Security And Compliance Officer

Cyber security is a top priority for AkzoNobel as for any global organization operating in the cyberspace. Our objective is to protect our information and digital assets (IT and OT) by reducing our cyber risk exposure to pursue our business objectives.

As part of the new cyber security strategy, supported by the ExCo, we have recently redefined our security governance in line with the evolution of threat landscape and modern best practices. In this regard the new Cyber Security and Compliance function, under responsibility of the CISO and part of the IM (Information Management), is responsible for Information and cyber security for the entire organization covering Cyber Risk Management & Compliance, Security Readiness, Security Operations and Cyber Security Awareness and Training.

Cyber Risk and Compliance officer is part of the Cyber Risk and Compliance department and reports to the Cyber Risk Manager.

She/He provides support for assessing and monitoring the evolution of the information and cyber security risks in AkzoNobel measuring the level of maturity and Compliance against the established security framework (ISMS) and applicable security controls. She/He contributes to define and monitoring KRIs (Key Risk Indicators), maintain the Cyber Risk Register and define Cyber Security reports which are shared with the CISO and Executive Management for informing about the cyber risk exposure and the effectiveness of security into the company. In addition, supports the Security Policies lifecycle management by managing the content of existing policies and defining new one in line with the evolution of the risk landscape. She/he supports Internal control department, internal and external Auditors in performing Control Assessment and supporting external audit activities and the Legal department in conducting investigations.

In this role, you will:

• Perform information and cyber risk assessment (e.g., third-party risk assessment, M&A, risk assessment for the compliance with cyber security laws, regulations, and contractual obligations), identify gaps and provide recommendations for their resolution.
• Perform Compliance assessment to monitor the execution and the effectiveness of the security controls implemented by First Line of Defense (e.g., IT/IM, ISC/Manufacturing, Finance. Legal, HR)
• Discuss and agree with Internal Control department about the Security Controls to add into the Risk and Control framework.
• Provide your support to the Cyber Risk Manager and the CISO for reviewing and maintaining Information and Cyber Security Policy and Standards in AkzoNobel following the evolution of the risks
• Support the definition and analysis of Security Key Risk Indicators (KRI).
• Provide your support to Internal and External Auditor in performing IT and Security audit activities.
• Provide your support to Legal department to internal investigation involving Digital information and IT assets.
• Provide support, together with the local legal teams, to the North America Organizations in complying with local security rules and regulations.

• At least 3 years of experience in similar role
• Experience with GRC and cyber risk management methodologies and tools.
• Experience with SAP security monitoring.
• Experience in designing and managing Cyber Security Compliance and Controls testing activities.
• Knowledge of Local Cybersecurity regulations as well as Security Standard and Recommendations (e.g., ISO27001, NIST CSF, CIS, Cyber Essentials, ISO/IEC 62433, NIST 800-82 R2, ISO31000 SOC reports frameworks and related controls, ITAR, DHS, CUI, etc.)
• Experience in developing and maintaining Security Policies, Procedures, and guidelines.

• Experience in defining and reporting KRIs (Key Risk Indicators)
• Knowledge common IT and Network technologies and solutions
• Degree or master's degree in, cyber security, computer science or equivalent work experience
• Certifications in Information Security or Cyber Risk Management domain (e.g., CISM/CRISC/CISA) are a plus

Key Competencies

• Proactiveness, energy and passion for information cyber security.
• Ability to work in team, build and maintain relations with different stakeholders in the organization.
• Excellent communication skills.
• Analytical and problem-solving capabilities, structured thinker, and manager, combines a helicopter view with the ability to 'dig deep' where needed.
• Ability to work under pressure, in a multinational and multicultural environment.

The salary range for these skills is: $95,000.00 - $105,000.00. This is the range that we in good faith anticipate relying on when setting wages for this position. We may ultimately pay more or less than the posted range. This salary range may also be modified in the future.

Eligible for an annual 10% bonus
Benefits: Medical insurance with HSA
 

• Dental, Vision, Life, AD&D benefits
• Annual bonus
• 401K retirement savings with 6% company match
• Generous vacation, personal and holiday pay
• Paid Parental leave
• Hybrid work for most exempt roles
• Active Diversity & Inclusion Networks
• Career growth opportunities on a regional and global scale
• Tuition Reimbursement
• Career growth opportunities
• Employee referral bonus