Security Risk Officer at DLL Group

Eindhoven, North Brabant, Netherlands -

Full Time

Start Date

Immediate

Expiry Date

22 Jun, 26

Salary

0.0

Posted On

24 Mar, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Risk Management, Cyber Security Risk Assessments, Threat Modeling, Security Roadmap Initiatives, Risk Posture Monitoring, Security Incident Response, Threat Intelligence, MITRE ATT&CK, Cloud Security, IAM, GRC Tools, ISO 27001, NIST 800-30, Communication, Risk Artifact Production, Data Analysis

Industry

Financial Services

Description

Security Risk Officer As a Security Risk Officer within Global Information Security (GIS) team, you will focus on security risks across the organization. This will be done in collaboration with members of GIS team, Information Security Officers (ISOs) in the domains (regions, corporate functions and enterprise platforms), as well as security and risk Subject Matter Experts (SMEs) within DLL. This role will support GIS in ensuring that (relevant) threat-based security risk management practices are incorporated into DLL.. Find out more here [https://youtu.be/gBE3ATequxM] about how you can unleash your full potential at DLL Day to day: * The Security Risk Officer fulfills the following tasks. * Execute as well as participate in various types of threat-based enterprise level cyber security risk assessments (scoping, assessment, risk identification, evaluation, treatment and monitoring). * Drive enterprise level threat modeling exercises. * Drive delivery of security roadmap initiatives. * Monitor enterprise level cyber security risks posture. * Drive creation, socialization and progress monitoring of cyber security priorities. * Provide security advice during enterprise-level security incidents. * Keep oversight of and monitor security risk management practices and ensure execution of security risk management across the organization according to policies and procedures. * Continuously monitor trends across the organization and the threat landscape to anticipate and plan for future impact of Information security risk to DLL. * Constructively engage with cyber security SME’s and ISOs. * Act as a subject matter expert (SME) on security risk management for the domains. * Establish reports and dashboards to measure and monitor information security risk practices of the organization. * Continuous improvement of security risk management practices in the organization. This includes contributing to the cyber security framework. * Stay updated on the latest security threats, trends and technologies All members enjoy * Two working days per year volunteering for a local charity. * Health and Wellness program including healthy food, free health checks, fun health & vitality activities. * Flexible hours with possibility to work from home * Career development opportunities: online learning, member development programs. * Click this link [https://www.dllgroup.com/en/careers/benefits] for an overview of all the benefits in your region. “We lead the way in meeting the need for flexibility and transparency which our customers increasingly expect” Essentials: Education, Training & Previous Experience Requirements * Bachelor or master’s in information technology / computer science or related. * 5+ years of experience working in security risk management and optionally security regulatory requirements * Experience working in a global organization with central and de-central security function * Certifications (at least one of): CISSP/CISM/CRISC/CISA/CGEIT/CGRC. * Excellent English verbal and written communication skill Technical and Business Experience Requirements * Experience producing high-quality risk artifacts (threat scenarios, risk assessments, risk statements, residual risk analysis, actionable mitigations aligned with organization goals). * Experience using external threat intelligence and MITRE ATT&CK to build threat scenarios, evaluate control effectiveness, and drive risk decisions and remediation priorities. * Experience assessing risk across common enterprise environments such as cloud (SaaS, PaaS and IaaS), containers, on-prem and hybrid architecture. * Understanding common enterprise attack surfaces (identity compromises, internet-facing services, third-party/supply chain, data exposure and misconfigurations) * Knowledge on a wide range of enterprise security controls (IAM, PIM, endpoint, network, cloud security, vulnerability management, logging/SIEM, backup) and ability to evaluate design/operating effectiveness using evidence. * Experience with reporting and data analysis tools like PowerBI and MS Excel * Experience with security frameworks and methodologies, such as ISO/IEC 27005 / ISO 27001, NIST 800-30, NIST Cybersecurity Framework (CSF) * Ability to communicate threat-informed risk to both technical and non-technical stakeholders, translating adversary behavior into business impact and decision options. * Experience with using GRC tools (like OneTrust and/or Archer) * Experience with DevOps, AppSec, Agile, Safe. Knowledge and Skills Requirements * Strong communicator and storyteller (active listener, constructive feedback, assertive, adaptive, conflict resolution) * Demonstrates an ability to challenge, and manage choices * Strong problem-solving and trouble-shooting skills * Aptitude for understanding internal organizational environments and their relationship to the external business environment and risks * Able to effectively analyze risk and review such analysis within the context of business problems * Strong ability to convey complex security risks in a manner that is easily understood and actionable * Ability to constructively challenge prevailing thoughts and processes * Able to consistently, effectively defend ideas and solutions * Adept at improving outcomes through proactive team coaching and development * Ability to measure and report on the effectiveness of security risk management program * Ability to translate security objectives into security risk management policies and procedures * Ability to align security initiatives with the organization's overall business strategy Choose wellbeing DLL’s wellbeing ambition is to educate, equip and empower members to build connections, manage their mental, emotional, physical and financial wellness and maintain balance between work and the other priorities that make up their lives. Our four wellbeing categories are as follows: * Connection – Build meaningful connections with other DLL members * Health – Manage mental, emotional and physical health * Finance – Provide learning opportunities to help members achieve personal financial health * Lifestyle – Maintain balance between work and life priorities These are the things that matter to our members and the wellbeing of our members matters to DLL Good to know: * Deadline for application: April 30th (Due to high volume of applications this requisition may close prior to posted close date) * The selection process may involve an assessment * Applications via email will not be reviewed. Please apply online via our career website * #LI-OMNIA * DLL’s referral program applies * For more information, please contact our Talent Acquisition Partner Omnia Hassan via omnia.hassan@dllgroup.com [omnia.hassan@dllgroup.com] DLL appreciates the time you spend applying to our openings. We advise only those who qualify for an interview will be contacted. Hiring subject to successful completion of a background check. DLL is an equal opportunity employer. We are committed to inclusive, barrier-free recruitment and selection processes and work environments. If contacted for an employment opportunity, please advise Human Resources if you require accommodation in accordance with our values and all applicable legislation. DLL, a great place to build your career DLL is a global asset finance company that partners with manufacturers, dealers, distributors, and end users to facilitate access to equipment and technology. Headquartered in Eindhoven, the Netherlands, we operate in over 25 countries, offering financial solutions across various industries. We are also a 100% subsidiary of our parent company Rabobank, one of the world’s largest financial companies. Join our community of over 6.000 members from 75 nationalities! At DLL, our unique culture — shaped by our values (We put our customers first -Together we achieve more-You can count on me - I challenge myself and others to grow) and behaviors that define us — is at the heart of everything we do. We offer exciting job opportunities where you feel welcomed, respected and empowered to be your authentic self and share your best ideas. At DLL, we believe in the strength of our diverse perspectives and experiences, which make our global community thrive. You’ll receive competitive pay, generous benefits, health and wellbeing support, and manage your work-life balance through our hybrid working flexibility. Our global operations offer you a variety of development opportunities and we encourage you to take on new challenges across our departments, businesses and regions. Our company strategy emphasizes our commitment to sustainable business and making social impact is part of that as well. Together, we’ll “Partner for a better world” to make a positive impact. Joining DLL, means joining a company that consistently scores higher than the industry average in Employee Engagement surveys. This is also being acknowledged through many Great Place to Work certificates. People who work at DLL, like DLL. Join us in Partnering for a better world!

Responsibilities

The Security Risk Officer executes and participates in threat-based enterprise-level cyber security risk assessments, drives threat modeling exercises, and monitors the enterprise-level cyber security risk posture. This role also drives the creation and monitoring of cyber security priorities and provides security advice during enterprise-level security incidents.