Privacy Officer (PO) and Information Security Officer (ISO)

We have a fantastic opportunity for an independent and self-motivated individual to join our Amsterdam-based Risk and Compliance Team in a position that combines the role as Privacy Officer (PO) and Information Security Officer (ISO).

We are looking for a PO/ISO that is able to combine a strategic role as thought leader and an operational role as executioner of ideas you bring to the table. As our new colleague we want you to feel comfortable in flagging complex problems at C-level, and at the same time showing the management of our firm the solutions to the cause. Strong communication therefore is a necessity.

Team

Currently, De Brauw's Risk & compliance team consist of 10 professionals, including (Business) Compliance, Information Security, Data Privacy and Risk Management specialists. They liaise across De Brauw supporting and promoting a robust risk and compliance culture.

Your responsibilities

In this role you will report to the CISO and your responsibilities are:

• Help develop and execute a comprehensive data privacy & information security strategy aligned with the firm's objectives, taking into account emerging threats, industry best practices, and regulatory requirements (Strategic Planning);
• Identify, assess, and mitigate data protection (DP)- and information security risks;
• Help establish and enforce DP- and information security policies, procedures, and guidelines to govern the firm's operations and protect sensitive data assets (Policy Development);
• Ensure compliance with relevant laws, regulations, and industry standards, such as GDPR, ISO 27001, and ABA Model Rules of Professional Conduct, by implementing appropriate controls and conducting regular audits (Compliance);
• Promote a culture of security awareness and accountability among staff members through training programs, workshops, and communication initiatives (Security Awareness);
• Evaluate the security posture of third-party vendors and service providers, ensuring they meet the firm's DP and security standards (Vendor Management).
• Assess the DP and security implications of new technologies, software applications, and IT infrastructure, providing recommendations for their adoption or enhancement (Technology Evaluation).
• Collaborate with internal stakeholders, including IT, legal, HR, and senior management, to integrate DP- and security requirements into business processes and decision-making (Collaboration).
• Monitor and measure the effectiveness of DP- and information security controls, processes, and technologies (Continuous Improvement).

You?

To thrive in this role, we anticipate that you will need:

• Bachelor's or Master's degree in Information Security, Computer Science, or a related field;
• Proven experience (5+ years) in an information security role, preferably within the legal industry;
• In-depth knowledge of information security principles, practices, technologies, and standards;
• Familiarity with relevant regulations and compliance requirements, such as GDPR, ISO 27001, ISAE3402 and SOC 2 type 2;
• Industry certifications (e.g., CIPP/E, CIPM, CISSP, CISM, CRISC) are highly desirable;
• Enthusiastic and excellent communication and leadership skills, fluent in Dutch and English;
• To be self-organized and well-structured; and
• To be pro-active, hands-on with an optimistic problem-solving can-do mentality.
• Does this sound like you? If so, we look forward to hearing from you.

Benefits

Practically this job offers the following benefits:

• a challenging and responsible DP/ ISO role in a leading international law firm;
• being part of a highly motivated, inspiring team of risk and compliance professionals;
• excellent learning and development opportunities;
• state-of-the-art new office, flexibility to work hybrid

De Brauw is a leading international law firm that is deeply rooted in the Netherlands. For over 150 years, we have been representing our clients as a strong and spirited collective of renowned legal experts. About 650 employees work at De Brauw in Amsterdam, Brussels, London, Shanghai and Singapore.

In an international law-firm, confidentiality is key and information the most important asset to protect. We look for a guard and advisor to lead us the way in doing the right things for safety of one of our key assets. As ISO, you will play a key role in helping to protect the confidentiality, integrity and availability of De Brauw's information assets and systems.