Information Security Officer

Join a pension fund that safeguards the financial future of more than 100,000 members. As an Information Security Officer, you'll help shape and enforce a security framework that meets the highest standards in the Dutch pensions and financial sector. You'll translate strategy into concrete controls, challenge risks, and ensure the organisation remains resilient in an evolving threat landscape.

This role is perfect for security and risk professionals who want meaningful impact, broad responsibility, and the opportunity to mature security capabilities within a trusted public‑facing institution.

What You'll Do

• Turn security strategy into practice by converting frameworks and standards into clear, actionable policies and operational controls.
• Define, implement, and monitor information‑protection guidelines to ensure secure employee behaviour throughout the organisation.
• Maintain and further develop the ICT continuity plan, preparing the organisation for disruption scenarios and major incidents.
• Conduct risk assessments across internal processes, projects, and outsourced providers-ensuring visibility of vulnerabilities and control gaps.
• Oversee compliance with security clauses in vendor agreements, ensuring suppliers meet agreed risk standards.
• Coordinate testing activities across risk management cycles (continuity tests, control testing, scenario analysis, etc.).
• Ensure alignment with Dutch and European sector requirements, including DNB Good Practices, ISAE frameworks, and DORA.

What You Bring

• Bachelor's degree or higher, ideally supported by certifications such as CISSP, CISM, CISA, or similar.
• 3+ years of experience in Information Security, IT Risk, or Cybersecurity.
• Experience in pensions, asset management, or broader financial services is a strong plus.
• Solid grasp of cybersecurity concepts, control frameworks, and best practices.
• Familiarity with key regulatory and assurance standards (e.g., ISAE 3402, ISAE 3000, GDPR, DORA).
• Strong analytical mindset with excellent attention to detail-and the ability to translate technical risks into business‑level insights.
• Fluency in Dutch for engaging internal stakeholders and aligning with regulators.