Cyber Risk Officer

Cyber Risk Officer at Vanderlande

As a Cyber Risk Officer within the Global Information Security Office (GISO), you will operate in the 2nd line of defence and play a key role in strengthening the organization’s cyber risk posture.

You will help evolve and maintain the Information Risk Management (IRM) Framework, oversee cyber risk identification and mitigation, ensure strong third-party risk management, and support accurate business impact assessments.

This role combines analytical depth with governance, communication, and coordination across multiple business functions.

What will you be doing?

You will contribute to core Cyber Risk activities, including:

• Identifying, assessing, and monitoring cyber risks across the organization.
• Overseeing third-party cyber risk assessments and ensuring vendor risk management processes are effective.
• Reviewing business impact assessments and supporting business continuity and resiliency planning.
• Maintaining and governing security policies and ensuring compliance with regulatory requirements.
• Reviewing internal controls, monitoring their effectiveness, and reporting risk status to stakeholders.

Your focus areas

• Policy & Control Framework Development: Maintain and refine the security policy house and control objectives in alignment with our maturity roadmap.
• Framework Mapping (“Rosetta Stone”): Track updates to ISO 27001, ATSG, and SCF and incorporate changes into our mapping framework. Expand its functionality for internal and external stakeholders.
• TICO / ATSG Activities: Coordinate and execute annual self-assessments, emergency inspections, and priority items, consolidating results from 1st and 2nd line teams.
• Risk Reporting: Deliver clear, accurate reporting on risks, trends, and control effectiveness to senior management.

What do we ask from you?

• Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, or equivalent experience.
• Experience in cyber risk management, IT audit, IT risk assessment, or a similar governance role—ideally in a regulated or global environment.
• Strong understanding of:
  • Risk frameworks (FAIR, NIST, SCF, ISO 27k)
  • Third-party risk methodologies
  • Business impact analysis
  • Policy and control governance
  • Regulatory requirements affecting cybersecurity
  • Core technical domains (network/cloud security, encryption, vulnerability management, incident response)

Preferred certifications: CISSP, CISM, CRISC, CISA, CGEIT.

Your strengths

• Excellent communication skills, able to translate complex risk topics into clear actionable insights.
• Strong analytical and problem-solving mindset.
• Ability to collaborate, influence, and coordinate across multiple teams and business units.
• High attention to detail and accuracy in policy, control, and reporting work.
• Adaptability and eagerness to stay ahead of regulatory changes and emerging risks.

What we offer

You will be part of a global, high-impact team safeguarding the organization’s digital landscape. This role offers the opportunity to shape governance frameworks, influence security decisions, and support risk-driven improvements across the company.

We offer a position in an informal, international and professional working environment with a lot of scope for personal development.

This position offers a competitive salary range of € 6.000 to € 7.400 gross per month (excluding 8% holiday allowance).

On top of your fixed salary, you’ll receive the following secondary benefits:​

• 40 vacation days (20 statutory days and a flexible budget worth 20 days).
• Flexible working hours.
• A hybrid workplace (40% working from home and 60% in the office)
• A Health & Wellbeing budget worth €300 per calendar year
• Commuting allowance, including full reimbursement of travel by public transport.
• Working from home allowance.
• Collective pension scheme and discount on additional health insurance
• On-site company health centres with a gym, physiotherapists and occupational therapists
• A variety in Vanderlande Network communities and initiatives