Department
The Digital Policy, Control & Resilience (DPC&R) department operates within the COO domain, which encompasses both Operations and Technology departments. DPC&R is tasked with managing security oversight and operations, business continuity management, security monitoring and testing, identity and access management, cybersecurity and analytics, as well as policy making. The department includes various roles such as information security officers, policy and control officers, and cybersecurity analysts. The head of the department serves as Robeco’s Chief Information Security Officer (CISO).
Position & Requirements
We are seeking an Operational Resilience Manager responsible for developing and implementing strategies to ensure Robeco’s preparedness for major business continuity and cyber security incidents. This individual will manage effective responses to contingencies and coordinate a comprehensive testing and exercise program. Key responsibilities include managing business continuity exercises, disaster recovery tests, threat-led penetration testing, and crisis simulations. The role requires engagement with relevant stakeholders and communities, operating on both tactical and strategic levels, and possessing strong reporting skills for senior management.

Key Responsibilities

• Enhance and implement operational resilience strategies and a resilience testing program.
• Coordinate, manage and enhance the organization’s response to major incidents and crises.
• Lead the planning, execution, and evaluation of cyber security exercises, crisis simulations, and disaster recovery tests.
• Develop and maintain incident response plans and business continuity plans.
• Collaborate with various first, second and third line departments to ensure comprehensive preparedness and response plans.
• Provide training and awareness programs for staff on operational resilience and crisis management.
• Monitor and report on the effectiveness of resilience strategies and programs.
• Continuously improve resilience capabilities through lessons learned and best practices.

Requirements

• Bachelor’s or Master’s degree in crisis/security management, IT, risk management, or related field.
• 5-7 years in operational resilience, disaster recovery, or business continuity.
• Strong understanding of regulatory requirements and industry standards (e.g., DORA).
• Excellent project management, communication, and leadership skills.
• Ability to handle pressure and juggle multiple priorities.
• Relevant certifications (e.g., CBCP, MBCI, CISSP) are a plus.
• Proficiency in Dutch and English (written and spoken).
• Availability of at least 4 days/32 hours per week.
• Hybrid work setup with at least 3 days in Rotterdam.

All applications will be treated with the utmost confidentiality. An assessment and integrity test may be used in the selection procedure.
Robeco Recruiting Team
About Us
As a Dutch asset manager operating globally, Robeco has always combined the best of both worlds. We have global reach and ambitions, while retaining our head office in our hometown of Rotterdam. Employees at Robeco share that combination: we hire and nurture people who can think internationally and put the client first, while keeping their feet firmly on the ground. We have strong links with academia, which underpin the research in our robust quantitative and sustainability investing strategies. Our people have backgrounds in finance but also in economics and geography. Likewise, as pioneers in emerging markets investing, our diverse backgrounds also add local knowledge. We offer an informal and flexible office atmosphere that gives people the room to be themselves, to grow and to perform to the best of their ability.

• Enhance and implement operational resilience strategies and a resilience testing program.
• Coordinate, manage and enhance the organization’s response to major incidents and crises.
• Lead the planning, execution, and evaluation of cyber security exercises, crisis simulations, and disaster recovery tests.
• Develop and maintain incident response plans and business continuity plans.
• Collaborate with various first, second and third line departments to ensure comprehensive preparedness and response plans.
• Provide training and awareness programs for staff on operational resilience and crisis management.
• Monitor and report on the effectiveness of resilience strategies and programs.
• Continuously improve resilience capabilities through lessons learned and best practices