Information Security & Risk Officer

Information Security & Risk Officer

Information Security & Risk Officer

As an Information Security & Operational Risk Officer, you play an essential role in protecting the organization against cyber threats, ensuring the security of customer data and managing operational risks. You work together with other departments within the organization to provide a safe and reliable payment platform. You also ensure that the organization complies with all relevant laws and regulations in the field of information security and operational risk management.

Enschede / Spijkenisse / Diemen / Hybride

About the role
-You protect Pay. against cyber threats, data leaks and operational risks.
-You are responsible for establishing, implementing and maintaining policies, procedures, processes and measures aimed at protecting Pay’s information. and minimizing risk.
-You perform risk assessments, identify vulnerabilities, advise on the most effective security measures and work on further strengthening the ERM framework.
-You manage the risk management framework, the processes and tools, including SIRA, Change risk assessments, risk appetite statements and coordinate the follow-up of the risk assessments.
-You ensure compliance with relevant laws and regulations, such as the GDPR, PCI-DSS, EBA Guidelines and ISO 27001.
-You provide training and awareness sessions for employees about information security and risk management.
-You manage incidents and conduct investigations in case of any security breaches.
-You coordinate external audits and penetration tests to test and validate the security measures.
-You report to management on the status of information security and risk management activities, including recommendations for improvement.
-You manage the GRC tool for capturing and monitoring risks and security measures.
The value you add
-You are available for at least 36 hours, but preferably 40 hours;
-You have a bachelor’s degree in a relevant field, such as computer science, cybersecurity or risk management. A RE degree is an advantage.
-You have at least 3 years of experience in a similar role, preferably within payment processing or financial services.
-You have knowledge of information security and risk management frameworks, such as ISO 27001, PCI-DSS, NIST Cybersecurity Framework.
-You have experience in drawing up and implementing information security and risk management programs.
-You have experience coordinating external audits and penetration testing.
-You have strong communication skills and the ability to explain complex technical risk information to non-technical stakeholders.
-Having certifications such as CISSP and/or CRISC or similar are a plus.

We offer you
-A full-time (40 hours) or part-time (36 hours) employment
-A varied function in a dynamic environment, no day is the same;
-Good salary based on experience and quality;
-Lots of space for your own input;
-Working in an informal environment at our office in Enschede and Spijkenisse; -Success in a fast-growing industry;
-Opportunities to work at home;
-Lunch at the office;
-Fun team and company outings.

About PAY.
Innovative, unconventional, pioneers. PAY. is the fastest growing Payment Service Provider in the Netherlands. Thanks to our full-service omnichannel payment platform, entrepreneurs create a fast, secure and frictionless payment experience in their webshop or store.