Medior Information Risk & Security Officer

Contribute to the financial future of 4.5 million people in the Netherlands by joining APG as a Medior Information Risk & Security Officer.

Do you want to contribute to the financial future of 4.5 million people in the Netherlands? Join the team as a Medior Information Risk & Security Officer.

Our data-driven organization, where digitalization, artificial intelligence, information security, cybersecurity, and regulatory compliance are key priorities, is navigating a dynamic landscape shaped by numerous internal and external factors. We are a company in transition, embracing a cloud-first mentality while maintaining a low-risk appetite to ensure end-to-end operational resiliency.

You will be part of a team of specialists dedicated to the information and cybersecurity domain.

With an ever-evolving threat landscape and increasing regulatory demands—such as MIFID, DORA, NIS2, and GDPR—our work is becoming more complex. At the same time, we are expanding our DevOps teams and promoting citizen development, as our business becomes fully integrated with IT and artificial intelligence becomes commonplace.

The Resilience team plays a crucial role in supporting the business by embedding information security into business processes and facilitating continuity and crisis management. Information security is considered a shared responsibility across the organization.

The Information Risk & Security Officer develops, formulates, implements, executes, and monitors compliance with policy frameworks related to information (cyber)security, business continuity management (BCM), and crisis management at both corporate and business levels. The goal is to ensure the availability, integrity, and confidentiality (including privacy) of information systems, making sure they are fit for purpose and aligned with the acceptable risk level as defined by the company.

Your role includes both tactical and operational responsibilities, as outlined below:

• Responsible for the design, execution, and continuous improvement of processes within the Resilience domain, with a strong focus on business continuity management. This includes planning, executing, and following up on disaster recovery and business continuity tests.
• Participation in IT process groups to support the optimization and simplification of business continuity-related processes.
• Active involvement in the business continuity management community.
• Conducting global design reviews to ensure that new business application designs properly incorporate security and business continuity considerations.
• Reviewing new or updated policies from an information security perspective.
• Performing security assessments for (new) business initiatives to evaluate information security aspects and provide guidance on embedding appropriate security measures.
• Contributing to internal process quality improvement initiatives; at APG Asset Management, we continuously work on enhancing our processes, procedures, and tooling.

• Responsible for executing the business continuity process, including test planning, execution, follow-up, coordination with DevOps teams, and management reporting.
• Conducting Business Impact Analyses (BIAs) to classify business processes from a continuity perspective, in accordance with DORA regulations.
• Performing CIAP (Confidentiality, Integrity, Availability, Privacy) reviews for new business applications and reassessing existing ratings to ensure they remain appropriate.
• Managing risk item mitigations by identifying actions, assigning owners, tracking progress, and reporting outcomes.
• Participating in annual reviews of existing business applications to assess changes, evaluate associated risks, and propose remediation if necessary.
• Conducting Risk Self-Assessments for new non-cloud business applications to evaluate information and cyber risks against the organization’s risk appetite.
• Reviewing exception requests from employees who seek deviations from policy rules, assessing the associated risks.
• Participating in RFI/RFP processes to ensure that information security requirements are included when evaluating new potential business solutions in the market.

• Proactive, hands-on, and pragmatic, with a strong client focus and the right mindset to maintain long-term relationships within established risk frameworks
• CISSP, CISM, or CCSP certification
• Preferably certified in business continuity management (e.g., DRI/CBCP or equivalent)
• Skilled at organizing internal networks and a team player with healthy ambition
• Representable, analytically strong, detail-oriented, and equipped with exceptional communication skills, including:
  • Storytelling
  • Presentation
  • Writing (in both Dutch and English; English is the official language at APG Asset Management)
• Capable of asking the right questions at the right time, not shying away from critical inquiries, and able to distinguish between key issues and details

• A bachelor’s or master’s degree and at least five years of experience in business continuity and/or information security
• Strong execution skills and the ability to navigate a demanding, performance-driven environment
• Experience in a business vs. IT intermediary role
• Solid knowledge and experience in:
  • Business continuity management
  • Crisis management
  • Information security
  • Relevant regulations
• Strong stakeholder management skills

We will offer you, depending on relevant knowledge and experience, a gross salary in the range of [job.salary_indication] based on full-time employment and great employment conditions aimed at flexibility, such as:

• A guaranteed end of year bonus of 8.33%
• Attention to your vitality and personal development
• Possibility to work from home 2-3 days per week
• And obviously a well-managed pension

For pension provider APG, pension is about people, life, and living together. With careful asset management, pension administration, communication and advice, we work on a livable future for current and future generations. One in which we share prosperity and well-being fairly and sustainably. Now and later.

APG is committed to around 4.5 million people in the Netherlands, which is why we believe it is important to be a reflection of Dutch society. This means that APG strives for an inclusive work environment, in which everyone can be themselves and where your unique qualities are embraced.

When you choose to work at APG, you\'re choosing a job where you contribute to a bright future.

Get in touch with Ed Rinkel via or ed.rinkel@apg.nl or Pascal Vogels via pascal.vogels@apg-am.nl who can tell you more about the specifics of the position.

We do not appreciate acquisition in response to this vacancy.