Information Security Management Specialist

Nexent Bank is a respected international niche bank offering a dynamic portfolio of products to corporate and retail clients. With over 1,000 colleagues in seven countries and headquartered in Amsterdam, we proudly serve our international client base while strengthening our organization. We aim to be an adaptive, efficient, and sustainable bank, focusing on achieving investment-grade status and further embedding digitalization.

Responsibilities

Risk Assessment & Management:

• Perform comprehensive risk assessments related to cybersecurity threats, IT vulnerabilities, and data protection risks.
• Continuously assess IT architecture and provide strategic security recommendations.
• Identify, evaluate, and mitigate information security risks related to third-party vendors and outsourcing services.
• Oversee the development and implementation of risk mitigation plans in collaboration with IT and business units.
• Regularly provide management reporting on risk assessment results.

Security Governance & Compliance:

• Design the IT Security Architecture and standards and monitor compliance of internal parties / 3rd parties with the implementation.
• Coordinate between the first line and second line, ensuring IT risks are properly addressed and managed.
• Contribute to formation of information security policies, ensure and report on compliance with internal policies, industry frameworks or statutory obligations. (e.g., ISO 27001, NIST, COBIT, GDPR, SWIFT, DORA).
• Conduct first line testing of IT controls and advise senior management on effective measures to mitigate IT risks.
• Monitor and enforce security controls to ensure continuous compliance with the organization’s risk management guidelines.
• Guide IT teams in implementing control measures and ongoing security monitoring.

Security Incident Management & Response:

• Act as a trusted point of contact for information security related inquiries across the organization.
• Oversee incident response processes and work closely with IT teams to ensure prompt resolution of security incidents and crisis responses.
• Coordinate with internal teams and external security firms to investigate cybersecurity incidents and breaches.
• Provide guidance on risk mitigation strategies and ensure timely follow-up on security incidents.
• Collaborate with the Security Operations Center (SOC) team to monitor threats, investigate incidents, and implement security measures.
• Work with external threat intelligence providers to monitor cyber threats, including phishing and fraudulent website takedowns.

Cybersecurity Awareness & Training:

• Enhance cybersecurity awareness at all levels of the organization.
• Plan and execute email phishing simulation exercises, assess employee responses, and report results to management.
• Conduct annual information security awareness training sessions, ensuring organization-wide participation.
• Track and report training completion rates to senior leadership.

Testing & Technical Security Enhancements:

• Coordinate annual external penetration testing activities.
• Track and report penetration test findings, ensuring vulnerabilities are addressed.

Reporting & Communication:

• Regularly provide management reporting.
• Provide periodic updates on IT risk status, security incidents, penetration test results, and compliance levels.
• Ensure proper communication and coordination between first-line IT teams and second-line risk management functions.
• Monitor and report on the effectiveness of security policies and recommend improvements.

Third Party Management:

• Participate in ICT Third Party Provider’s onboarding, contracting and monitoring processes in terms of information security.

Candidate profile:

• Higher education/Master in IT / IS.
• Technical/technology knowledge and skills: knowledge of network infrastructure and functionalities and their architecture, operating systems, communication protocols, encryption techniques
• Knowledge of network technologies and protocols, including Ethernet, TCP, IP routing, security architecture and mobile technologies • Experience with Nexpose, Metasploit, Burp or similar tools is a plus
• Demonstrates problem-solving capabilities and critical thinking skills in complex environments.
• A good understanding of international security standards such as ISO2700x, PCI-DSS, etc. English language - advanced (spoken, written, read).
• Integrity, courage, excellence, individual responsibility and caring for others sum up our values and are mandatory.
• Able to work under pressure.