Third Party Security Manager

Overview

Security conscience of the business How do you make our customers happy? By ensuring bol remains an unquestionably secure environment to shop and sell. This may sound simple, but it’s not because we innovate rapidly and strive to maximize the benefits of the latest (often complex) technology. Moreover, bol isn’t just popular with 13 million customers; ‘black hats’ also appreciate our platform’s potential. So this role comes with considerable impact. All the more because almost every business and IT development team depends on a reliable and secure infrastructure for partner collaboration. Can you deliver that? The biggest challenge Stems from our rapid innovation pace, which we achieve by leveraging external expertise. Since almost every innovation – from minor UX changes to impactful new propositions – includes an IT component, our external partners must also keep the security perspective top of mind. You must also manage the increasingly regulated (DORA, NIS2, etc.) nature of supplier management. You will have to continuously challenge the business. A tough job, that occasionally requires making (abrupt) course corrections! What you’ll do as 3rd Party Security Manager

As the 3rd Party Security Manager, you’re the ‘security conscience’ for our business and IT units when it comes to collaborating with third parties, integrating risk management, and regulatory compliance. You’ll help colleagues across bol integrate business partners into the bol IT ecosystem securely. You’ll make colleagues aware that security is a crucial prerequisite for success, and help them act accordingly. Additionally, together with your colleagues, you’ll monitor the entire landscape, including risk profiles and vulnerabilities. Spot something? Then you’ll take the appropriate steps to contain potential threats. In addition to advising the business, you scrutinize risky business partners to the extent warranted (audits/reviews) and advise business owners on how to address and mitigate undesirable risks. While not your primary focus, you also manage business partner compliance checks. You continually search for ways to improve the security of our platforms and tools, and personally manage the resulting improvement projects. What’s happening in the organization? How can you persuade colleagues who’ve thought of an excellent customer innovation to consider the security implications for customers and sellers more carefully? And how can you ensure that everyone keeps security top of mind, as it should be? Topics you can tackle include: Integrating new business partners securely Security-auditing business partners Identifying and mitigating risks with business stakeholders Assessing and promoting 3rd party management & compliance policy Coordinating security incidents at our partners Establishing processes and tools for scalable business partner risk management Promoting the ‘Think Like A Hacker’ mindset within the organization: inspire colleagues to reflect on the security implications of new initiatives, and don’t hesitate to challenge even the most beautiful ideas Why you can make the difference Because you’re a self-reliant and pragmatic Cybersecurity specialist, eager to make an impact in the field of secure shopping and selling with your business stakeholders. A background in Cybersecurity consultancy would be a great match, especially if you’ve supplemented that with business experience. You’ll spend part of your time in the operational trenches at bol. That needs to suit you. The role also requires you to get colleagues on board, book results, and intervene in projects and proposals (kindly but firmly) when the situation calls for it. We also expect you to have the self-confidence to brief senior management on our work. You are not the kind of person who leans back after emailing a recommendation. You want to see your recommendations implemented and create the traction and commitment that requires. 3 reasons why this is (not) for you Pros

Your track record feels secure

You work at a Bachelor/Master level, have at least 3 years of relevant experience, and are accustomed to colleagues and other stakeholders turning to you to collaborate with business partners securely. You combine curiosity with drive

You want to know everything about the security of business partners and their integration with bol. You detect improvement opportunities everywhere and present them in concrete proposals. You're clear and persuasive

You can explain complex topics clearly, are persuasive, and always keep sight of the big picture. Cons

Checkbox champion

You'd rather work your way down a checklist than write actionable improvement proposals. Foreign territory

You prefer 'standard' solutions to adapting approaches to the situation. IT audits and security testing are completely new territory. Escalate early and often

Your trick to getting colleagues on board is to escalate issues. Every issue. Where you'll work

The Cybersecurity department is part of our broader Tech operation, which consists of five sub-teams with distinct focus areas. We embrace experimentation and new technologies, continually discovering new security opportunities and challenges. As for the atmosphere? Never a dull moment, open-minded, and no ‘holier-than-thou’ mentality. Our strength is that we collaborate as equals, sharing insights and continually improving one another. You can achieve great things on your own as our 3rd Party Security Manager, but so much more with your colleagues. You’re never alone.

#J-18808-Ljbffr