Job Description

As the Information Security Officer (ISO) you are responsible for maintaining and continuously improvingour Information Security Management System (ISMS) ensuring it aligns with group policies, a shared way of working, and ISO 27001 standards. In this role, you support information security, risk management, and Internal audit, while helping to build and promote a strong security awareness culture across the organization. You bring experience in ISO 27001 and operating in regulated environments, with a good understanding of cloud security and emerging technologies. And every day at work, you’ll be doing your part for all the charities we support.

Ivan Larkins, International Team Lead Information Security: "What I enjoy most about this role is the balance between responsibility and impact. You’re not just working on controls and frameworks you’re helping teams make better decisions every day. Working closely with colleagues across different countries also brings a great exchange of ideas and perspectives. And in an environment like the Lotteries, where everything we do supports good causes, that makes the work genuinely meaningful and enjoyable."

As Information Security Officer, you’ll:

• Create, update, review, and manage information security policies, standards, and procedures. You own, maintain, and continuously improve the ISMS in alignment with ISO 27001:2022.
• Ensure all documentation (e.g. risk assessments, incident reports, security controls) is up-to-date and audit-ready and coordinate local penetration testing and vulnerability assessments, and track remediation progress.
• Monitor, track, and report on security objectives, metrics, and KPIs. And align with the group on security awareness initiatives and lead local execution and communication.
• Drive local risk assessments and maintain the risk register in line with group frameworks.
• Collaborate with IT, Legal, and Compliance to embed security into business processes.
• Oversee user access reviews, asset inventories, and incident response planning.
• Provide security guidance on projects, vendors, and third-party tools.
• Own and coordinate the ISO 27001 certification process locally, including preparation for internal and external audits, managing audit activities, and ensuring timely closure of findings and continuous improvement of the ISMS.

You’d describe yourself as follows:

• Minimum of 7 years’ experience in Information Security preferably in a large and/or international organisation.
• ISO/IEC 27001 Lead Implementer certification (required) and ISO/IEC 27001 Lead Auditor certification (preferred).
• Solid understanding of risk management and information security frameworks (e.g. ISO 27005, NIST) and strong knowledge of cloud environments (e.g. AWS, O365).
• Experience in regulated industries (e.g. finance, gaming) is an advantage.
• Proven experience with policy development, audits, and compliance activities.
• A salary indication between € 6.100,- and € 8.300,- per month based on 40 hours per week plus benefits.

Join us:

We believe an inclusive organisation is the ideal breeding ground for creativity, collaboration and innovation. Employee solidarity is important to us, too. Each of us has a part to play in that – we are the organisation, after all. We strive to make everyone feel at home. That means keeping an open mind and paying attention toeach other’s welfare.

Can you see yourself as part of the team? We encourage you to apply – whatever your roots, religion, age, ability to work or life philosophy.

Please send your CV and cover letter to our Team Lead Recruitment Caroline Hetterschijt through our recruitment website www.werkendoejebij.nl

Acquisition is not appreciated.