Security & Privacy Officer

SECURITY & PRIVACY OFFICER

Make security and privacy real, practical, and business-ready.

Lijnden (Amsterdam Area) | Operations / IT (Information Security / GRC) | 40 hours | Full-time

At Just Brands, we build menswear brands with character. PME Legend, Cast Iron and Vanguard each have their own voice, their own audience and their own place in the market. As we operate across retail and e-commerce, the stakes around information security and data privacy keep rising. Threats move fast, regulations are complex, and the impact of getting it wrong is real: disruption, reputational damage, and GDPR/AVG exposure.

But what really sets us apart is how we work together. We’re team first. No ego, no unnecessary layers, no endless talking, no corporate theatre. We back each other, speak up, take ownership and keep pushing for better. We work hard, stay sharp and make sure there’s room to enjoy the ride too.

As our Security & Privacy Officer, you set governance standards that keep our business safe and compliant without slowing it down. You translate security and privacy risks into clear, business-relevant decisions, drive priorities at MT level, and embed security and privacy into daily operations and projects. You are not here to write policies that no one follows.

You are here to make sure risk is understood, controls work, and the organization stays compliant and prepared.

• Own and maintain security and privacy governance (policies, standards, lifecycle) aligned with ISO 27001 and NIST CSF
• Own the cyber risk register, risk scoring and treatment plans, and run MT-level risk review rhythms
• Lead the Business Impact Analysis (BIA) and translate outcomes into business continuity and disaster recovery (BC/DR) requirements
• Govern control effectiveness: access reviews, patch compliance, monitoring/logging and endpoint protection, and drive corrective actions when controls deviate
• Establish and govern incident response, escalation paths and communications, including GDPR breach notification integration
• Drive privacy governance: data classification, handling standards, DPIAs, records of processing and privacy-by-design
• Run third-party/vendor risk management, embedding security and privacy requirements into contracts and SLAs
• Own audit readiness: evidence, documentation and representation in audits and regulatory interactions
• Build awareness with HR/Marketing: training completion, phishing simulation metrics and behavioral improvement
• Report to MT on top risks, incidents, control effectiveness, awareness metrics and compliance status
• Partner with privacy stakeholders (Legal/DPO) and translate regulatory change (e.g., EU security developments like NIS2 where applicable) into practical actions

• Bachelor’s degree in Information Security, IT, Business Administration or similar (or equivalent experience)
• 5+ years of experience in information security, IT governance, and/or privacy/compliance roles
• Hands‑on experience implementing or governing ISO 27001 and/or NIST CSF
  , plus GDPR/AVG
• Experience with risk management, audit preparation and working with external parties (auditors, regulators, vendors)
• Confidence driving governance in organizations with limited dedicated security resources
• Familiarity with modern identity and cloud environments (e.g., Microsoft 365, Okta/Identity & MFA, cloud SaaS and enterprise systems)
• Certifications are a strong plus (CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CIPP/E or similar)
• Experience in retail/e‑commerce or distributed environments is a plus

• Salary depending on experience and background
• End‑of‑year bonus equal to one gross monthly salary
• Healthy and varied lunch every day
• (our own) Gym access including classes (boxing, yoga and padel)
• Staff discount on our clothing