Security Manager Compliance (Cybersecurity)

TL;DR

Security Manager Compliance (Cybersecurity): Driving third-party certification of hirify.global’s Information Security Management System (ISMS) based on ISO 27001 and NIST standards with an accent on managing the organization of the roll-out, collecting demand, setting the scope. Focus on planning and preparing security audits with the organization, following through on audit findings and ensuring they are resolved.

Location: Based in Veldhoven, Netherlands with 3 days in office presence.

Company

hirify.global's security department enables the company to control the protection of its information and assets, as well as those of its customers and suppliers.

What you will do

• Lead the creation of plans for different roll-outs of third-party certification for hirify.global's ISMS.
• Manage the organization of the roll-out: collecting demand, setting the scope, contracting external certification bodies.
• Plan and prepare security audits with the organization and follow through on audit findings.
• Manage and update ISMS documentation and maintain support tools for the management system.
• Communicate internally with stakeholders about certification and deliver training and workshops.
• Cooperate with stakeholders and specialists from other management systems (ISO 9001 and ISO 14001).

Requirements

• A master’s degree in cybersecurity, computer science, information systems, information management, IT audit, or another relevant field is required.
• Prior experience assessing information security-related controls and/or requirements in business processes or applications, such as ISO 27001 auditing.
• Experience with and strong knowledge of ISO 27001 and NIST CSF.
• Understanding of control environments, such as the linkage between risks, control objectives, and controls.
• Sound knowledge of information security controls in various domains, such as access control, encryption, and networks.
• Demonstrated diplomacy skills, with the ability to handle complex discussions and maintain constructive relationships.

Nice to have

• Experience with Agile methodologies.
• Experience with Service Now (governance).
• Familiarity with the NIST Cybersecurity Framework (CSF).
• Understanding of the General Data Protection Regulation (GDPR).
• Relevant experience within the semiconductor sector.

Culture & Benefits

• Full-time (40 hours per week) position.
• Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce.