-
View all jobs
In het kort: Je gaat verantwoordelijk zijn voor het verbeteren en ontwerpen van het kwetsbaarheids- en patchbeheerproces, betrokken zijn bij bedrijfsinitiatieven, IT-processen verbeteren en beoordelen van nieuwe applicatieontwerpen op beveiliging.
**Who we need**
APG Asset Management needs you if you are willing and able to make our organization even more resilient against information and cyber risk. With a focus on vulnerability management in alignment with DNB RSA and DORA requirements, incl. creating/improving demonstrability.
**Our playing field**
Our data-driven organization where digitalization, AI, information, cybersecurity and regulatory compliance are key is dealing with many internal and external factors. We need more specialists in our information and cybersecurity domain.
With an ever-increasing threat landscape and regulatory compliance like MIFID, DORA, NIS2 and GDPR our work is becoming more complex. We also are growing our DevOps teams and are encouraging citizen development while our business is becoming fully integrated with IT and where artificial intelligence is commonplace. The Resilience team supports our business embedding information security into business processes. Information security is regarded as a shared responsibility.
**Your role and activities**
Your role is to take on both tactical and operational activities like stated below.:
_Tactics_
– Responsibility for improvement and design of the vulnerability & patch management process.
– ‘Pensioen van Straks’ – involvement; APG Asset Management involvement (providing review and requirements) in this APG group wide initiative is key
– IT process group participation, specifically regarding vulnerability & patch management processes
– Global Design reviews; new business application designs need to be reviewed for proper embedment of security
– Policy reviews; new of changed policies need to be reviewed from an information security perspective
– (New) business initiatives security assessments; all new initiatives need to be reviewed on information security aspects and where applicable advice is provided to embed security
– Internal process quality improvement activities; both with the IRM Community as well as within APG Asset Management we work on continuous improvements of our processes, procedures and tooling
_Operationals_
– Responsibility for execution of the vulnerability & patch management process. Activities are: chasing follow up actions with the DevOps teams, management reporting, SPOC in the team, etc.
– Application CIAP reviews; new business applications need to be rated for confidentiality, integrity, availability and privacy. Existing CIAP ratings need to be re-assessed to verify whether the current rating is still adequate.
– Risk item mitigations; determine actions, find action owners, chase actions and report back
– (Yearly) review participations; for existing business applications review changes, determine associated risk and propose remediations if needed
– Risk Self Assessments; for new non-cloud business applications information and cyber risk needs to be determined and weighed against risk appetite
– Exception request review; employees sometimes request exceptions to policy rules, these need to be weighed for risk
– RFI/RFP participation; when new business solutions are sought in the market, information security requirements must be included in requests for information and requests for proposals.
Functie-eisen
LET OP: Het is voor onze opdrachtgever noodzakelijk dat je aan al de gestelde functie-eisen kunt voldoen. Dit moet overtuigend blijken uit je CV. Alleen dan is reageren op deze opdracht zinvol.
– Deze opdracht is alleen in te vullen via detachering (je komt tijdelijk bij ons in dienst tegen een vast maandloon) **Your skills** Being a motivated self-starter who is communicative, cooperating and assertive is what will make you thrive here. You have a business enabling security attitude helped by your analytical skills in combination with common sense. Dealing with resistance while keeping an eye on risk appetite is every day business for you. Being proficient both verbally and in writing in Dutch and English is a requirement. You take ownership of the tasks at hand. Accuracy is paramount. **Your experience ** Relevant experience in the information security domain is needed, at least 8 years. You have an understanding of market practice rules & regulations and their impact. You are familiar with technical and operational aspects of IT security, with expertise regarding patch/vulnerability management. You are familiar with vulnerability management tooling, such as Rapid7 InsightVM or comparable. Since we work agile you should be familiar with this way of working (e.g. SAFe). **Your education and certification** A relevant Bachelor or Master degree is required to do the work where at least one certification like CCSP, CISSP or CISM provides a (theoretical) foundation.
Functie-voorstel
LET OP: Op basis van de wensen van onze opdrachtgever wordt bepaald of je eventueel wordt uitgenodigd voor een selectiegesprek. Het is dus noodzakelijk dat je ook op de wensen een sterke match hebt.
– Zie eisen
De sluitingsdatum van deze opdracht is de harde deadline van onze opdrachtgever.
5cd8a0b9cc68f9ffa4c9253553278a55wer
**Who we need**
APG Asset Management needs you if you are willing and able to make our organization even more resilient against information and cyber risk. With a focus on vulnerability management in alignment with DNB RSA and DORA requirements, incl. creating/improving demonstrability.
**Our playing field**
Our data-driven organization where digitalization, AI, information, cybersecurity and regulatory compliance are key is dealing with many internal and external factors. We need more specialists in our information and cybersecurity domain.
With an ever-increasing threat landscape and regulatory compliance like MIFID, DORA, NIS2 and GDPR our work is becoming more complex. We also are growing our DevOps teams and are encouraging citizen development while our business is becoming fully integrated with IT and where artificial intelligence is commonplace. The Resilience team supports our business embedding information security into business processes. Information security is regarded as a shared responsibility.
**Your role and activities**
Your role is to take on both tactical and operational activities like stated below.:
_Tactics_
– Responsibility for improvement and design of the vulnerability & patch management process.
– ‘Pensioen van Straks’ – involvement; APG Asset Management involvement (providing review and requirements) in this APG group wide initiative is key
– IT process group participation, specifically regarding vulnerability & patch management processes
– Global Design reviews; new business application designs need to be reviewed for proper embedment of security
– Policy reviews; new of changed policies need to be reviewed from an information security perspective
– (New) business initiatives security assessments; all new initiatives need to be reviewed on information security aspects and where applicable advice is provided to embed security
– Internal process quality improvement activities; both with the IRM Community as well as within APG Asset Management we work on continuous improvements of our processes, procedures and tooling
_Operationals_
– Responsibility for execution of the vulnerability & patch management process. Activities are: chasing follow up actions with the DevOps teams, management reporting, SPOC in the team, etc.
– Application CIAP reviews; new business applications need to be rated for confidentiality, integrity, availability and privacy. Existing CIAP ratings need to be re-assessed to verify whether the current rating is still adequate.
– Risk item mitigations; determine actions, find action owners, chase actions and report back
– (Yearly) review participations; for existing business applications review changes, determine associated risk and propose remediations if needed
– Risk Self Assessments; for new non-cloud business applications information and cyber risk needs to be determined and weighed against risk appetite
– Exception request review; employees sometimes request exceptions to policy rules, these need to be weighed for risk
– RFI/RFP participation; when new business solutions are sought in the market, information security requirements must be included in requests for information and requests for proposals.
Functie-eisen
LET OP: Het is voor onze opdrachtgever noodzakelijk dat je aan al de gestelde functie-eisen kunt voldoen. Dit moet overtuigend blijken uit je CV. Alleen dan is reageren op deze opdracht zinvol.
– Deze opdracht is alleen in te vullen via detachering (je komt tijdelijk bij ons in dienst tegen een vast maandloon) **Your skills** Being a motivated self-starter who is communicative, cooperating and assertive is what will make you thrive here. You have a business enabling security attitude helped by your analytical skills in combination with common sense. Dealing with resistance while keeping an eye on risk appetite is every day business for you. Being proficient both verbally and in writing in Dutch and English is a requirement. You take ownership of the tasks at hand. Accuracy is paramount. **Your experience ** Relevant experience in the information security domain is needed, at least 8 years. You have an understanding of market practice rules & regulations and their impact. You are familiar with technical and operational aspects of IT security, with expertise regarding patch/vulnerability management. You are familiar with vulnerability management tooling, such as Rapid7 InsightVM or comparable. Since we work agile you should be familiar with this way of working (e.g. SAFe). **Your education and certification** A relevant Bachelor or Master degree is required to do the work where at least one certification like CCSP, CISSP or CISM provides a (theoretical) foundation.
Functie-voorstel
LET OP: Op basis van de wensen van onze opdrachtgever wordt bepaald of je eventueel wordt uitgenodigd voor een selectiegesprek. Het is dus noodzakelijk dat je ook op de wensen een sterke match hebt.
– Zie eisen
De sluitingsdatum van deze opdracht is de harde deadline van onze opdrachtgever.
- Om je krachtig voor te kunnen dragen hebben wij minimaal één werkdag nodig om samen met jou alle bescheiden in orde te maken.
- Wanneer je interesse hebt in deze opdracht en overtuigd bent van een sterke match, reageer dan direct!
- Naast een actueel en op de opdracht gericht CV zullen wij altijd vragen om een bondige persoonlijke motivatiebrief (inclusief een toelichting per functie-eis en -wens) en een indicatief uurtarief.
5cd8a0b9cc68f9ffa4c9253553278a55wer
Key Skills
Ranked by relevance
patch management
cybersecurity
devops
artificial intelligence
cissp
cloud
gdpr
cism
ccsp
ai
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Senior Java Software Engineer - Big Data
2026-04-08
Full-time
Not Applicable
Romania
Technology
Engineering
View Job Details
Related
Freelance DevOps Engineer
2026-04-10
Temporary
Associate
Belgium
Software Development
Information Technology
View Job Details
Related
Senior Data Scientist
2026-04-09
Full-time
Mid-Senior
Turkey
Software Development
Business Development
Login to Apply
- Posted
- Jan 16, 2025
- Type
- Temporary
- Level
- Mid-Senior
- Location
- Maastricht
- Company
- OverheidZZP
Industries
IT Services
IT Consulting
Software Development
Computer
Network Security
Categories
Information Technology
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Senior Java Software Engineer - Big Data
2026-04-08
Full-time
Not Applicable
Romania
Technology
Engineering
View Job Details
Related
Freelance DevOps Engineer
2026-04-10
Temporary
Associate
Belgium
Software Development
Information Technology
View Job Details
Related
Senior Data Scientist
2026-04-09
Full-time
Mid-Senior
Turkey
Software Development
Business Development