APG.nl Careers Asset management
English

Select your language

English Dutch
Bekijk alle vacatures in Zuid-Limburg bij APG in Heerlen
IT

Information Risk & Security Officer

Do you see a future with the best employer in the Netherlands in the financial sector? Apply quickly for the position of Information Risk & Security Officer and join the team. APG Asset Management needs you if you are willing and able to make our organization even more resilient against information and cyber risk. Having an extensive experience in structural improvements of security information then you are the person we are looking for.

Location
Amsterdam
Employment
40-40 hours
Years of experience
8+ years of experience
Education
Master of Science (MSc)
Salary indication
EUR 5931 – 8473
Publication date
17 February 2025
//state 1 //state 2

This is going to be your job

 

 

The role

Our data-driven organization where digitalization, AI, information, cybersecurity and regulatory compliance are key is dealing with many internal and external factors. We are a company in transition, with a cloud first mentality, however also a low-risk appetite securing an end-to-end operational resiliency. You will work in a team of specialists responsible for the information and cybersecurity domain.

With an ever-increasing threat landscape and regulatory compliance like MIFID, DORA, NIS2 and GDPR our work is becoming more complex. We also are growing our DevOps teams and are encouraging citizen development while our business is becoming fully integrated with IT and where artificial intelligence is commonplace. The Resilience team supports our business embedding information security into business processes. Information security is regarded as a shared responsibility.

 

What you would do

The Information Risk & Security Officer develops, formulates, implements, executes, and monitors compliancy with policy frameworks related to information (cyber)security, business continuity management (BCM) and crisis management at corporate and business level, in order to ensure the availability, integrity and confidentiality (including privacy) of the information provision so that it is ‘fit for purpose’ and in line with an
acceptable risk level as determined by the company.

Next to advice senior management on a long term global vision, policy and strategy and provide steering information for the area of (cyber)security, your role is to take on both tactical and operational activities like stated below.

Tactics

  • Responsibility for improvement and design of the processes within Resilience, e.g. patch management policy, IT security policy, etc.
  • 'Pensioen van Straks' – involvement; APG Asset Management involvement (providing review and requirements) in this APG group wide initiative is key
  • IT process group participation to ensure optimalisation and simplification of processes regarding Indoramtion Risk and Security
  • Global Design reviews; new business application designs need to be reviewed for proper embedment of security
  • Policy reviews; new of changed policies need to be reviewed from an information security perspective
  • (New) business initiatives security assessments; all new initiatives need to be reviewed on information security aspects and where applicable advice is provided to embed security
  • Internal process quality improvement activities; both with the IRM Community as well as within APG Asset Management we work on continuous improvements of our processes, procedures and tooling

Operationals

  • Responsibility for execution of the information security process. Activities are: chasing follow up actions with the DevOps teams, management reporting, etc.
  • Application CIAP reviews; new business applications need to be rated for confidentiality, integrity, availability and privacy. Existing CIAP ratings need to be re-assessed to verify whether the current rating is still adequate.
  • Risk item mitigations; determine actions, find action owners, chase actions and report back
  • (Yearly) review participations; for existing business applications review changes, determine associated risk and propose remediations if needed
  • Risk Self Assessments; for new non-cloud business applications information and cyber risk needs to be determined and weighed against risk appetite
  • Exception request review; employees sometimes request exceptions to policy rules, these need to be weighed for risk
  • RFI/RFP participation; when new business solutions are sought in the market, information security requirements must be included in requests for information and requests for proposals

 

What you bring

As a senior Information Risk & Security offcicer, you bring experience, intrinsic motivation, and the following qualities:

Proactive, hands-on, and pragmatic, with a strong client focus and the right mindset to maintain long-term relationships within established risk frameworks.

  • CISSP / CISM / (CCSP)
  • Skilled at organizing internal networks and a team player with healthy ambition.
  • Representable, analytically strong, detail-oriented, and equipped with exceptional communication skills, including storytelling, presentation, and writing abilities (in both Dutch and English; English is APG Asset Management's official language).
  • Capable of asking the right questions at the right time, not shying away from critical inquiries, and able to distinguish between main issues and details.


Additionally, you possess:

  • A university degree and at least ten years of information and cyber - security experience
  • Execution skills and the ability to navigate a demanding, performance-driven environment.
  • Experienced in Business vs. IT intermediary role
  • Knowledge and experience in Cloud Security, BCM, Crisis Management and related regulations are a must.
  • Strong stakeholder management skills are key.

 

What we offer you

We will offer you, depending on relevant knowledge and experience, a gross salary in the range of 5931 - 8473 EUR based on full-time employment and great employment conditions aimed at flexibility, such as:

  • A guaranteed end of year bonus of 8.33%
  • Attention to your vitality and personal development
  • Possibility to work from home 2-3 days per week
  • And obviously a well-managed pension

 

Where you will work

For pension provider APG, pension is about people, life, and living together. With careful asset management, pension administration, communication and advice, we work on a livable future for current and future generations. One in which we share prosperity and well-being fairly and sustainably. Now and later.

APG is committed to around 4.5 million people in the Netherlands, which is why we believe it is important to be a reflection of Dutch society. This means that APG strives for an inclusive work environment, in which everyone can be themselves and where your unique qualities are embraced.

When you choose to work at APG, you're choosing a job where you contribute to a bright future. And that's not all. You're also choosing the best employer in the Netherlands in the financial sector! Curious why APG scored so well in the Randstad Employer Brand Research? Check out the article and apply now!

 

More information

Get in touch with Fleur Weekers via +31623382719 or fleur.weekers@apg.nl or Pascal Vogels via pascal.vogels@apg-am.nl who can tell you more about the specifics of the position.

Do you see your future at APG? Apply no later than 28/03/2025 and let yourself be seen.

 

We do not appreciate acquisition in response to this vacancy.

 

I am happy to help you

Fleur Weekers

Corporate recruiter

+31623382719
ZmxldXIud2Vla2Vyc0BhcGcubmw=

Do you see your future with us?

Discover more about working at APG

Personal development at APG