Information Security Officer

Overall responsibilities

The Information Security Officer (ISO) is responsible for developing, implementing, and maintaining the organization’s information security program and reporting to the IT Director. The ISO ensures the confidentiality, integrity, and availability of PFSCM’s data, systems, and IT assets, and ensures compliance with relevant security standards and regulations. The ISO works closely with IT leadership, business units, and external partners to manage risks, respond to incidents, and promote a culture of security awareness across the organization.

Specific responsibilities

• Develop, implement, and maintain information security policies, procedures, and standards in alignment with organizational objectives and regulatory requirements (e.g., GDPR, ISO 27001).
• Conduct regular risk assessments, vulnerability scans, and security audits to identify and address potential threats to information assets.
• Lead incident response planning and execution, including investigation, containment, remediation, and reporting of security incidents.
• Oversee identity and access management, ensuring appropriate controls for user authentication and authorization.
• Collaborate with IT teams (Cloud & Infrastructure, Data Engineering & Applications) to ensure security best practices are integrated into all technology initiatives and operations.
• Monitor security trends, emerging threats, and regulatory changes, and recommend appropriate risk mitigation strategies.
• Manage PFSCM’s security awareness training program for staff, contractors, and partners to foster a security-conscious culture.
• Ensure compliance with contractual, legal, and regulatory requirements related to information security and data privacy.
• Prepare and present regular reports on security posture, risks, and incidents to the IT Director and executive leadership.
• Manage relationships with external security vendors, auditors, and regulatory bodies as needed.

Qualifications Professional and Technical Knowledge

• Bachelor’s or master’s degree in information security, Computer Science, Information Technology, or a related field.
• 7+ years of experience in information security, risk management, or related IT roles.
• Professional security certifications preferred (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer).
• Strong knowledge of security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR).

• Ability to work comfortably with Microsoft Office software, specifically Word, Excel, and PowerPoint. Preferably advanced user level of Excel.
• Willingness and availability to travel, and perform other duties as needed.
• Must be eligible to work in the Netherlands.

Interpersonal skills/Communication

• Active listener: Listens carefully to different stakeholders (IT, business, vendors, leadership), checks understanding, and adjusts messages accordingly.
• Clear and structured communicator: Explains complex security topics in simple, structured language for non‑technical audiences and adapts depth for technical teams.
• Stakeholder & relationship builder: Builds trust quickly, manages expectations, and maintains constructive relationships with internal and external partners.
• Culturally sensitive collaborator: Works effectively with people from diverse backgrounds; is aware of cultural differences and tailors style and approach.

Continuous improvement/Innovative

• Learning‑oriented: Curious about new threats, technologies, and regulations; actively seeks new knowledge and applies it.
• Improvement mindset: Regularly challenges “how we do things” and looks for safer, more efficient ways of working, not just maintaining the status quo.
• Change champion: Can influence others to adopt new security practices and handles resistance constructively.

Priority Setting, Problem Solving, & Detail Orientation

• Analytical mindset: Breaks down complex situations (risks, incidents, audit findings) into clear components and sees patterns in data.
• Pragmatic problem solver: Quickly identifies root causes, weighs options, and chooses realistic, risk‑based solutions under time pressure.
• Strong sense of priorities: Distinguishes between critical and non‑critical issues and focuses attention and resources where risk is highest.
• High attention to detail: Works accurately with configurations, access rights, policies, and documentation; spots inconsistencies and gaps.

Leadership/Strategic Thinking

• Strategic thinker: Sees the bigger picture and links security decisions to organizational goals, risk appetite, and long‑term impact.
• Decisive under pressure: Takes ownership and makes clear decisions in incidents and crises, even with incomplete information.
• Influential leader: Shapes direction, secures buy‑in, and aligns IT, business units, and leadership around security priorities.
• Accountability & ownership: Feels personally responsible for the organization’s security posture and follows through on commitments.

Disclaimer

PFSCM is committed to providing equal employment opportunities for all qualified applicants and employees and to fostering a workplace free from discrimination. We believe in upholding the values of individual merit, hard work, and excellence, and we actively oppose any practices that promote illegal preferences or actions in hiring, contracting, or other employment decisions or practices. We strive to create an environment where every individual is treated with dignity and respect, and we are dedicated to promoting a culture that recognizes and rewards individual initiative and achievements.

If you are an individual with a disability or a disabled veteran and unable to apply online for an available position, you may submit your request for reasonable accommodation by calling Human Resources at 617‑482‑9485.

#J-18808-Ljbffr