Job Description

At Macaw, guiding organizations in the era of AI starts with trust. Information security is fundamental to how we work - both with our clients and internally. 
With emerging regulatory requirements, such as ISO 27001, NIS2, and the EU AI Act, we are looking for  an Information Security Officer to strengthen and further develop Macaw’s security posture.
In this role, you will take ownership of our Information Security Management System (ISMS), ensuring it is effective, up-to-date, and aligned with both business and regulatory requirements. 

You are the go-to for coordinating security initiatives, translating technical topics into clear business impact, and contributing to strategic decisions at both tactical and operational levels. In addition, you will oversee risk management across Macaw, taking ownership beyond information security. 

Our Security and Privacy Team in the Netherlands is headed by you, and you report to the CFO. You will also consult  our service lines (tech teams), managers, delivery teams and team up with other Security coordinators in  Germany and Lithuania with a shared goal -  to embed security and privacy into daily operations, decision‑making, and client engagements. 

How does your role look like? 

• Primary contact for information security and privacy internally and externally.
• Own and continuously improve the ISMS.
• Define, maintain and enforce security policies and documentation.
• Execute risk assessments and manage the GRC risk register and mitigations.
• Monitor and report on ISMS performance including monthly and management reviews.
• Coordinate and support ISO 27001 and TISAX audits with Security Coordinators.
• Lead security incidents, data breaches, and critical vulnerability handling.
• Drive security awareness and training across Macaw.
• Advise on security in contracts, third‑party management and commercial propositions, managing the security incident management and data breach processes.
• Monitoring Critical Vulnerabilities on impact for the organization.
• Keeping up to date with developments in legislation, security and privacy standards and threats and initiate and manage changes if the organization is impacted.

What do we expect from you? 

• Bachelor’s or master’s in Information Security, IT, Computer Science, or a related field.
• Minimum of 3 years in security leadership roles with knowledge of IT, legislation, and regulations and information security.
• Knowledge of ISO2700.
• Certification or knowledge of CISSP, CISM, CISA and/or CIPP/E.
• Knowledge of Risk Management.
• Strong communicator, proactive and skilled in translating information risks into business impact.
• Leadership & stakeholder management: building trusted relationships and influences cross-functional teams and senior stakeholders.
• Working proficiency in English and Dutch.

• flexible working hours and the option to work in a hybrid setup;
• a mobility budget that you can spend freely (for example, on an NS-Business Card or by using your own car – we reimburse your mileage costs);
• 8.5% holiday allowance, paid in May;
• 29 vacation days per year for a full-time position;
• the option to buy or sell vacation days (up to 10 days);
• training opportunities to support your personal and professional development;
• phone and laptop that you can also use privately;
• budget for your home office setup and internet;
• beautiful office in Hoofddorp as your base, equipped with a pool table, table tennis, and an Xbox (as mentioned, we’re Microsoft fans).