Information Security Manager

As Information Security Manager, you are accountable for establishing, leading and maturing Haskoning’s central Information Security function. You define the strategy, set the governance and ensure that policies, standards and controls are effectively embedded in a risk-based and business-aligned manner across the organisation.

This first-line security leadership function is responsible for execution and day-to-day risk management, in close alignment with second-line Risk & Compliance and third-line Internal Audit.

This function leads a newly established team and is expected to significantly increase cyber maturity within 18–24 months, focusing on strengthening security fundamentals, improving detection & response and embedding security across business and IT.

Key responsibilities

• Define and execute the information security strategy, roadmap and maturity improvement plan.
• Establish and own governance, policies, standards and control frameworks, aligned with a practical NIST-based approach.
• Translate risk appetite into practical, defensible security decisions for business and IT.
• Build and lead a high-performing security team from the ground up, providing clarity, direction and accountability.
• Act as senior advisor to executive leadership on cyber risk, resilience, investment priorities and major security decisions.
• Ensure strong cooperation with Enterprise IT & Services, IT Operations & Service Management, external providers including TCS, Facility Management, Business Lines and second-line Risk & Compliance.
• Oversee third-party and supply chain security expectations and ensure customer-facing security credibility.
• Act as final escalation point for major cyber risks and incidents and drive measurable improvement through KPIs and reporting.
• Strengthen security culture and awareness organisation-wide.

Where you will work

At Haskoning, you will join an independent, employee-owned international consultancy that combines engineering, design, and consultancy services with software and technology.

As our new Information Security Manager, you will become part of the corporate group Digital & Workplace Solutions (DWS) in the Netherlands. DWS provides services to the internal organisation, enabling colleagues to serve their clients in the best possible way.

DWS’s activities are divided across three domains: Enterprise IT & Services, Real Estate & Facility, and Digital & AI. In addition, there is a separate team for information security. The structure of DWS was recently reorganised to allow the three domains to come into their own more effectively. As a result, several new roles have been created, including that of Information Security Manager.

This role will be part of the Information Security team, which we are building to professionalise cyber security and significantly increase organisational maturity. The team operates as a first-line security function and works closely with Enterprise IT & Services, IT Operations & Service Management, external providers, Facility Management, Business Lines, Corporate Groups and second-line Risk & Compliance. The team works pragmatically and risk-based, aligned with the NIST framework.

What you bring

• Extensive senior leadership experience in cyber security, information security or technology risk.
• Proven track record in building or transforming a security function in a complex environment.
• Experience in sectors with higher cyber maturity expectations, such as financial services, energy, critical infrastructure or comparable environments.
• Strong people leadership, executive communication skills and the ability to navigate between board-level conversations and operational reality.
• Diplomatic, visible and approachable, with the ability to set boundaries while remaining pragmatic and solution-oriented.
• Fluent in Dutch and English, both spoken and written.

Education and certifications

• Completed relevant higher education in cyber security, IT, information security, risk or related field.
• Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer / Lead Auditor or equivalent.
• Strong knowledge of governance, cyber resilience, third-party security, incident management and control frameworks.

What can you expect from us

You will have the opportunity to build and shape a new central security team with visible organisation-wide impact. This is a senior position at the heart of business, technology and risk, with the mandate to help Haskoning raise cyber maturity in a pragmatic and sustainable way.

At Haskoning, we believe that the well-being of our employees is essential to our shared success. We offer a comprehensive benefits package designed to support both your professional development and personal well-being.

• A solid foundation: A competitive indicative base salary of €6,471 – €10,630 gross per month, based on full-time employment, with annual increases.
• An attractive compensation package: Including a strong pension scheme with an 18.3% employer contribution, a 2.15% personal budget and annual profit sharing. You will also have the opportunity to purchase company shares and share in our success.
• Work-life balance: 28 vacation days based on full-time employment, with the option to purchase an additional 16.5 days per year and to exchange three public holidays for days that are personally meaningful to you. We work in a hybrid model with flexible hours, work-from-home allowance and a fully equipped home workspace.
• Development opportunities: A wide range of training and development programmes, including tailored learning paths, learning weeks and various knowledge-sharing groups.
• Travel allowance: A conveniently located workplace at one of our offices, with travel expense reimbursement and an NS Business Card. If you walk or bike to work, you receive a higher travel allowance, encouraging sustainable commuting.
• Informal and inclusive culture: A welcoming and open environment with voluntary social and sports activities, and employee networks such as Pride and Young Haskoning.