Over deze vacature
Want to be responsible for embedding and implementing the Vanderlande Information Risk Management Framework?
Vanderlande is investing heavily in developing its internal control disciplines; not only to comply with rules and regulations, but also to further improve and harden our customer solutions. One of these disciplines is cyber security.
You are responsible for embedding and implementing the Vanderlande Information Risk Management Framework (IRM Framework). It means driving and monitoring the process of Domain (Cyber) Risk Analyses, Process walkthroughs & risk assessments, defining key-controls and training control owners.
The IRM Framework, that is based on ISO27k, has been established and contains the structure of control objectives to mitigate the (main) cyber risks.
Using a phased- and risk-based approach we are addressing the main priorities and implementing these control objectives in the business/first line.
This approach & methodology is heavily linked to the current Enterprise Risk Management initiative. This aims to implement a harmonized approach to identifying and managing risks within the organization.
You will be part of the Corporate Strategy and Transformation (CST) team of Vanderlande, reporting to the Program Manager of the Cyber Program.
In this role, you have the following responsibilities
- Support the Governance & Frameworks stream within the Cyber Transformation program;
- Perform process walkthroughs and operational risk assessments within the Vanderlande Business Domains;
- Assess key (cyber) risks as well as identify and define mitigating key controls at process level;
- Drive and facilitate the implementation and embedding of controls towards the control executors in the first line.
- Train and implement control executors to execute (periodically) and proper document key controls
- Assist on shaping and delivering communications and change efforts aimed to make the implementation and embedding of the IRM framework a success,
- Track, report completion of deliverables, signal and anticipate on risk and impediments.
In this role, your deliverables are
- Documented Process (Cyber) Risk Analysis for the Business Domains.
- Within the Business Domains; process walkthroughs and risk assessments.
- Documented Risk & Control framework including the identified/agreed upon key-controls.
- A clear and thorough training program for control executors at the 1st and 2nd line.
- (Support in) Performing control testing and reporting.
- By the business implemented controls in accordance with the IRM framework.
You will be employed by YER and seconded to Vanderlande. We offer:
- Good employee benefits
- Excellent Remuneration (depending on level of expertise)
- Challenging assignments
- Excellent guidance from your consultant and YER's back office
- Development opportunities, including the YER Talent Development Programme with a personal coach
- Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
- Cooperative and results and relationship-driven
- Friendly atmosphere and open culture
- Community/network with other technology professionals from a variety of multinationals
- Events and master classes with interesting speakers and attractive companies
To succeed in this role, you should have the following skills and experience
- Strong track record in Information Risk Management and Process Controls in large-scale organizations.
- Experience of ERM methodologies and Risk Frameworks.
- Experience in understanding IRM frameworks and translating these towards concrete controls / measures appropriate to the nature of business operations.
- Self-starting and pragmatic, with a proven ability to be an independent contributor, ambassador, pioneer and sparring partner.
- Structured, organized and stress resilient personality able to quickly understand the issues and find appropriate countermeasures.
- Flexible and adaptable; able to work in ambiguous situations.
- Exceptional communication skills, both written and verbal and excellent active listening skills and also able to convince decision makers to act accordingly.
- A team player and able to work effectively at all levels in an organization.
- An excellent command of the English language (both verbal and written). Dutch or other languages would be advantageous.
- University degree (Masters degree) preferably in Information Technology, (IT) Audit, Control
3 Must haves:
Strong track record in Information Risk Management and Process Controls in large-scale organizations.
Self-starting and pragmatic, with a proven ability to be an independent contributor, ambassador, pioneer and sparring partner.
Pre: certificate in Risk Management