Are you a detail-oriented individual that enjoys ensuring the correct processes and controls are followed - specifically looking at Information Security? Then take a look at the description below!
As the European Information Security Officer you can make a difference by driving the information security strategy from Kyocera Document Solutions Europe (KDE) and monitoring the implementation of non-negotiable information security compliance & control requirements in the domain of Information/Cyber Security, Business Continuity Management, Identity Access Management and overall Information Security compliance risk awareness in KDE and its subsidiaries in the EMEA region.
- Setup an information security strategy fit for Kyocera Document Solutions Europe B.V incl. its subsidiaries in the EMEA region in consultation with the Security Committee, DX, external suppliers. Develop the strategy in set timeframe and in budget with right quality.
- Setup group Security Committee Meeting at least on quarterly basis and have a dialogue what must be protected and measure / control core KPI’s
- Assist setup good information security Management Review Meetings with Local Information Security Officers in KDE-G and foster dialogue and network building
- Assist prepare SCs in KDE-G prior the ISO 27001 audit
- Maintain and develop Information Security Policies
- Carry out risk assessments and develop / implement countermeasures to mitigate (top) risks
- Implement standards & controls for cyber security to meet future legislation/requirements (e.g. new ISO 27001:2022 standard)
- Raise awareness for information security through training to staff in KDE-G
- Assist in driving audit issue remediation
- Support to timely report incidents & align with management at SC/KDE/KDC and take / implement countermeasures.
Concerning compliance with JSOX and ISO 27001 the European Information Security Officer:
- Assist in the design, implementation and maintenance of an integrated risk control framework for Information Security taking into consideration applicable laws, regulations as well as internal company policies and regulations;
- Orchestrates implementation of corporate policies and standards by translating requirements into clear actionable Standards, Controls and Procedures for IT development and support teams;
- Assists in maintaining all J-SOX controls related to Information Security is responsible to ensure JSOX compliance for Information Security;
- Assists in the guidance of Digital Transformation and local information security officers to support in preventing and remediating audit deficiencies from various risk and control standards (J-SOX, ISO 27001, Operational Audit, etc.).
- Supports in monitoring a strategic and comprehensive information/cyber security and risk management program for KDE (Regional Headquarter) and all its subsidiaries in KDE Group (“KDE-G”).
- Provides expert assessment and advisory services for Kyocera on matters pertaining to Information Security compliance and risk management.
- Supports implementation of risk awareness and control measures in close collaboration with the KDE-IT Compliance Officer.
- Supervises the work performed and actions taken by IT department and local Information Security Officers in KDE-G in order to remain compliant with policies, rules, controls, standards.
- Assists in Conducting and coordinates internal and external compliance, security audits, document findings and recommendations.
- Offers support to maintain relations with external auditor and ensure that all parties are keenly aware of the audit planning, shares concerns in a pro-active manner and timely follows-up on actions.
- Ensures compliance with the changing laws and applicable regulations and identifies risks and actionable plans to protect Kyocera business;
- Masters compliance with GDPR (Article 32) from an IT compliance perspective.
- Certifies that IT systems meet predetermined (information) security requirements.
- Advises the Head of the IT division on maintaining effective information security controls.
- Communicates best practices and risks to all parts of the business.
- Regularly reports status updates on information security for reporting and decision making.
- Provides updates to the KDE-G President on the results and action plan in various meetings (e.g. the annual Governance Committee meeting and Risk Management Meeting).
Governance, Risk & Compliance
- In addition, the officer is responsible as Governance, Risk & Compliance account manager and will guide a selection of Sales Companies in the EMEA region on strengthening internal controls from various risk and control standards (J-SOx, ISO 9001, ISO 14001, ISO 27001, Operational Audit, etc.).
Project work
- Offers assistance and support as project manager for decided projects in KDE-G pertaining to Information Security governance, risk and compliance. Specifically, the Information Security Officer is responsible for managing the project, stakeholders, budget, project risks and all issues till project completion.
You are an ambitious and proactive individual that has excellent interpersonal skills and who can work independently as well as in a team. You enjoy discussing security risk and compliance related concepts to both technical and non-technical staff and you are able to convey your point across effectively. An analytical and result-oriented approach is how you are able to perform to the best of your ability. Your ambition in your career drives you to stay abreast of current topics and you use this knowledge to further your development as well as ensure the best practices are adhered to within the company.
- Level of education is Bachelor degree with at least 5 years’ work experience in controlling/ Auditing IT general controls and/ or IT risk management
- Thorough knowledge of Information Security / IT Compliance requirements, controls and best practices (J-SOx, ISO 27001, GDPR Article 32)
- Demonstrated knowledge of IT General Controls, Sarbanes-Oxley Act (SOX); knowledge of COSO and COBIT frameworks is a plus.
- Thorough knowledge of the requirements of ISAE 3402 audit reports and the requirements on service providers.
- Thorough knowledge of audit principles and practices (walkthroughs, test plan creation, etc.)
- Excellent knowledge of the English language, spoken and written
- Very good knowledge of project management; Prince II certified is advantageous
- Experience with implementation of ITIL (supporting knowledge)
- Knowledge of IT systems SAP and SAP Compliance Calibrator (e.g. in order to monitor and oversee user access management)
- Knowledge of IT Systems (IFS, EVATIC, Bizagi, Salesforce) is a plus.
- CISSP, CISA, CISM, CPA, CCRISC, and/or CGEIT certifications is a plus
Our competitive salary package, bonus plan and additional employee incentives will certainly reward you well for your new role, but nothing can beat working in an environment with great colleagues where you are empowered and can develop yourself.
Check out our Career Page to gain more insight about our benefits, application process and tips to make this interview successful!
Do you recognize yourself in this profile? Or do you have any questions? Please contact me (Logan McLaren - Recruitment and HR Specialist). I am open to connecting with you. Either send me a private message on LinkedIn, or reach me by phone (WhatsApp), or e-mail.
Kindly note that not all vacancies are eligible for sponsorship, please first consider whether you qualify to work in the Netherlands. Should you require more information, please do not hesitate to contact us through KDE-Careers@deu.kyocera.com. We look forward to receiving your application!