Do you want to work at the heart of the Internet and take the lead on our Information Security, Risk and Compliance activities? Do you have proven experience in these areas, and are you able to create a security culture based on trustworthiness, openness, inclusiveness and care in the RIPE NCC?
Your purpose as the Chief Information Security Officer is to improve security and compliance in the RIPE NCC, ensure that the whole organisation has a good understanding of the importance of Information Security, Risk and Compliance, establish partnerships with key stakeholders, and lead and inspire a team of experts to contribute to this purpose.
Chief Information Security Officer
37.5 hours per week
As our Chief Information Security Officer, you will report to the CEO, lead and coach a team of Information Security, Compliance and Risk experts. Your role is to set up a team that creates a common approach and framework across the whole organisation. Your team will support and facilitate the entire organisation in implementing and maintaining the framework. You are responsible for driving a mindset of change where Information Security, Risk and Compliance are integrated into everyday business.
You will also be the lead ambassador for the RIPE NCC through our service region on Information Security, Risk and Compliance. You will give input to and support company-wide decisions and work with all stakeholders to drive initiatives and organisational changes. This will require a proactive, coaching and change focused leadership style.
In this role, you will be accountable for:
Information Security, Risk and Compliance Strategy & Governance
Information Security Management System (ISMS)
Incident & Crisis Management
Business Continuity Plans (BCP)
Secure Development Lifecycle (SDL)
Security Operation Centre (SOC)
Identity and access management (IAM) and Privileged Access Management (PAM)
Security Culture, Training and Awareness
Partnerships with security incident response teams in our service region and beyond
and are expected to:
Work together with other departments to increase their awareness regarding Information Security, Risk and Compliance
Represent the RIPE NCC within the RIPE community on topics related to Information Security, Risk and Compliance
Develop clear objectives and key results with your team
Contribute to the RIPE NCC’s mission and vision, participate in the strategic planning for the organisation and advise the RIPE NCC’s Executive Board on Information Security, Risk and Compliance and Risk areas
What we expect from you:
Ten years’ experience in Information Security, Risk and Compliance, including five years of leadership experience preferably in the Internet or IT/Technology sector
MSc in Information Security or equivalent
Relevant certifications such as CISSP, CISM, CCSP, CISA, CRISC, ISO 27001 lead implementor or similar
Strong strategic and managerial skills, capable of creating, implementing and communicating a vision, both internally and externally
Advise, inspire and influence your colleagues on Information Security, Risk and Compliance;
Demonstrable experience in a coaching leadership style. Able to provide guidance, mentoring and context to team members
Excellent presentation and influencing skills
Fluency in English
Working well under pressure
Proactive, independent and assertive approach
Handling conflicts effectively
High personal standards of excellence combined with a reputation for having the highest ethical and integrity standards
Experience with innovative self-management organisational structures
What you can expect from us:
An opportunity to play a significant role in shaping the future of the internet in a highly motivated and engaged organisation
A modern, flexible, friendly and informal work environment with an emphasis on a healthy work/life balance
A market competitive salary, between €112K and €160K (annual, before tax) depending on the years of relevant experience. This includes the standard 8% annual “holiday pay” and a 5% end-of-year allowance
Excellent secondary benefits: including relocation, a non-contributory pension scheme, 26-weeks paid parental leave, top-tier health insurance coverage for you and your family, 30 vacation days (full-time) plus 3 collective days and additional annual budgets for transportation, health, and technology purposes
An annual generous training allowance for your professional development
About the RIPE NCC
The RIPE NCC is a not-for-profit membership organisation founded on the belief that the Internet should be governed openly, transparently, and together with the wider Internet community. We are one of the oldest Internet organisations in Europe and are proud of our legacy.
As the Regional Internet Registry (RIR) for Europe, the Middle East and parts of Central Asia and Russia, the RIPE NCC provides Internet number resources, such as IPv4 and IPv6 address space and Autonomous System Numbers (ASNs) to its members (ISPs, governments, universities, etc.). It also offers other information services related to the technical coordination of the Internet. Our strongest asset is our staff. We bring together more than 170 people from more than 41 countries in our modern, vibrant office in the east wing of Amsterdam Central Station. We also have an office located in Dubai, where four of our colleagues are located.
Due to COVID-19, all RIPE NCC staff work remotely with limited opportunity to work from the office when necessary. Our official working language is English, but our colleagues speak more than 30 languages. Our backgrounds are diverse, but our goal is the same: work for the good of the Internet. And we are now working collaboratively with our staff to transform our company culture to facilitate our evolution into the future. Do you want to join us on this journey?
How to apply
Hagoort & Partners / IRC Netherlands supports the RIPE NCC in the search and selection of candidates for this position. Patrick Westerburger is the contact person. If you are interested in this position, you can send your English CV/resume and motivation letter to [email protected]
A pre-employment screening (done by Validata) and an assessment will be part of the selection process.