Information Security Advisor

Senior Information Security & Risk Management Advisor

About the Role

We are seeking an experienced Information Security & Risk Management Advisor to join a trusted client of Michael Bailey Associates. In this role you will drive the enhancement of the client’s cybersecurity posture, technology risk governance, and compliance framework. This role combines strategic advisory with hands-on implementation, requiring someone who can bridge the gap between technical security controls and business objectives.

As a Security advisor, you will work closely with leadership, business units, and technical teams to develop and operationalize critical security programs, assess technology and cyber risks, and ensure alignment with regulatory requirements. You will be instrumental in shaping policies, driving awareness initiatives, and fostering a culture of security across the organization.

Key Responsibilities

Strategy & Governance

• Develop, implement, and maintain critical technology and cybersecurity policies, including risk assessment frameworks, third-party security assessments, AI governance, and responsible use policies
• Design and operationalize governance processes for access management, toxic access violations, and user recertification on critical platforms
• Prepare technology and cyber security risk postures for executive committees and senior leadership
• Conduct gap analysis between regulatory requirements and internal controls, providing actionable recommendations for remediation

Risk Assessment & Management

• Perform independent technology and cyber risk assessments aligned with business requirements and regulatory expectations
• Lead Risk and Control Self-Assessments (RCSA) and provide independent challenge on controls effectiveness
• Assess emerging technologies (e.g., AI models, end-user developed tools) against regulatory principles and internal risk appetite before go-live
• Provide strategic recommendations to Chief Risk Officer and CISO on technology incident investigations and security-related issues

Stakeholder Management & Advisory

• Act as a trusted advisor to business units, providing strategic guidance on information security requirements and regulatory compliance
• Collaborate with 2nd Line of Defense (2LoD), 3rd Line of Defense (3LoD), and Learning & Development teams to deliver training and support
• Articulate technology and cyber security risks in business terms for non-technical stakeholders

What You Bring

Experience & Background

• 8+ years of progressive experience in Information Security, Technology Risk Management, or GRC (Governance, Risk & Compliance) roles
• Proven track record in financial services, insurance, or other heavily regulated industries
• Background in software development or IT operations is highly valuable for understanding technical contexts

Technical Knowledge & Skills

• Deep understanding of technology and cyber security risk assessment methodologies
• Strong knowledge of regulatory frameworks and standards (e.g., GDPR, ISO 27001, DORA)
• Experience with Data Leakage Prevention (DLP), Identity & Access Management.
• Familiarity with cyber threat intelligence, incident investigation, and security awareness programs
• Understanding of AI governance principles and emerging technology risk assessments

Core Competencies

• Strategic thinking: Ability to translate technical risks into actionable business insights
• Communication excellence: Articulate and diplomatic in engaging with stakeholders at all levels, from technical teams to C-suite
• Analytical rigor: Strong capability in process analysis, gap assessment, and control evaluation
• Project leadership: Proven ability to structure, prioritize, and deliver security initiatives
• Team motivation: Demonstrated ability to inspire teams, delegate effectively, and foster collaboration

Education & Certifications

• Master's degree in Management, Information Systems, Computer Science, or related field (preferred)
• Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable

What We Offer

• Competitive salary package of €95.000 - €110.000 gross per year, including benefits (based on 36 hours per week)
• 12-month contract via Michael Bailey Associates payroll, with a high chance of extension
• Hybrid working model with 2 days per week at our client’s office in Utrecht-area
• Opportunity to work on high-impact security and risk initiatives in a dynamic, regulated environment
• Professional development opportunities and exposure to cutting-edge cybersecurity challenges
• Collaborative culture that values strategic thinking, innovation, and continuous improvement

How to Apply

If you are a seasoned Information Security and Risk Management professional who thrives in strategic advisory roles and can drive meaningful change across an organization, we want to hear from you. We are looking forward to an introduction!