Information Security Officer, Rotterdam
Information Security Officer, Rotterdam
-
3090 Rotterdam, Nederland -
Gewijzigd op: minder dan een week geleden
-
Onthouden -
Delen
Advertentietekst
Information Security Officer Location: Rotterdam HQ
Employment type: Full‑time, Fixed‑term
Salary: 6,500 - 8,500€ per month
Your Role The person who runs ICT infrastructure and the person who independently tests whether ICT controls are working need to be different people. In this role, you own the ISMS, carry ISO 27001 and DORA compliance forward, and serve as the independent challenge function for all ICT risk at Blockrise. You will have direct access to the Board and to regulatory conversations. You are building the function with the right structural independence behind it.
What you'll do
Own the ISMS. Maintain and develop Blockrise’s Information Security Management System, keeping it current as the business scales and the regulatory environment evolves.
Drive ISO 27001 certification. Manage ongoing compliance and audit readiness. Own the relationship with our external auditor and certification body.
Implement DORA. Translate Articles 5‑15 (ICT risk management), 23‑25 (incident reporting), and 28‑30 (third‑party risk) into operational controls, documented evidence, and testing cycles.
Define and enforce security policy. Own the policy framework across the organisation. Policies need to hold up under audit and in an actual incident.
Oversee vulnerability management and penetration testing. Work with our IT team and external parties to ensure findings are tracked, prioritized and remediated.
Lead security incident response. Own the process from preparation through detection, containment, and regulatory reporting where required.
Manage third‑party and cloud security risk. Assess and oversee the security posture of our GCP environment and critical outsourced service providers.
Act as second‑line challenge. Independently review, test, and verify that first‑line ICT controls are operating as intended. Report findings without a filter.
Report to the Board and regulators. Translate technical risk into plain business language. Represent security at senior and regulatory level.
Keep the tooling stack current, including endpoint management systems and end‑point protection. Identify gaps and propose solutions.
What you bring
5 or more years in information security, with at least 2 years holding ISMS ownership or equivalent scope.
Hands‑on experience implementing or maintaining ISO 27001 certification. Actively involved in running the programme.
Solid working knowledge of DORA, specifically Articles 5‑15, 23‑25, and 28‑30, with experience translating regulatory requirements into controls.
Experience across vulnerability management, penetration testing oversight, and security incident response.
A track record of defining and enforcing security policies. Able to push back when business units request exceptions, with the authority to do so.
Cloud security experience: GCP preferred; AWS or Azure acceptable.
Familiarity with SIEM, vulnerability scanners, and endpoint protection; direct experience with Vanta and/or another ICT Risk Management System is a plus.
A clear understanding of the three lines of defence model. Able to explain why genuine second‑line independence matters.
Ability to communicate security risk in business terms to a Board and regulators. Comfort with both numbers and regulatory language.
Strong written and spoken English. Dutch is a plus.
CISSP, CISM, or ISO 27001 Lead Implementer/Auditor (preferred). CRISC is a bonus.
Nice to have
Experience in financial services or in Bitcoin and digital asset businesses.
Working knowledge of MiCAR and its operational resilience implications.
Experience with regulatory audits run by DNB, AFM, or equivalent authorities.
Third‑party risk management in outsourced or cloud‑first environments, particularly for critical service providers.
What we offer
Competitive monthly salary EUR 6,500 – 8,500 based on full‑time employment and experience.
Up to EUR 300 to invest in tools that improve your workflow.
Monthly Bitcoin pension of EUR 50.
25 vacation days.
Option to participate in our share certificate program.
Travel reimbursement or NS Business Card for commutes.
Opportunities for hybrid work; in‑person collaboration is highly valued.
Paid training and learning resources to keep your skills sharp and up to date.
A fully stocked pantry and fridge with meals, snacks, and drinks included.
Discounted access to Urban Sports Club and LeaseBike plans.
Contact Us To apply, please fill in the form below. For questions about the job opening, your application, or Blockrise, please contact . We expect to get back to you within one week.
#J-18808-Ljbffr
Employment type: Full‑time, Fixed‑term
Salary: 6,500 - 8,500€ per month
Your Role The person who runs ICT infrastructure and the person who independently tests whether ICT controls are working need to be different people. In this role, you own the ISMS, carry ISO 27001 and DORA compliance forward, and serve as the independent challenge function for all ICT risk at Blockrise. You will have direct access to the Board and to regulatory conversations. You are building the function with the right structural independence behind it.
What you'll do
Own the ISMS. Maintain and develop Blockrise’s Information Security Management System, keeping it current as the business scales and the regulatory environment evolves.
Drive ISO 27001 certification. Manage ongoing compliance and audit readiness. Own the relationship with our external auditor and certification body.
Implement DORA. Translate Articles 5‑15 (ICT risk management), 23‑25 (incident reporting), and 28‑30 (third‑party risk) into operational controls, documented evidence, and testing cycles.
Define and enforce security policy. Own the policy framework across the organisation. Policies need to hold up under audit and in an actual incident.
Oversee vulnerability management and penetration testing. Work with our IT team and external parties to ensure findings are tracked, prioritized and remediated.
Lead security incident response. Own the process from preparation through detection, containment, and regulatory reporting where required.
Manage third‑party and cloud security risk. Assess and oversee the security posture of our GCP environment and critical outsourced service providers.
Act as second‑line challenge. Independently review, test, and verify that first‑line ICT controls are operating as intended. Report findings without a filter.
Report to the Board and regulators. Translate technical risk into plain business language. Represent security at senior and regulatory level.
Keep the tooling stack current, including endpoint management systems and end‑point protection. Identify gaps and propose solutions.
What you bring
5 or more years in information security, with at least 2 years holding ISMS ownership or equivalent scope.
Hands‑on experience implementing or maintaining ISO 27001 certification. Actively involved in running the programme.
Solid working knowledge of DORA, specifically Articles 5‑15, 23‑25, and 28‑30, with experience translating regulatory requirements into controls.
Experience across vulnerability management, penetration testing oversight, and security incident response.
A track record of defining and enforcing security policies. Able to push back when business units request exceptions, with the authority to do so.
Cloud security experience: GCP preferred; AWS or Azure acceptable.
Familiarity with SIEM, vulnerability scanners, and endpoint protection; direct experience with Vanta and/or another ICT Risk Management System is a plus.
A clear understanding of the three lines of defence model. Able to explain why genuine second‑line independence matters.
Ability to communicate security risk in business terms to a Board and regulators. Comfort with both numbers and regulatory language.
Strong written and spoken English. Dutch is a plus.
CISSP, CISM, or ISO 27001 Lead Implementer/Auditor (preferred). CRISC is a bonus.
Nice to have
Experience in financial services or in Bitcoin and digital asset businesses.
Working knowledge of MiCAR and its operational resilience implications.
Experience with regulatory audits run by DNB, AFM, or equivalent authorities.
Third‑party risk management in outsourced or cloud‑first environments, particularly for critical service providers.
What we offer
Competitive monthly salary EUR 6,500 – 8,500 based on full‑time employment and experience.
Up to EUR 300 to invest in tools that improve your workflow.
Monthly Bitcoin pension of EUR 50.
25 vacation days.
Option to participate in our share certificate program.
Travel reimbursement or NS Business Card for commutes.
Opportunities for hybrid work; in‑person collaboration is highly valued.
Paid training and learning resources to keep your skills sharp and up to date.
A fully stocked pantry and fridge with meals, snacks, and drinks included.
Discounted access to Urban Sports Club and LeaseBike plans.
Contact Us To apply, please fill in the form below. For questions about the job opening, your application, or Blockrise, please contact . We expect to get back to you within one week.
#J-18808-Ljbffr
Belangrijke informatie
-
BedrijfsnaamRotterdam Innovation City -
PositieInformation Security Officer
-
Melden -
Advertentie blokkeren
Veiligheidstips
Wees voorzichtig als de advertentie is geschreven met spellings- en grammatica fouten.
Gerelateerde zoekopdrachten
Meer informatie over deze advertentie
Information Security Officer is geplaatst in de Rotterdam dienstverlening rubriek op Locanto.
In deze rubriek zijn er momenteel geen andere advertenties geplaatst in Rotterdam.
Geïnteresseerd in meer? Verbreed je zoekopdracht om advertenties in nabijgelegen gebieden van Rotterdam. te bekijken. Dit omvat dienstverlening in Vlaardingen, Oud-Beijerland en Schiedam. In totaal zijn er 9 advertenties binnen een straal van 15 km voor deze rubriek. Als je deze advertenties wilt bekijken, klikt u hier.
