at University bachelors level (or Dutch: HBO). Don’t have the degrees yet? Please convince us.
• Minimum of 5 years of working experience in risk and assurance functions within a large organization (> 10,000 FTE) in a heavily regulated industry such as finance.
• Motivated to work in a large corporate environment and the stamina to get things done.
• Ambition to grow within a dynamic security domain (CISO / Chief Security context), advising business stakeholders.
• Experience co-building the CISO operating model in alignment with 2LoD and colleagues in other risk and compliance functions.

Knowledge & Skills

• Natural understanding of security risk management and standards.
• Strong personality, yet curious. Solid, yet charming.
• Ability to identify risks, patterns and trends and act proactively with those affected.
• Highly skilled in stakeholder management. You like to get things done with people.
• Ability to translate complex technical topics into clear business decisions.
• Analytical, pragmatic and driven professional mindset.

Certifications

Certificates demonstrate a minimum standard and foundation. You are willing to attain and maintain at least ISACA CISSP and CISM.

• CISA (auditor) or other assurance-related certifications are highly appreciated.
• Other certificates such as ISACA’s AAIA are offered regularly, with willingness to obtain them.
• Willingness to invest in continuous development and certifications.