The Information Security manager is responsible for the design, oversight, and ongoing management of the information security program, including policies, procedures, technical systems and workforce training in order to maintain the confidentiality, integrity and availability of all information in electronic, print and other formats.
- Policy: Coordinate the development of information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Approve and control all IT - and Information security related standards Ensure that those policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to personnel, subcontractors and other third parties. Coordinate and oversee the common policies (e.g. data center agreements) with other partners.
- Education and training: Coordinate the development and delivery of an education and training program on information security and privacy matters for employees and other authorized users.
- Compliance and Enforcement: Serve as the local compliance officer with respect to the Group, and other information security policies, guidelines and regulations.
- Is the single point of contact with respect to the Group and other for information security policies, guidelines and regulations.
- Incident Response: Develop and implement an incident reporting and response system to address security incidents and respond to alleged policy violations.
- Risk Assessment and Incident Prevention Serve as a Local Risk officer, and develop and implement an ongoing risk assessment program targeting information security, including possible privacy matters. Recommend methods for vulnerability detection and remediation, and oversee vulnerability testing. Develops and implement an ongoing risk assessment program targeting information security, including possible privacy matters. Recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
- Official Contact: Act as the Ceo's designee representing the company on information Security matters, serve as contact point for external auditors and agencies, survey requests, etc on security matters.
- Maintain knowledge base: Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining the company and its mission.
- Emergency Preparedness. Take part in the Business Continuity , IT continuity and Disaster recovery Planning.
- Security Organization Establish an Information Security Board with the major business departments to discuss current threats, security issues and the balance with business requirements.
- Reporting Report periodically to the management about the status of security within the company.
- The Data Protection manager is the person who directs and oversees all personal data protection activities within a company. He/she devises the policies and procedures that bring the organization into compliance with the Regulation, monitors the implementation of those policies, ensures that all staff are fully trained in regards to protecting data, assigns responsibilities and handles the public's requests regarding their personal data.
- The Dpo keeps management informed regarding their obligations under the Regulation, and is the primary contact point for supervisory authorities.
- In this role, you'll be responsible for next topics:
- Policies - setup and keep the data protection policies compliant with internal, group and regulatory requirements. - keep a Raci matrix to track all responsibilities within the company.
- Monitor compliance with GDPR - collect information to identify processing activities - analyse and check compliance of processing activities - inform, advise and issue recommendations to the controller or the processor - notify and communicate information about personal data breaches
- Data Protection Impact Assessments (Dpia): - advise on the 'data protection by design' when Dpia's are performed - monitor performance of Dpia's - Define whether or not to perform a Dpia - determine methodology to follow for Dpia - advise on outsource or not certain Dpia's - advise on risk mitigation in relation to Data Processing
- Risk Based approach Serve as a Local Risk officer, and develop and implement an ongoing risk assessment program targeting privacy matters. Keep an overview on the Privacy Risk list and propose prioritization according to the associated risk...
- Official Contact: Represent the company on Data Privacy matters, serve as contact point for external auditors and agencies, survey requests, etc on Data Protection. Is the primary contact point for supervisory authorities.
- Record-keeping: Keep a data inventory and hold a register of data processing operations.
- Data Privacy Organization Establish an Data Privacy Organization with the major business departments to discuss Data Privacy risks and the balance with business requirements.
- Training and awareness Coordinate the development and delivery of an education and training program for employees and other authorized users.
- Reporting Report periodically to the management about the status of Data Protection within the company.
- You have a bachelor/master degree or equivalent experience.
- You are fluent in Dutch and good knowledge of French and English, both orally and in writing.
- You work well both in a team and independently
- You have an ability to foster good relationships and you demonstrate diplomacy.
- You are result as well as client oriented
- You are precise and take care to produce work of a high standard.