Chief Information Security Officer CISO

Location

The role will be based at Arcadis’ headquarters in Amsterdam, the Netherlands and will require significant travel due to the global spread of Arcadis’ operations.

Context

Arcadis is the leading global Design & Consultancy firm for natural and built assets. Applying our deep market sector insights and collective design, consultancy, engineering, project and management services we work in partnership with our clients to deliver exceptional and sustainable outcomes throughout the lifecycle of their natural and built assets. We are 27,000 people active in over 70 countries that generate more than €3.3 billion in revenues. We support UN-Habitat with knowledge and expertise to improve the quality of life in rapidly growing cities around the world. www.arcadis.com.

Since 2013, IT at Arcadis has been organized as a global function, with 425 professionals structured to provide support to the business in relation to business process management, business applications, IT Infrastructure, IT program management and client facing IT. Next to the delivery of global IT services, the Global IT function is leading a companywide business transformation program, supported by an Oracle platform.

The team is represented in the UK, Europe, North and South America, the Middle East and Asia.

In creating a global IT function, Arcadis seeks to achieve several key objectives:

  • Supporting Arcadis’ strategic direction, enabling and supporting inter-regional initiatives through global process excellence and project portfolio management;
  • Enhance the value contribution role of IT enabling the competitive advantage of being “one global IT function”;
  • Improving quality through sharing and standardizing IT best practices, deepening the knowledge pool and gaining better leverage on IT talent, which will lead to better service levels and improved support for the business;
  • Reducing cost through streamlining business applications, allocating spend more effectively and gaining economies of scale.

Reporting

The CISO reports to the Chief Information Officer, who is a member of the Senior Management Committee of Arcadis.

He/she is a member of the Global IT Leadership Team (GITLT). The GITLT is the management team responsible for our IT strategy and for tactical and operational management of all IT services.

Job description

The Chief Information Security Officer (CISO) will be accountable for information security for the global organization. The CISO will establish the information security strategy and direct the implementation and monitoring of information security standards and policies. The CISO will provide information security guidance to executive leadership within the organization by recommending information security investments which mitigate risks, strengthen defenses, and reduce vulnerabilities for internal and client facing systems and solutions. Furthermore, the CISO provides thought leadership generally in the realm of information security.

The role has the following key responsibilities:

  • Leading an experienced companywide information security team that provides global coordination and oversight of all information risk management processes and strategies;
  • Accountability for defining companywide information security policies, developing technology architecture, and monitoring/reporting of performance and follow-up of incidents (both breaches and near misses);
  • Coordinating audit and regulatory inquiries and external vendor activities to help represent Arcadis from an information security, recovery and technology risk perspective;
  • Developing a global IT control framework, and ensuring effective implementation and maintenance thereof;
  • Developing a reporting framework for key information security topics;
  • Coordinating the performance of management tests to assess operating effectiveness of identified key IT controls, under the IT control framework;
  • Participating in leading industry forums and consortiums to represent business interests and set IT security standards/practices;
  • Accountability for information security, recovery and technology risk vendor relationship management, product selection, including negotiation of high-level contracts (working in tandem with the corporate legal team) and consulting agreements to provide services and capabilities for the protection of Arcadis’ assets globally;
  • Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements;
  • Coordinate and track all information technology and security related audits including scope of audits, business/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope. Provide guidance, evaluation and advocacy on audit responses.

Requirements

The candidate should have a broad strategic, operational and commercial background, and be capable of engaging and managing multiple stakeholders, at various levels of the organization. 

Good communication skills are essential. Whilst Engineering and Construction industry experience is not essential, previous relevant experience of working within an international and complex professional services or related business, and providing high quality IT service across the business will be critical. 

Experience of managing in a global IT shared services environment and the consequent impact on the systems architecture, the IT/business relationship, governance and IT staff will be a key differentiator. 

Education and Experience

  • 8+ years of professional experience of running an information security function in a global or regional organization, including analyzing and applying information security risk, risk management, and privacy practices;
  • 10+ years of relevant work experience, including consulting and general industry experience;
  • 10+ years of experience working with national and international regulatory compliance frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS;
  • Extensive experience in strategic planning, budgeting, and allocation;
  • Previous military, law enforcement, or national security experience.

The ideal candidate

Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:

  • An ability to cultivate and build collaborative working relationships with a broad range of stakeholders;
  • A well-developed understanding of and appreciation for business needs and a commitment to leading the information security team in delivering high-quality, prompt, and efficient service to the business;
  • A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge;
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one;
  • An ability to effectively influence others to modify their opinions, plans, or behaviors;
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner;
  • A working knowledge of the following areas of technical expertise: information policy formulation, information security management, business risk management, IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management, IT financial management and IT audit.

Main working contacts

  • Risk management (including privacy)
  • Internal audit
  • Regional leadership teams
  • Global IT Leadership Team (GITLT) and the broader IT function
  • PwC (assurance partner)
  • IT partners (Microsoft, AT&T, Oracle, Accenture)

What do we offer?

We offer a dynamic challenging job with international focus in a pleasant working climate, attention to education and a competitive remuneration package reflecting the seniority of the role. You will have a great deal of responsibility with endless opportunity for impact and freedom for initiatives. Given the international spread of the business a certain level of flexibility in working hours is important.

Information/ Application

René Teiken (Corporate Recruiter Arcadis NV)

E-mail: rene.teiken@Arcadis.com

Tel: +31 650 736 710

Recruitment agencies need not respond. Details from this vacancy are not to be used for marketing purposes.

Arcadis. Improving quality of life.

Apply to this job

René Teiken

Corporate Recruiter Arcadis NV Ask me a question