We offer a fantastic opportunity for an independent and self-motivated individual to join our Amsterdam-based Risk and Compliance Team as Information Security Officer (ISO).

In an international law-firm like De Brauw, confidentiality is key and information is the most important asset that we protect. We are looking for a person who can advise and lead us in doing the right thing when it comes to safeguarding our information. As an ISO, you will play a key role in helping to protect the confidentiality, integrity and availability of De Brauw's information assets and systems.

We are looking for an ISO who is able to combine a strategic role as a thought leader with an operational role in executing ideas that you bring to the table. We want you to feel comfortable in raising complex problems at the C-level, while at the same time offering solutions to the management team. Strong communication skills are a necessity.

About the role

This role reports to the CISO. Your responsibilities include:

• helping develop and execute a comprehensive information security strategy that aligns with the firm's objectives, taking into account emerging threats, industry best practices and regulatory requirements (Strategic Planning)
• identifying, assessing, and mitigating information security risks by introducing proactive measures, including vulnerability assessments, threat modelling, and risk analysis (Risk Management)
• helping establish and enforce information security policies, procedures and guidelines that govern the firm's operations and protect sensitive data assets (Policy Development)
• ensuring compliance with relevant laws, regulations and industry standards, such as GDPR, ISO 27001, and ABA Model Rules of Professional Conduct, by implementing appropriate controls and conducting regular audits (Compliance);
• promoting a culture of security awareness and accountability among staff members through training programmes, workshops and communication initiatives (Security Awareness)
• evaluating the security posture of third-party vendors and service providers, and ensuring that they meet our security standards (Vendor Management)
• assessing the security implications of new technologies, software applications and IT infrastructure, and providing recommendations for their adoption or enhancement (Technology Evaluation)
• collaborating with internal stakeholders, including IT, legal, HR and senior management, to integrate security requirements into business processes and decision-making (Collaboration)
• monitoring and measuring the effectiveness of information security controls, processes and technologies (Continuous Improvement)

About the team

De Brauw's Risk & Compliance team currently consists of seven people, including compliance, business compliance, information security, data privacy and risk management specialists. They liaise across De Brauw supporting and promoting a robust risk and compliance culture.

About you

To thrive in this role, you will need:

• a bachelor's or master's degree in information security, computer science or a related field
• proven experience (5+ years) in a senior information security role, preferably within the legal industry
• in-depth knowledge of information security principles, practices, technologies and standards;
• familiarity with relevant regulations and compliance requirements, such as GDPR, ISO 27001, ISAE3402 and SOC 2 type 2
• enthusiastic and excellent communication and leadership skills; fluent in Dutch and English
• to be organised and well-structured
• to be pro-active, hands-on with an optimistic problem-solving can-do mentality.

In addition, industry certifications (such as CISSP, CISM, CRISC) are highly desirable.

Who are we?

De Brauw is a Netherlands-based law firm with global reach. We have a robust corporate practice, a centre of excellence in litigation and an unparalleled team of regulatory experts. Our international litigation practice, handling big and complex matters involving big risk, works in multidisciplinary, multinational teams composed of strong, strategic thinkers who are willing to go the extra mile. We believe in striking the right balance between rigour and pragmatism, especially when stakes are high and pressure is on.

We work hard, but we also have fun. Among other things, we have weekly company drinks, hold table football matches and competitions, and stage events, such as inter-company hockey games, the Amstel Gold Race, invitations to exhibitions and pub quizzes.