APG.nl Careers Asset management
English

Select your language

English Dutch
Bekijk alle vacatures in Zuid-Limburg bij APG in Heerlen
Risk

Medior Information Risk & Security Officer

Do you want to contribute to the financial future of 4.5 million people in the Netherlands? Apply quickly for the position of Medior Information Risk & Security Officer and join the team.

Location
Heerlen
Employment
40-40 hours
Years of experience
5-8 years of experience
Education
Master of Science (MSc)
Salary indication
EUR 4278.07 – 6111.53
Publication date
16 July 2025
//state 1 //state 2

This is going to be your job

 

 

The role

Our data-driven organization, where digitalization, artificial intelligence, information security, cybersecurity, and regulatory compliance are key priorities, is navigating a dynamic landscape shaped by numerous internal and external factors. We are a company in transition, embracing a cloud-first mentality while maintaining a low-risk appetite to ensure end-to-end operational resiliency.

You will be part of a team of specialists dedicated to the information and cybersecurity domain.

With an ever-evolving threat landscape and increasing regulatory demands—such as MIFID, DORA, NIS2, and GDPR—our work is becoming more complex. At the same time, we are expanding our DevOps teams and promoting citizen development, as our business becomes fully integrated with IT and artificial intelligence becomes commonplace.

The Resilience team plays a crucial role in supporting the business by embedding information security into business processes and facilitating continuity and crisis management. Information security is considered a shared responsibility across the organization.

 

What you would do

The Information Risk & Security Officer develops, formulates, implements, executes, and monitors compliance with policy frameworks related to information (cyber)security, business continuity management (BCM), and crisis management at both corporate and business levels. The goal is to ensure the availability, integrity, and confidentiality (including privacy) of information systems, making sure they are fit for purpose and aligned with the acceptable risk level as defined by the company.

Your role includes both tactical and operational responsibilities, as outlined below:

Tactical:

  • Responsible for the design, execution, and continuous improvement of processes within the Resilience domain, with a strong focus on business continuity management. This includes planning, executing, and following up on disaster recovery and business continuity tests.
  • Participation in IT process groups to support the optimization and simplification of business continuity-related processes.
  • Active involvement in the business continuity management community.
  • Conducting global design reviews to ensure that new business application designs properly incorporate security and business continuity considerations.
  • Reviewing new or updated policies from an information security perspective.
  • Performing security assessments for (new) business initiatives to evaluate information security aspects and provide guidance on embedding appropriate security measures.
  • Contributing to internal process quality improvement initiatives; at APG Asset Management, we continuously work on enhancing our processes, procedures, and tooling.

Operational:

  • Responsible for executing the business continuity process, including test planning, execution, follow-up, coordination with DevOps teams, and management reporting.
  • Conducting Business Impact Analyses (BIAs) to classify business processes from a continuity perspective, in accordance with DORA regulations.
  • Performing CIAP (Confidentiality, Integrity, Availability, Privacy) reviews for new business applications and reassessing existing ratings to ensure they remain appropriate.
  • Managing risk item mitigations by identifying actions, assigning owners, tracking progress, and reporting outcomes.
  • Participating in annual reviews of existing business applications to assess changes, evaluate associated risks, and propose remediation if necessary.
  • Conducting Risk Self-Assessments for new non-cloud business applications to evaluate information and cyber risks against the organization’s risk appetite.
  • Reviewing exception requests from employees who seek deviations from policy rules, assessing the associated risks.
  • Participating in RFI/RFP processes to ensure that information security requirements are included when evaluating new potential business solutions in the market.

What you bring

  • Proactive, hands-on, and pragmatic, with a strong client focus and the right mindset to maintain long-term relationships within established risk frameworks
  • CISSP, CISM, or CCSP certification
  • Preferably certified in business continuity management (e.g., DRI/CBCP or equivalent)
  • Skilled at organizing internal networks and a team player with healthy ambition
  • Representable, analytically strong, detail-oriented, and equipped with exceptional communication skills, including:
    • Storytelling
    • Presentation
    • Writing (in both Dutch and English; English is the official language at APG Asset Management)
  • Capable of asking the right questions at the right time, not shying away from critical inquiries, and able to distinguish between key issues and details

Additionally, you possess:

  • A bachelor’s or master’s degree and at least five years of experience in business continuity and/or information security
  • Strong execution skills and the ability to navigate a demanding, performance-driven environment
  • Experience in a business vs. IT intermediary role
  • Solid knowledge and experience in:
    • Business continuity management
    • Crisis management
    • Information security
    • Relevant regulations
  • Strong stakeholder management skills

 

What we offer you

We will offer you, depending on relevant knowledge and experience, a gross salary in the range of 4278 - 6112 EUR based on full-time employment and great employment conditions aimed at flexibility, such as:

  • A guaranteed end of year bonus of 8.33%
  • Attention to your vitality and personal development
  • Possibility to work from home 2-3 days per week
  • And obviously a well-managed pension

 

Where you will work


For pension provider APG, pension is about people, life, and living together. With careful asset management, pension administration, communication and advice, we work on a livable future for current and future generations. One in which we share prosperity and well-being fairly and sustainably. Now and later.


APG is committed to around 4.5 million people in the Netherlands, which is why we believe it is important to be a reflection of Dutch society. This means that APG strives for an inclusive work environment, in which everyone can be themselves and where your unique qualities are embraced.


When you choose to work at APG, you're choosing a job where you contribute to a bright future. Apply now!

 

More information

Get in touch with Fleur Van Lier - Weekers via +31623382719 or fleur.weekers@apg.nl or Pascal Vogels via pascal.vogels@apg-am.nl who can tell you more about the specifics of the position.

Do you see your future at APG? Apply no later than 08/08/2025 and let yourself be seen.

 

We do not appreciate acquisition in response to this vacancy.

 

I am happy to help you

Fleur Van Lier - Weekers

Corporate recruiter

+31623382719
ZmxldXIud2Vla2Vyc0BhcGcubmw=

Do you see your future with us?

Discover more about working at APG

Personal development at APG