AkzoNobel has a passion for paint. We're experts in the proud craft of making paints and coatings, setting the standard in color and protection since 1792. Our world class portfolio of brands - including Dulux, International, Sikkens and Interpon - is trusted by customers around the globe. Headquartered in the Netherlands, we are active in over 150 countries and employ around 34,500 talented people who are passionate about delivering the high-performance products and services our customers expect.
The Manager Information Security (CISO) defines the total AkzoNobel, global information/cyber security strategy and organizes and manages AkzoNobel’s information security in line with the organization’s needs and risk appetite. In this role, the CISO, and those reporting to the CISO, are responsible for setting the global direction and company strategy around Information and Cyber Security and collaborating closely with IM Services team who will execute the strategy. Additionally, the CISO works very closely and in coordination with the AkzoNobel company risk management team to ensure complimentary strategies to protect the company from the increasing risks and threats in this domain.
The Manager Information Security reports into the CIO Office Director in the CIO Office but works closely with senior management (including Exco) to align the priorities, budget and action plan of the information/cyber security strategy across domains and regions. The CIO Office is responsible for planning, driving and controlling the entire IT function to worldclass standards and policies regarding enterprise architecture as well as risk management, (information) security & compliance, project management, functional excellence and continuous improvement.
Responsible to define, and align with senior management, the global cyber security strategy including functional domains and all regions. The total strategy will encompass both office and plant environments (IT & OT);
Organize and manage AkzoNobel’s information security in line with the organization’s needs and risk appetite, including assessing current maturity levels vs peer companies, defining AkzoNobel ambition levels with regard to maturity in next 2-3 years, and defining the plan to increase maturity levels according to the Exco align plan;
Leads the definition and maintenance of the Rules, Manuals and Guidelines on Information Security and is involved in risk assessment efforts. The CISO drives the risk management plans on behalf of the Exco identified risks in the area;
Define and align the cyber security framework including policies, procedures and controls;
Monitors and reports on the overall level of cyber security to to the appropriate levels in the organization as well as Information Security Risk Management steering group (IRM) consisting of cross-functional senior representation;
Takes pro-active ownership of and is responsible to build an information security-conscious culture and infrastructure for AkzoNobel through increasing awareness and providing knowledge (including recurring phishing awareness tests, user awareness campaigns and communications, creative / interactive user awareness programs to improve overall measure;
Chairs the information Security Council and is the central contact for information security within Akzo Nobel and keeping in touch with all security officers across AkzoNobel;
Ensures involvement of relevant parties like ASBM, Legal, HR, HSE, AIP in Information Security & Compliance discussions when needed;
Represents AkzoNobel as CISO in relevant external organizations dealing with setting market standards and exchanging functional knowledge and experience;
Support specific Cyber Security related investigation requested by functional Directors of AkzoNobel, (Legal, Finance/ASBM);
Responsible for defining the information / cyber security elements required in different speeds of execution and the Agile way of working;
As owner of the Information Security process with IM, responsible for defining, measuring and tracking Process Performance Indicators and Key Performance Indicators for the process, proposing and sponsoring Continuous Improvement initiatives from a security perspective when improvements can be made.
Responsible for developing, owning and aligning across senior leaders the cyber resilience improvement process;
Responsible for owning the company’s Cyber Resilience Response Plan, aligning all departments and functions and Exco members on their required roles and responsibilities. This response plan should be updated, maintained, and tested/simulated regularly;
Responsible to develop, initiate and stimulate a proper implementation of Information Risk & Cyber Resilience Management across Akzo Nobel;
Responsible for ensuring the confidentiality, integrity and availability of AkzoNobel’s assets, and data;
Responsible to ensure AkzoNobel security policies and basic security guidelines are well and thoroughly set up communicated and implemented;
To develop and maintain the Cyber resilience program.
Master degree in business management, computer science, computer engineering, or a related field of study;
Ten+ years work experience in IT, including a number of years in IT Security or EDP audit (e.g. RE, CISA or CISSP);
Broad and global knowledge of IT Governance and Information Security issues (e.g. CobIT, ISO27001);
Broad and deep knowledge of the relevant technical aspects of information security;
Highly experienced with applicable global IT Governance frameworks and market standards;
Strong solution architecture and project management experience related to information security;
Knowledge of the process industry, both office and plant information security (IT & OT);
Experience in explaining relevant issues to non-information security specialists, including Exco level senior management and Supervisory Board members.
Key Generic Competencies
Strong sense of ownership and urgency related to creating awareness across the company of Information Security. Take a very pro-active approach to disseminating awareness and education on the topic, leveraging current events to help illustrate the urgency, impact and needs for awareness across all 30,000 employees;
Proactive nature to investigate and seek where improvement can/should be made followed by ownership and responsibility to drive those improvements. Comfortable giving un-solicited advice and not comfortable ‘waiting’ to direction;
Effective under stress, also when exposed to stress, disappointments or setback;
Experience working with tight budgets and finding creative solutions while remaining cost effective;
Presentation skills, make a good first impression and maintain this impression among our senior most leaders;
Listening skills, able to filter important information from conversation and asking additional questions when required;
Planning and organizing skills, set targets and priorities and determine necessary actions, time and budget to achieve targets;
Integrity, comply with all social and ethical codes which result from the activities of the role;
Cooperative and team work, invites security officers and business owners to discuss relevant issues and solutions.
We welcome your online application, reference 10828. Please note that applications sent by mail will not be considered. If you have any question, please feel free to contact our Talent Resourcing Partner Jeroen Sevenstern phone +31 (0)6 51706499.
An employment screening may be part of the selection process.
Agency or sales calls are not appreciated
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age or disability.