Senior Manager Cyber Security Risk Management & Assurance ( CISM, CISSP, CRISC, IS GRC platform )

As our new Senior Manager Cyber Security Risk Management & Assurance you will ensure that the information security risk management program is adequate to identify and manage the information security and cybersecurity risks across the organization, facilitating compliance with regulatory requirements.

About Ahold Delhaize
We're Ahold Delhaize, one of the world's largest food retail groups and a leader in both supermarkets and e-commerce. Together with our 17 strong local retail brands in the United States, Europe and Indonesia, we make a meaningful difference in the lives of our brands' customers, our people and the world around us. We offer a highly dynamic, international work environment in which our associates thrive.

Your new work environment
As Ahold Delhaize and the field of Cyber Security evolve continuously, we encourage our associates to grow with us. Personal development and learning are vital. The more we learn, the better we're able to ensure that the rest of the organization learns and develops too. We're collaborative, ambitious and open, taking ownership of our work, and continuously challenge ourselves and each other. That said, we work hard and have lots of fun along the way, too.

You will be given the freedom and responsibility to take ownership of your work and broaden your horizons by working together with knowledgeable colleagues from different countries who have an abundance of expertise in many areas. We will continually invest in you and help you build on your talents and skills for the future.

Key responsibilities of your role
Your role is highly diverse and encompasses various responsibilities. Here are the key ones:

• Lead the delivery, implementation, and continuous improvement of the Cyber Security Risk Management program.
• Establish a cyber security risk framework, and risk register aligned with the internal and external stakeholders.
• Advise senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, risk exception process and residual risk analysis.
• Lead the team on performing third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle.
• Lead the team on assessing and reporting on the risks and benefits for the business as well as mandates for supplier compliance.
• Support with review of information security sections within supplier contracts, identify gaps, and recommend security and data privacy content to close gaps.
• Maintain an inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities.
• Lead and manage the preparation for the cyber insurance policy.
• Work closely with control owners and internal and external auditors to ensure requests are addressed in a timely manner.
• Oversee and manage audits and assessments by regulatory bodies.
• Oversee cybersecurity internal audits and audit findings.
• Manage the budget allocations and associated financial forecasts relating to cybersecurity risk management, including hardware, software, and service providers.
• Ensure the Risk Management module of the IS GRC platform addresses the needs of the organization.
• Be part of the GRCO lead team and lead a team of 9 to 12 full-time and external associates across the regions.

Requirements
We think you'll be best geared for success if you meet the following requirements:

• Bachelor's degree or equivalent technical training in Information Technology, Information Systems Security, Cyber security, Business administration or related field (master's degree preferred).
• CISM, CISSP, CRISC or other relevant certifications are required.
• 10+ years of relevant IT and Information Security experience.
• 3+ years of people management experience, preferably in a multinational company.
• Advanced knowledge of industry authoritative sources such as NIST, COBIT, ISO standards and risk frameworks.
• Solid stakeholder management, communication and presentation skills.
• Strong results orientation to achieve goals.
• Familiarity with the retail industry.
• Familiarity with GRC platforms, security-related legal and regulatory requirements.
• Ability to act independently with minimal supervision.
• Excellent command of English language, both written and spoken.

What's in it for you?
Aside from what we ask of you in this role, we also have a great deal to offer you: plenty of growth opportunities and various cross-brand career options; flexible working hours; a hybrid working model (we ask you to spend at least 50% of your working time at the office); and the chance to drive meaningful change on a global scale. You can look forward to a good work-life balance, and the chance to work in an inclusive environment that wholeheartedly encourages growth and welcomes you just the way you are.

Plus:

• A gross annual salary between 100K-125K based on full-time employment.
• Attractive bonuses.
• A first-rate pension plan.
• 20 vacation days and the option to buy additional 12.5 days from your personal 'flex' budget.
• Travel expenses or an NS travel card.
• A laptop and smartphone.

Apply now!
Are you keen to join the Global Cyber Security team? Even if you don't tick all the boxes, but you still believe you have the personality and skills that make you a suitable candidate, we strongly encourage you to reach out to us. Apply now via the button on this page.

At Ahold Delhaize and our local brands, we broadly define diversity as being inclusive of thoughts and skills, generational differences, LGBTQ+, gender, race and ethnicity, disabilities, nationalities and more, and we accept all people for who they are.