Information Security Officer (ISO) - Amsterdam

At HEMA, we believe in creating a better everyday life for our customers and employees. As an Information Security Officer, you will not only manage core security responsibilities but also provide guidance on AI-related security matters and offer advice on the implementation of new systems, ensuring security is a top priority. Join us at HEMA and make a significant impact by ensuring the security of our systems and information. We value innovation, collaboration, and a proactive approach to security. Your expertise will play a crucial role in helping us achieve our goal of becoming a more secure organization.

The HEMA Security Office is the central security organization within HEMA. You will be part of a team consisting of a Chief Information Security Officer, Senior Security Engineer, and a Security Analyst. At HEMA we have an incredibly vast and complex IT-landscape that is constantly evolving. It’s our responsibility to ensure that these systems, and the data that resides within them, remain secure.

• Security awareness programs: lead initiatives such as training sessions to promote security awareness.
• Phishing campaigns: design and execute phishing email campaigns to test and educate the organization.
• Vendor assessments: conduct security assessments of vendors to ensure compliance with our security standards.
• Policy development: write and maintain information security policies and procedures in HEMA’s Information Security Management System (ISMS).
• Project management: manage various security-related projects, ensuring they are completed on time and within scope.
• Risk management: oversee risk management activities, including the creation and maintenance of risk dashboards.
• Security visibility: make security measures visible and measurable throughout the organization.
• Continuous process improvements: you have a desire for optimization and automation, if something could be done better you make sure it gets improved.

• a gross monthly salary ranging from €4000 to €5800, based on a 40-hour workweek.
• 8% holiday allowance and 30 vacation days based on a 40-hour workweek.
• A variable bonus that can go up to as much as 14%.
• 15% employee discount on all your HEMA favorites.
• A year-end bonus of 4%.
• A net monthly expense allowance of 65 euros.
• A solid pension plan for your retirement.
• For distances of 10 to 30 kilometers between your home and workplace, you’ll receive a travel expense reimbursement of 21 cents per kilometer.
• Access to the benefits at work discount platform, with discounts on well-known brands and amusement parks

• Technical knowledge: solid understanding of security tooling and general IT concepts.
• Security awareness: familiarity with security awareness and phishing tooling such as HoxHunt, GoPhish or learning management systems (LMS).
• Continuous improvement: a strong drive to continually enhance and improve security measures and processes.
• Proactive advice: confidence in providing unsolicited advice when necessary.
• Presentation skills: ability to create compelling presentations using PowerPoint tailored to your audience, from product owner to C-level.
• Framework knowledge: familiarity with key information security frameworks such as ISO/IEC 27001, NIST. Experience with PCI DSS compliance and implementation is a strong advantage.
• PowerBI expertise: knowledge of PowerBI for creating and managing dashboards.
• Certifications: one or more of the following certifications: CISM, CISA, CISSP, CRISC.