Junior/Medior Information Security Officer

Do you want to apply your information security knowledge and experience in a dynamic and growing environment where you can help us mitigate risks and maintain control?

The NN Customer & Digital Security team is looking for a junior/medior information security officer who can take a proactive role in managing information security risks in collaboration with the C&D DevOps teams and product owners to help us stay in control. Within C&D, we have several teams, including end-to-end DevOps teams. In this environment, you will be regarded as the junior/medior information security expert.

As a junior/medior Information Security Officer, you will advise and support teams in conducting risk assessments, help teams mitigate risks, and enhance their security knowledge and posture. It is part of your responsibility to review and verify whether technical measures are implemented correctly and to support the DevOps teams in that regard.

Your role as a team member of the C&D Security team is to define, review, and support the implementation of standards and guidelines for a structured and well-aligned way of working in information security and compliance.

In this role, you will work with the second line, internal auditing, and various C&D DevOps teams on a wide range of information security and compliance tasks, such as conducting security reviews, threat modelling, providing information security advice, interpreting vulnerabilities, and assisting in resolving audit findings.

What you are going to do

• Assess, review, and report on the implementation of security controls based on our IT control framework (ITCF)
• Assist in the process of conducting information risk assessments and create control statements
• Verify whether control measures are properly established, formulate recommendations for improvement, and serve as the point of contact during audits
• Perform risk assessments on third-party suppliers to ensure they meet our security requirements and regulatory obligations
• Conduct threat modelling, walk through vulnerabilities with teams, and provide advice on solutions

What we offer you

• 13th month and holiday allowance are paid with your monthly salary
• 27 vacation days for a 5-day working week and three Diversity Days
• A modern pension administered by BeFrank
• Plenty of training and learning opportunities
• NS Business Card 2nd class, which gives you unlimited travel, also privately. If you prefer to travel with your own transport, you can declare the kilometers travelled
• Allowances for setting up your home office and for internet use
• Hybrid working

Who you are

We are looking for a candidate with 3-5 years of working experience as a security officer, preferably within the financial sector. A relevant Bachelor’s or Master’s degree, such as computer science or a related field, preferably with additional certifications like CISSP or CRISC. A person who understands information security control tracking, has experience with closing IT security audit findings, can perform security reviews, and can consult DevOps teams in the implementation of security measures, preferably in cloud environments.

• Proactive, result-driven and able to set priorities and plan ahead
• Able to enter into a discussion with product owners regarding the design choices and integrity of the applications, identify risks, and give advice on appropriate solutions and measures
• Able to propagate and defend the agreed internal guidelines in the field of information security risk management
• Listen to the concerns and needs of the DevOps teams and guide them in achieving security goals
• A team player: you are supportive and flexible in picking up tasks when priorities change

Who you will work with

You will be part of a fast-paced, ever-evolving environment where innovation, collaboration, and agility are crucial.

The C&D Security team is a self-organising team of 5 security officers. A well-balanced team in experience, age and a variety of skills. People who interact daily, cooperate and support each other. We believe in continuous learning by coaching on the job, training and education. Our core values as a security team are: transparency, reliability, cooperation and evolving.

Your approximately 90 C&D IT domain colleagues share a passion for technology and IT. The blend of different nationalities and levels of seniority ensures that everyone feels at home and can perform at their best. Our teams are characterized by their commitment, openness, and results-oriented approach. We work hard but also make time for fun.

C&D connects the Business Units of NN with our shared customers. This means that C&D IT is responsible for all generic digital platforms and capabilities used within NN to serve our customers. These key components support our digital client portals, apps, and AI/chatbot technology, enabling NN to deliver a digital, personalized, and relevant service offering to our customers.

NN is transitioning into a tech company with a strong focus on automation and creating the best digital products for our customers, making this the perfect moment to join and help shape that movement.