EMEA Security Governance&Assurance Specialist, Amstelveen

In this role, the EMEA Security Governance&Assurance Specialist will work closely with the Canon National Sales Offices (NSOs) and subsidiaries across the EMEA region, supporting the implementation of Canon’s information security policies.

The position involves carrying out security audits of Canon entities and prioritised third parties, gaining a clear understanding of security risks, and providing NSOs and subsidiaries with security remediation advice as required.

Additionally, the role provides insights and investigates situations where processes, workflows, or infrastructure deviate from established standards. It also includes coordinating ISO27001 and other certification audits as needed, ensuring the organisation of the necessary evidence and contributors.

Responsibilities

Interface with a large number of third parties to provide insights to assist in improving their security standards.

Translate existing security policies into concrete actions for improvement, using IT knowledge to assess current deployments against security policy and suggest changes as necessary to bring them in line.

Perform and follow up on security audits (both technical and non-technical) for NSOs and subsidiaries to ensure security standards are maintained and highlight areas of concern.

Work with other areas of the business, when necessary, to support awareness and translation of policies into technical control requirements, and alignment where workflows can be supported from a security perspective.

Assist with long-term security planning for the NSOs and subsidiaries, and retain awareness of compliance status.

Coordinate the activities necessary for maintaining Canon EMEA’s ISO27001 certification.

Own and, in cooperation with the Procurement and IT Contract Management functions, keep up to date the templates for the contractual Security Schedules.

Perform security reviews for commercial contracts and RFPs, either individually or together with other SMEs from the security team.

Keep abreast of current industry security solutions and trends and apply them to business and IT issues.

Participate in other regular activities of the EMEA Information Security Department, including change management, incident management, policy maintenance and adherence.

Maintain appropriate documentation and provide knowledge sharing across Canon where applicable.

Qualifications

At least five years working experience in an information security, IT security, or IT audit department.

Experience with security auditing and reviews for both technical and non-technical aspects.

Background in security policy development, training and awareness.

Good understanding of supply chain security risks, as well as relevant regulations, such as NIS2 and DORA.

Ability to gain new knowledge in a non-structured way (self-tutoring).

Presentation skills, with the ability to translate technical and security-related measures and jargon into business language and assist in giving context to policy requirements.

Able to work under pressure while meeting strict deadlines.

#J-18808-Ljbffr