Information Security Officer

As an Information Security Officer, you play a key role in NN Bank's technological journey to become the digital retail bank of the Netherlands. You will have the opportunity to define and implement security standards and further improve the security of our applications and platforms and support our DevOps teams in their secure development and maintenance of advanced applications and technologies as well as the security aspects in contracting and contract maintenance. 
 

What you are going to do

Within NN Bank we have some in-house developed and hosted applications, and also a large state of the art Cloud footprint and uses several SaaS solutions – they all belong to their own Business Lines. Business Lines are supported by their own DevOps teams, and you will be working in close collaboration with them. 

In this role you will be seen as the information security expert serving the DevOps teams within a particular line of business. You additionally keep an oversight on overall Bank Security posture and contribute to the definition and implementation of security improvements.   

As an information security officer, you will advise and support teams in security assessments and mitigate their risks. You will also play a role in improving their security knowledge and help them improve their security and risk posture by reviewing and verifying if measures are implemented correctly. 

In summary, your role as team member of the security team is to define, review and support implementing the security standards and guidelines for a structured and well-aligned way of working for information security and compliance.

Your responsibilities

• You are the trusted security advisor to your aligned business line on all their IT security requirements. You will serve as the primary liaison on security matters for DevOps teams, providing support, guidance, and training on security-related issues. Moreover, you will be responsible for driving impact and security initiatives within the boundaries of the assigned client domain
• You will be responsible for overseeing and managing the control tracking, reviews, reporting, and support of the Information Technology Control Framework (ITCF). This will involve conducting reviews of IT Security controls for quality and completeness 
• Assessing (new) service providers regarding their security compliance posture (Vendor Security Assessment)
• Initiate and implement improvement opportunities in existing processes
• Supporting and coaching DevOps teams in their secure software development process and promoting (cloud-native) application security
• Identify current and emerging security technologies, trends, vulnerabilities, and threats, and playing an active part in managing risks. Create operational overview of Security Compliance status for your business line in terms of
• Provides oversight with regard to overall security posture
• Security incidents
• Security vulnerabilities and Security Mis-Configurations

What we offer you
NN invests in an inclusive, inspiring work environment and in skills and competences for the future. We match this with employee benefits that are in line with what is needed today and in the future. This way, we offer our employees the opportunity to get the best out of themselves. We offer you:

• Salary between €3,517,- and €5,025,- depending on your knowledge and experience
• 13th month and holiday allowance are paid with your monthly salary
• 27 vacation days for a 5-day working week and one Diversity Day
• A modern pension administered by BeFrank
• Plenty of training and learning opportunities
• NS Business Card 2nd class, which gives you unlimited travel, also privately. Do you prefer to travel with your own transport? Then you can declare the kilometers travelled
• Allowances for setting up your home office and for internet use

Who you are

• At least 4 years working in the security domain with understanding of core security concepts, audit experience, knowledge of regulatory and security requirements, preferably experience obtained within Financial organizations. Security certifications are good to have, although not mandatory
• Understanding and familiarity with AWS / Azure concepts is required, and hands on development experience is a big plus.
• You are a good communicator and have the ability to  advice and support both management and workforce
• Language skills: English. Dutch is considered an Asset, although not essential

Who you will work with

You are part of the NN Bank IT Security and Control team, responsible for the information security of NN Bank. The team consists  of highly skilled, motivated and cooperative security officers and a security engineer. The team has technical and process specialists and, together, we keep NN Bank and its customers safe.

Any questions?

If you have any questions about the job or the process, you can reach out via mail to Jarmo Fernhout (Talent Acquisition Specialist) via Jarmo.Fernhout@nn-group.com.