Dear CISO Security Officer, you are the IT Security conscience of the Rabobank.

You and your job

You challenge the business to embed IT security by design. Nudging the plethora of DevOps teams to achieve adherence to policy and standards from the get-go. Seducing them to shift left, meaning that security built-in early has more effect per euro than as an afterthought. Or, worse, as a surprise when all hard work is done and ready to ship into production!

Your principal business counterparts are those responsible for the technology stacks that run the bank as well as their Security Professionals, your peers in the business. And, finally, the Security Champions, a role often taken by DevOps engineers that promote IT security from day-to-day.

You translate technical risks into clear business insights and drive secure implementations across internal systems, cloud services and partner environments. You will operate in a global environment where threats evolve continuously, shared responsibility and collaboration are key.

You are not alone. You are part of the CISO Office. You liaise with the CISO Policy unit, the Red Team, the Cyber Threat Intelligence unit, our Awareness department and highly capable support office who know how to move our colleagues in the bank. You develop an open dialogue with the 2LoD and Audit. Your direct peers will be a team of 20-odd seasoned Information Security Officers that bring a diverse set of skills and backgrounds al focused on ensuring high quality engineering while remaining demonstrably in control.

Practical Examples

• Empowering our business counterparts into understanding how IT risks affect the bank.
• Balance AI adoption with digital sovereignty. Appreciating the drive to innovate, albeit in a responsible manner within our risk appetite. Again, not alone, but together with architects, policy makers and executives that have an existential fear of missing out.
• Explain your concerns in a way that resonates. In a way that shows alternatives to accomplish what needs to get done, within set boundaries.
• Empathically draw boundaries by explaining why certain hard limits exists, respectfully, yet unambiguously.
• Review high risk third parties with procurement and those who feel a compelling business need to employ such parties.
• Co-author standards that apply for foundational components of our technology stack such as low-code platforms or the use of cryptography, or the use of AI and its implications on vulnerability management.

Facts & Figures

• 24-36 hours per week of which 2 day on-site in the HQ in Utrecht otherwise remote.
• Location easily accessible by public transport and free and ample parking in the HQ.
• 20 security officers in your team working globally across 4 IT Tech Domains.
• More than 49,000 Rabobank colleagues worldwide.

Together we achieve more than alone.

We believe in the power of difference. Bringing together people's differences is what makes us an even better bank. So, we are very curious about what you can bring to our team at the CISO Office / Security Experts team.

No day is the same within security; we design secure solutions and advise business and IT on implementation across global environments. Our mission is clear: keep the bank safe 24/7.

Sander, Manager

The 20 colleagues in the Security Experts team safeguard Rabobanks information security by advising, assessing and improving risk management across domains. Working together is the way we work; as one pragmatic, analytical and expert team at Rabobank.

You and your talent

Experience & Background, please demonstrate in your writing:

• To judge IT risk, you need to understand IT and the dynamics in a modern IT department.
• Working and thinking level at least at University bachelors level (or Dutch: HBO). Dont have the degrees (yet), please convince us!
• Minimum of 5 years working experience in any of the risk and assurance functions of a large organization (> 10.000 FTE) in a heavily regulated industry such as finance.
• Motivated to work in a large corporate environment and the stamina to get things done.
• Ambition to grow within a dynamic security domain (CISO / Chief Security context), advising business stakeholders. Co-building the CISO operating model in alignment with 2LoD and colleagues in other risk and compliance functions.

Knowledge & Skills

• Natural understanding of security risk management and standards.
• Strong personality, yet curious. Solid, yet charming.
• Ability to identify risks, patterns and trends and act proactively connect those affected.
• Highly skilled in stakeholder management. You like to get things done with people!
• Ability to translate complex technical topics into clear business decisions.
• Analytical, pragmatic, and driven professional mindset.

Certifications

Certificates demonstrate a minimum standard. A foundation. You are willing to attain and maintain at least ISACA CISSP and CISM.

• CISA (auditor) or other assurance related documents are highly appreciated.
• Other, fun certificates such as ISACAs AAIA are offered regularly willingness to obtain)
• Willingness to invest in continuous development and certifications.

You and the job application process

Reply to the vacancy for Security Officer at Rabobank as soon as possible, open until fulfilment.

• We respect your privacy.
• Salary grading based on experience. This could be scale 9 or 10
• Any questions about the job content? Contact Freek Kauffmann, manager of the CISO Experts via freek.kauffmann@rabobank.nl
• Any questions about working at Rabobank and the process? Contact Sylvana Janssen via sylvana.janssen@rabobank.nl
• If you are selected for an interview, Bo, our virtual assistant, will reach out to you via SMS and email to schedule the interview.
• You can find answers to the most frequently asked questions on https://rabobank.jobs/en/faq.
• Background checks are part of the hiring process.
• Position is open now and will close when we see the right candidate. So, act now!

NB This is a permanent role only open for direct payrolling with the person who will work at Rabobank. Recruiters and contractors, please dont bother. If something changes, well let you know.