Senior Security Program Officer

Senior Security Program Officer

Department: IT

Employment Type: Full Time

Location: NLD Rijswijk

The Internal Security Team plays a critical role in our business functions alongside our external customer requirements. NCC Group’s Internal Security team develops, introduces, and maintains administrative, technical, and physical security controls to continually improve the Group’s security.

This role presents an excellent opportunity to deliver in this area and will help NCC Group in managing its cyber risks and meeting its business requirements, while providing subject‑matter expertise on security frameworks and tools.

As part of your role, you will be responsible for:

• Being the subject matter expert on the application of Netherlands Government ABRO rules and framework. Provide risk analysis to the business and be a liaison to the Government entities.
• Assist in audits and ensuring we meet the standards for frameworks such as ABRO, CIS Controls V8, ISO 27001 among others.
• Vulnerability management – identification, and remediation utilizing in‑house systems and expertise.
• Support the wider business as a security subject matter expert and unify security measures and processes to global standards.
• Develop, improve, and maintain security policies and processes, particularly as they apply to ABRO.
• Perform supply chain risk assessments as part of NCC Group’s supply chain risk management program.
• Assist or lead on security projects.
• Assist in incident management, from detection to “lessons learned”.

• Previous professional experience in the cyber and information security field, familiar with introducing governance regimes and risk management to large, diverse organisations.
• Professional experience, with a broad knowledge of technology frameworks and a thorough grasp of methods used to identify and manage cyber and information security risks.
• Enjoy working across differing specialised areas, and willing to promote security standards and good practice when necessary, sometimes against the majority opposition.
• Knowledge of security frameworks, e.g. ABRO, CIS Controls, NST CSF and others.
• Knowledge of cloud environments with a particular emphasis on Azure and AWS.
• The ability to appropriately identify and categorise risk and suggest effective remediation.
• The ability to communicate clearly, to explain security concepts to senior management and other stakeholders both technical and non‑technical, who may not have a security background.