Cyber Security Officer

Dear CISO Security Officer, you are the IT Security conscience of Rabobank.

You and your job

As Security Officer within Rabobank’s CISO Office, you challenge the business to embed IT security by design. You help the plethora of DevOps teams achieve adherence to policy and standards from the start, encouraging them to shift left so that security is built in early, where it has more impact per euro than when added as an afterthought or discovered just before production.

Your principal business counterparts are those responsible for the technology stacks that run the bank, as well as their Security Professionals, your peers in the business, and the Security Champions, often DevOps engineers who promote IT security in day-to-day practice.

You translate technical risks into clear business insights and drive secure implementations across internal systems, cloud services and partner environments. You will operate in a global environment where threats evolve continuously, and where shared responsibility and collaboration are key.

You are not alone. You are part of the CISO Office and work closely with the CISO Policy unit, the Red Team, the Cyber Threat Intelligence unit, the Awareness department and a highly capable support office. You also develop an open dialogue with the 2LoD and Audit. Your direct peers are a team of around 20 seasoned Information Security Officers with diverse skills and backgrounds, all focused on ensuring high-quality engineering while remaining demonstrably in control.

Practical Examples

• Empowering business counterparts to understand how IT risks affect the bank.
• Balancing AI adoption with digital sovereignty, supporting innovation in a responsible manner within the bank’s risk appetite, together with architects, policy makers and executives.
• Explaining your concerns in a way that resonates and showing alternatives to achieve objectives within set boundaries.
• Drawing boundaries with empathy by explaining why certain hard limits exist, respectfully yet unambiguously.
• Reviewing high-risk third parties together with procurement and business stakeholders who feel a compelling business need to employ such parties.
• Co-authoring standards for foundational components of the technology stack, such as low-code platforms, cryptography, and AI, including implications for vulnerability management.

We are very curious about what you can bring to our team at the CISO Office / Security Experts team.

“No day is the same within security; we design secure solutions and advise business and IT on implementation across global environments. Our mission is clear: keep the bank safe 24/7.”

Sander, Manager

The 20 colleagues in the Security Experts team safeguard Rabobank’s information security by advising, assessing and improving risk management across domains. Working together is the way we work: as one pragmatic, analytical and expert team at Rabobank.

You and your talent

Experience & Background, please demonstrate in your writing:

• To judge IT risk, you need to understand IT and the dynamics in a modern IT department.
• Working and thinking level at least at University bachelors level (or Dutch: HBO). Don’t have the degrees yet? Please convince us.
• Minimum of 5 years of working experience in risk and assurance functions within a large organization (> 10,000 FTE) in a heavily regulated industry such as finance.
• Motivated to work in a large corporate environment and with the stamina to get things done.
• Ambition to grow within a dynamic security domain (CISO / Chief Security context), advising business stakeholders.
• Experience co-building the CISO operating model in alignment with 2LoD and colleagues in other risk and compliance functions.

Knowledge & Skills

• Natural understanding of security risk management and standards.
• Strong personality, yet curious. Solid, yet charming.
• Ability to identify risks, patterns and trends and act proactively with those affected.
• Highly skilled in stakeholder management. You like to get things done with people.
• Ability to translate complex technical topics into clear business decisions.
• Analytical, pragmatic and driven professional mindset.

Certifications

Certificates demonstrate a minimum standard and foundation. You are willing to attain and maintain at least ISACA CISSP and CISM.

• CISA (auditor) or other assurance-related certifications are highly appreciated.
• Other certificates, such as ISACA’s AAIA, are offered regularly.
• Willingness to invest in continuous development and certifications.