Open position at NN IT HUB Prague

Information Security Officer

Work schedule
Karla Engliše 3201/6, 150 00 Praha 5-Smíchov, Česko

Do you want to apply your information security knowledge and experience in a dynamic and growing environment where you can help us mitigate risks and stay in control? The NN Customer & Commerce security team is looking for a senior information security officer who is able to take a proactive role in the management of information security risks in collaboration with the C&C Devops teams and product owners to help us we stay in control.

Job is closed for applications

We are looking for a candidate with at least 5 years of working experience as a security officer, preferable within the financial sector. A Bachelor or Master degree, preferable with additional certification such as a CISSP or CRISC. A person who understand information security control tracking, has experience with closing IT security audit findings, can perform security reviews and can consult Devops teams in the implementation of security measures preferably in cloud environments.

What you’re going to do

Within C&C we have several teams, including end-to-end Devops teams. In this environment you are seen as the senior information security expert. As a Senior Information Security Officer, you will advise and support teams in making risk assessments, help teams to mitigate the risks and to improve their security knowledge and posture.

Reviewing and verifying if technical measures are implemented correctly and supporting the (Devops) teams to that end, is part of your responsibility. Your role as team member of the C&C security team is to define, review and support implementing the standards and guidelines for a structured and well-aligned way of working for information security and compliance.

In this role you will be working with the second line, internal auditing and with the different C&C (Devops) teams on a wide variety of information security and compliance tasks, e.g. performing security reviews, threat modelling, provide information security advice, interpret vulnerabilities and assist in resolving audit finding. 

You will help with

  • Assess, review and report on the implementation of security controls based on our IT control framework (ITCF)
  • Assist in the procedure of information risk assessments and create in control statements
  • Verify whether control measures are properly set up, formulate recommendations for improvement, and be the point of contact in the event of audits
  • Perform risk assessments on third party suppliers to ensure they meet our security requirements and the regulatory obligations
  • Perform Threat Modelling and walk through vulnerabilities with teams and advise on solutions

Your profile

  • Experience in Risk control governance and compliance world
  • Proactive, result-driven and able to set priorities and plan ahead
  • Able to enter into a discussion with product owners regarding the design choices and integrity of the applications, identify risks, and give advice on appropriate solutions and measures
  • Able to propagate and defend the agreed internal guidelines in the field of information security risk management
  • Listen to the concerns and needs of the devops teams and guide them in achieving security goals
  • A team player: you are supportive and flexible in picking up tasks when priorities change
  • Cloud experience as huge benefit

About the Team

As a Senior Information Security Officer, you will work within the Customer & Commerce (C&C) business unit that focuses on all of NN's generic customer-oriented activities in the Netherlands.

For these activities, C&C is the connecting factor between the various business units, to ensure that the customer (private, business and intermediary) experiences us as one NN and always receives the optimal service. From a IT perspective this means we take care of all generic systems, platforms, capabilities and service desks that are used within NN to service our customer. Such as the digital client portals, the app and the chat-bot solution.

The C&C Security team is a self-organising team of 5 security officers. A well-balanced team in experience, age and a variety of skills. People who interact daily, cooperation and support each other. We believe in continuous learning by coaching on the job, training and education. Our core values as a security team are: transparency, reliability, cooperation and evolving.

I base everything I do on human values. Our values Care, Clear and Commit have always been close to my heart.

Ronald Lipták, CEO

Continue developing

It is important to us that you continue to develop yourself. We give you the space and the confidence to grow in your career as well as a person. We help you with:
  • You will be well connected to the engineering structure at C&C and the larger NN by contributing and participating in the Engineering guild of NN.
  • Plenty of training and learning opportunities, both in our Learning & Development Centre and as part of the dedicated project & programme manager curriculum.
  • A large (international) network of colleagues who are keen to share their knowledge with you.
  • The autonomy to set out your own development path.

We offer:

  • Home office, 5 weeks of vacation, and 5 annual well being days
  • 3% employer supplemental pension monthly contribution
  • Unlimited budget for your education (hard and soft skills, Language courses)
  • Meal contribution, Cafeteria program, monthly home office allowance
  • Multisport card, partnership with various companies (Makro, Datart, Sony, Electrolux…)
  • iPhone 11, personal Office 365 License, O2 Family discounts
  • Volunteering days to support our community
  • Employee referral bonuses to encourage the addition of great new people to the team
  • Amazing working space near Anděl

If you are enthusiastic about this vacancy and think that you would be a good fit for the team at NN, we would like to invite you to apply. We are very keen to find out who you are, what motivates you and what you can contribute to this role at NN.

Job is closed for applications