Security & Risk Officer

As a Security & Risk Officer for Katoen Natie, a global leader in logistics, you will be responsible for continuously managing (identifying, analyzing, assessing, estimating, mitigating) the cybersecurity-related risks of ICT infrastructures, systems and services by planning, applying, reporting and communicating risk analysis, assessment and treatment. This includes third party risks. You will establish a risk management strategy for the organization and ensure that risks remain at an acceptable level for the organization by selecting mitigation actions and controls that complements the current security management strategy and the organization’s risk appetite.

Security & Risk Officers are also responsible for defining and maintaining the policy framework of the organization, including security policies, guidelines and procedures. They oversee and assure compliance with cybersecurity related legal, regulatory frameworks and policies in line with the organization’s strategy and legal requirements. They also design, develop and conduct awareness, training and educational programmes in cybersecurity and data protection-related topics

At Katoen Natie, you can be the bridge in more than one way: Business and IT, proven and new technology, Working together with other teams is a key success factor. We applaud taking initiatives and sharing our professional views in order to grow and to become a more mature enterprise environment.

Security & Risk Officer responsibilities:

Risk:

• Develop an organization’s cybersecurity risk management strategy
• Assist asset management team in getting the inventory done right, maintainable, and usable for risk management
• Identify and assess cybersecurity-related threats and vulnerabilities of ICT systems
• Identification of threat landscape including attackers’ profiles and estimation of attacks’ potential
• Assess cybersecurity risks and propose most appropriate risk treatment options, including security controls, risk mitigation and avoidance that best address the organization’s strategy
• Develop, maintain, report and communicate complete risk management cycle
• Monitor effectiveness of cybersecurity controls and risk levels

Awareness:

• Advocate risks management practices with management/business owners.
• Lead the development/delivery of the cybersecurity curricula and educational material for training and awareness based on content, method, tools and trainees need.
• Lead the development/delivery of cybersecurity and data protection awareness-raising activities.

General:

• Contribute to the development of the organization’s cybersecurity strategy, policy and procedures
• Assist in designing, implementing, auditing and compliance testing activities in order to ensure cybersecurity and privacy compliance

• Excellent leadership and communication skills (pick it up and walk with it)
• Able to communicate abstract and sometimes technical topics to a business audience
• Able to work independently and drive change (but know when to escalate when you get stuck)
• Experience with developing, communicating and enforcing security policies, guidelines and procedures
• Broad knowledge of security, controls, risk & compliance standards and frameworks e.g. ISO27001, ISO27100, CIS, CSA, NIST, OWASP, etc…
• Experience with identifying and addressing cyber threats and vulnerabilities in an international and industrial environment
• Knowledge of cybersecurity-related technologies and controls
• Knowledge of cybersecurity related laws, regulations and legislations
• Experience with cybersecurity awareness, education and training program development

• An exciting job in a leading dynamic company with no-nonsense culture
• New team and strategy within a vast company with lots of possibilities of growth
• A job with high responsibility and lots of variety
• An attractive salary package