Information Security Officer
What you will do
Imec wants to increase the maturity of its information security risk management and control environment. You will be responsible to develop, implement and monitor the information security program to instill an information security risk-aware culture within the organization and to ensure that all key information assets (digital and non-digital) within imec’s ecosystem are adequately protected, while supporting imec’s priorities. You will report to the VP ICT and will collaborate closely with all IT departments, all business departments and all relevant risk-related roles (risk management, privacy, physical security, etc.).
As Information Security Officer, you will have responsibilities in several areas:
- Develop an information security vision and strategy that is aligned with imec’s business objectives and priorities, and ensure senior stakeholder buy-in and mandate.
- Develop and maintain imec’s information security charter and principles in collaboration with management.
- Define the necessary governance bodies and clear roles and responsibilities for information security, and ensure proper assignment and implementation.
- Develop an overall information security plan in close collaboration with the business and management, and liaise with other risk-related functions (cybersecurity, physical security, data privacy, etc.).
- Report to senior management on company’s performance in managing information security risks (remediation progress, breaches, incidents, risk coverage, KPIs, etc.).
- Support and oversee the development, implementation and communication of domain specific information security policies, processes and procedures (in line with the information charter and principles), and ensure an efficient and effective policy management process (review, approval, exception handling, etc.).
- Work in close collaboration with the business and other stakeholders (privacy manager, physical security responsible, risk officer, etc.) to ensure that all key information assets are processed and stored in line with the information security policies and applicable laws and regulations.
In addition, you will be responsible for information security risk management, awareness and training, and advising business, IT and other stakeholders for complex projects. You will work with business, IT and procurement to develop processes that ensure that security requirements are built in by design for commercial and internal projects, and in contractual agreements. You will align the development of incident response plans across the business, review investigations and make recommendations, and perform 2nd line monitoring activities.
The above list of responsibilities is not exhaustive and you may be required to undertake other responsibilities as requested by the VP ICT.
What we do for you
Imec is a multicultural company working at the vanguard of technology. We are a flexible, open and informal work environment with a strong drive for excellence. Through imec, you will contribute to technological solutions that have a positive impact on the wellbeing and health of people worldwide.
We explicitly give people like you abundant opportunities to take initiative, contribute and have a positive impact on our organization. To help you do that, imec has a highly skilled HR team that builds and maintain strong partnerships with the business units, including of course the IT department.
It goes without saying that we highly appreciate your energy and commitment and in return offer you an attractive salary with many fringe benefits.
Who you are
We are looking for a highly-motivated person with the following assets:
- You have a track record of competency in the field of information security risk management, with 7-10 years of relevant experience, including three years in a significant leadership role.
- You have a good knowledge of cybersecurity technologies.
- You are a proactive, dynamic and hands-on initiative-taker.
- You have excellent communication skills and you can communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels.
- You are a customer-oriented team player, able to work closely with a variety of departments (business, legal, IT, etc.) and to motivate the appropriate teams
- You work autonomous, structured and accurate.
- You have integrity, you are diplomatic and assertive, and able to convince people.
- You can adequately judge problem situations, recognize priorities and you have strong pragmatic problem-solving skills.
- You have project management skills, and excellent conceptual and analytical thinking skills.
- Having one of the following certifications is an additional asset: CISSP, CISA, CRISC, CISM.
- You are fluent in Dutch and English.