Information Security Officer

We offer a fantastic opportunity for an independent and self-motivated individual to join our Amsterdam-based Risk and Compliance Team as Information Security Officer (ISO).

In an international law-firm, like De Brauw, confidentiality is key and information the most important asset to protect. We look for a guard and advisor to lead us the way in doing the right things for safety of one of our key assets. As ISO, you will play a key role in helping to protect the confidentiality, integrity and availability of De Brauw's information assets and systems.

We are looking for a ISO that is able to combine a strategic role as thought leader and an operational role an executor of ideas you bring to the table. As our new colleague we want you to feel comfortable in flagging complex problems at C-level, and at the same time showing the management of our firm the solutions to the cause. Strong communication therefore is a necessity.

About the role

In this role you will report to the CISO and your responsibilities are:

• Help develop and execute a comprehensive information security strategy aligned with the firm's objectives, taking into account emerging threats, industry best practices, and regulatory requirements (Strategic Planning);
• Identify, assess, and mitigate information security risks through proactive measures, including vulnerability assessments, threat modeling, and risk analysis (Risk Management);
• Help establish and enforce information security policies, procedures, and guidelines to govern the firm's operations and protect sensitive data assets (Policy Development);
• Ensure compliance with relevant laws, regulations, and industry standards, such as GDPR, ISO 27001, and ABA Model Rules of Professional Conduct, by implementing appropriate controls and conducting regular audits (Compliance);
• Promote a culture of security awareness and accountability among staff members through training programs, workshops, and communication initiatives (Security Awareness);
• Evaluate the security posture of third-party vendors and service providers, ensuring they meet the firm's security standards (Vendor Management).
• Assess the security implications of new technologies, software applications, and IT infrastructure, providing recommendations for their adoption or enhancement (Technology Evaluation).
• Collaborate with internal stakeholders, including IT, legal, HR, and senior management, to integrate security requirements into business processes and decision-making (Collaboration).
• Monitor and measure the effectiveness of information security controls, processes, and technologies (Continuous Improvement).

Team

Currently, De Brauw's Risk & compliance team consist of 7 professionals, including (Business) Compliance, Information Security, Data Privacy and Risk Management specialists. They liaise across De Brauw supporting and promoting a robust risk and compliance culture.

Who you are

To thrive in this role, we anticipate that you will need:

• Bachelor's or Master's degree in Information Security, Computer Science, or a related field;
• Proven experience (5+ years) in a senior information security role, preferably within the legal industry;
• In-depth knowledge of information security principles, practices, technologies, and standards;
• Familiarity with relevant regulations and compliance requirements, such as GDPR, ISO 27001, ISAE3402 and SOC 2 type 2;
• Industry certifications (e.g., CISSP, CISM, CRISC) are highly desirable;
• Enthusiastic and excellent communication and leadership skills, fluent in Dutch and English;
• To be self-organized and well-structured; and
• To be pro-active, hands-on with an optimistic problem-solving can-do mentality.

What we offer

• a challenging and responsible ISO role in a leading international law firm;
• being part of a highly motivated, inspiring team of risk and compliance professionals;
• excellent learning and development opportunities;
• state-of-the-art new office, flexibility to work hybrid

Who are we?

De Brauw is a Netherlands-based law firm with global reach. We have a robust corporate practice, a centre of excellence in litigation and an unparalleled team of regulatory experts. Our international litigation practice, handling big and complex matters involving big risk, works in multidisciplinary, multinational teams composed of strong, strategic thinkers who are willing to go the extra mile. We believe in striking the right balance between rigour and pragmatism, especially when stakes are high and pressure is on.

We work hard, but we also have fun. Among other things, we have weekly company drinks, hold table football matches and competitions, and stage events, such as inter-company hockey games, the Amstel Gold Race, invitations to exhibitions and pub quizzes.