Junior/Medior Information Security Officer at NN Group

The Hague, South Holland, Netherlands -

Full Time

Start Date

Immediate

Expiry Date

09 Aug, 26

Salary

5765.0

Posted On

11 May, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security Risk Management, Risk Assessment, Threat Modelling, Security Reviews, IT Control Framework, Cloud Security, Compliance, Vulnerability Management, Audit Remediation, Third-party Risk Assessment

Industry

Financial Services

Description

Do you want to apply your information security knowledge and experience in a dynamic and growing environment where you can help us mitigate risks and maintain control? What you are going to do The NN Customer & Digital Security team is looking for a junior/medior information security officer who can take a proactive role in managing information security risks in collaboration with the C&D DevOps teams and product owners to help us stay in control. Within C&D, we have several teams, including end-to-end DevOps teams. In this environment, you will be regarded as the junior/medior information security expert. As a junior/medior Information Security Officer, you will advise and support teams in conducting risk assessments, help teams mitigate risks, and enhance their security knowledge and posture. It is part of your responsibility to review and verify whether technical measures are implemented correctly and to support the (DevOps) teams in that regard. Your role as a team member of the C&D Security team is to define, review, and support the implementation of standards and guidelines for a structured and well-aligned way of working to information security and compliance. In this role, you will work with the second line, internal auditing, and various C&D (DevOps) teams on a wide range of information security and compliance tasks, such as conducting security reviews, threat modelling, providing information security advice, interpreting vulnerabilities, and assisting in resolving audit findings. You will help to: Assess, review, and report on the implementation of security controls based on our IT control framework (ITCF) Assist in the process of conducting information risk assessments and create control statements Verify whether control measures are properly established, formulate recommendations for improvement, and serve as the point of contact during audits Perform risk assessments on third-party suppliers to ensure they meet our security requirements and regulatory obligations Conduct threat modelling, walk through vulnerabilities with teams, and provide advice on solutions What we offer you NN invests in an inclusive, inspiring work environment and in skills and competences for the future. We match this with employee benefits that are in line with what is needed today and in the future. This way, we offer our employees the opportunity to get the best out of themselves. We offer you: Salary between €4.324 and €5.765 based on a 40 hour workweek, depending on your knowledge and experience 13th month and holiday allowance are paid with your monthly salary 27 vacation days for a 5-day working week and three Diversity Days A modern pension administered by BeFrank Plenty of training and learning opportunities NS Business Card 2nd class, which gives you unlimited travel, also privately. Do you prefer to travel with your own transport? Then you can declare the kilometers travelled Allowances for setting up your home office and for internet use Who you are We are looking for a candidate with 3-5 years of working experience as a security officer, prefer-able within the financial sector. A relevant Bachelor’s or Master’s degree, such as computer science or a related field, preferably with additional certifications like CISSP or CRISC. A person who understands information security control tracking, has experience with closing IT security audit findings, can perform security reviews and can consult Devops teams in the implementation of security measures preferably in cloud environments. Proactive, result-driven and able to set priorities and plan ahead Able to enter into a discussion with product owners regarding the design choices and integrity of the applications, identify risks, and give advice on appropriate solutions and measures Able to propagate and defend the agreed internal guidelines in the field of information security risk management Listen to the concerns and needs of the devops teams and guide them in achieving security goals A team player: you are supportive and flexible in picking up tasks when priorities change Who you will work with You will be part of a fast-paced, ever-evolving environment where innovation, collaboration, and agility are crucial. The C&D Security team is a self-organising team of 5 security officers. A well-balanced team in experience, age and a variety of skills. People who interact daily, cooperate and support each other. We believe in continuous learning by coaching on the job, training and education. Our core values as a security team are: transparency, reliability, cooperation and evolving. Your approximately 90 C&D IT domain colleagues share a passion for technology and IT. The blend of different nationalities and levels of seniority ensures that everyone feels at home and can perform at their best. Our teams are characterized by their commitment, openness, and results-oriented approach. We work hard but also make time for fun. C&D connects the Business Units of NN with our shared customers. This means that C&D IT is responsible for all generic digital platforms and capabilities used within NN to serve our customers. These key components support our digital client portals, apps, and AI/chatbot technology, enabling NN to deliver a digital, personalized, and relevant service offering to our customers. NN aims to be an industry leader, recognized for its customer engagement, talented people, and contributions to society. As the world around us changes, what truly matters to people remains constant. We help people care for what matters most to them. The company is currently transitioning into a tech company with a strong focus on automation and creating the best digital products for our customers, making this the perfect moment to join and help shape that movement. Any questions? Do you have any questions about the position or the process? Then contact Jarmo Fernhout (Principal Talent Acquisition Specialist), via jarmo.fernhout@nn-group.com. NN Netherlands is the head office of NN Group, a financial services group with over 180 years of history, helping people care for what matters most to them. We are committed to the financial, physical, and mental well-being of our colleagues and customers – through our products, services, and meaningful advice. Benefits of working for NN Group Netherlands Continuous development – Your career progression matters. We support you with a wide range of learning opportunities and a generous training budget to help you reach your full potential. Meaningful impact – At NN, we invest our time and expertise in making a meaningful difference – for people and the planet. Purpose-driven work is part of our DNA. Work-life balance – Vitality is key. Our diverse health and well-being offerings help you stay energised and balanced, both at work and beyond. Diversity & Inclusion Our approach to diversity and inclusion is simple. It is about embracing everyone. Our networks play a crucial role in achieving our D&I goals. They aim for meaningful change and create many opportunities to engage, connect and support colleagues. Everyone at NN can take an active part in multiple networks including NN Pride, NN Cultural Diversity Network, NN Young Professionals, Woman in Leadership Network and NN Neurodiversity network. Top Employer We are proud to be certified as a Top Employer for the 13th year in a row in 2024. The Top Employers Institute certificate recognizes organizations that consciously choose to put their employees first.

Responsibilities

The role involves managing information security risks by advising DevOps teams on risk assessments and implementing security controls. Responsibilities include conducting threat modelling, verifying technical measures, and resolving audit findings to maintain compliance.