Cyber Risk Officer

As a Cyber Risk Officer within the Global Information Security Office (GISO), you will operate in the 2nd line of defence and play a key role in strengthening the organization’s cyber risk posture.

You will help evolve and maintain the Information Risk Management (IRM) Framework, oversee cyber risk identification and mitigation, ensure strong third‑party risk management, and support accurate business impact assessments.

This role combines analytical depth with governance, communication, and coordination across multiple business functions.

You will contribute to core Cyber Risk activities, including:

• Identifying, assessing, and monitoring cyber risks across the organization.
• Overseeing third‑party cyber risk assessments and ensuring vendor risk management processes are effective.
• Reviewing business impact assessments and supporting business continuity and resiliency planning.
• Maintaining and governing security policies and ensuring compliance with regulatory requirements.
• Reviewing internal controls, monitoring their effectiveness, and reporting risk status to stakeholders.

• Policy & Control Framework Development: Maintain and refine the security policy house and control objectives in alignment with our maturity roadmap.
• Framework Mapping (“Rosetta Stone”): Track updates to ISO 27001, ATSG, and SCF and incorporate changes into our mapping framework. Expand its functionality for internal and external stakeholders.
• TICO / ATSG Activities: Coordinate and execute annual self‑assessments, emergency inspections, and priority items, consolidating results from 1st and 2nd line teams.
• Risk Reporting: Deliver clear, accurate reporting on risks, trends, and control effectiveness to senior management.

• Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, or equivalent experience.
• Experience in cyber risk management, IT audit, IT risk assessment, or a similar governance role—ideally in a regulated or global environment.
• Strong understanding of:
  • Risk frameworks (FAIR, NIST, SCF, ISO 27k)
  • Third‑party risk methodologies
  • Business impact analysis
  • Policy and control governance
  • Regulatory requirements affecting cybersecurity
  • Core technical domains (network/cloud security, encryption, vulnerability management, incident response)

Preferred certifications: CISSP, CISM, CRISC, CISA, CGEIT.

• Excellent communication skills, able to translate complex risk topics into clear actionable insights.
• Strong analytical and problem‑solving mindset.
• Ability to collaborate, influence, and coordinate across multiple teams and business units.
• High attention to detail and accuracy in policy, control, and reporting work.
• Adaptability and eagerness to stay ahead of regulatory changes and emerging risks.

You will be part of a global, high‑impact team safeguarding the organization’s digital landscape. This role offers the opportunity to shape governance frameworks, influence security decisions, and support risk‑driven improvements across the company.

We offer a position in an informal, international and professional working environment with a lot of scope for personal development.

This position offers a competitive salary range of € 6.000 to € 7.400 gross per month (excluding 8 % holiday allowance).

On top of your fixed salary, you’ll receive the following secondary benefits:

• 40 vacation days (20 statutory days and a flexible budget worth 20 days).
• Flexible working hours.
• A hybrid workplace (40 % working from home and 60 % in the office).
• A Health & Wellbeing budget worth € 300 per calendar year.
• Commuting allowance, including full reimbursement of travel by public transport.
• Working from home allowance.
• Collective pension scheme and discount on additional health insurance.
• On‑site company health centres with a gym, physiotherapists and occupational therapists.
• A variety in Vanderlande Network communities and initiatives.

Are you interested in this position? Then apply now directly via our Workday vacancy link with your resume and a short summary about your interest in this role.

For more information about the position, please contact Carlijn Kneepkens (Recruiter) at carlijn.kneepkens@vanderlande.com.

PS: Due to process compliance, we cannot process email applications. Kindly use the correct vacancy link to apply for this vacancy.

Pre‑employment screening (performed by Accuity) is part of our hiring process. Employment is subject to a successful check.

Vanderlande is an equal opportunity/affirmative action employer. Qualified applicants will be considered without regards to race, religion, color, national origin, gender, sexual orientation, age, marital status, or disability status.