The Chief Information Security Officer (CISO) is responsible for developing the information security strategy and policy advice in the field of information security in close cooperation with the privacy officer and the integral safety manager and performs executive activities for the purpose of setting up the information security organization and achieving the desired information security maturity level, based on SURFaudit toetsingskader informatiebeveiliging

General

You will join a (small) multidisciplinary team of professionals (privacy, information security and safety) in a challenging but friendly environment. The team acts from the second line (according to the three lines of defense model) and informs management on risks and appropriate risks responses.

The CISO reports directly to the Board of Directors.

The school community is international, which means both the educational program and all business communication are done in English. Hotelschool The Hague has developed an excellent reputation of almost 95 years, the result of the structured & innovative educational programme and the experience and quality of our staff, instructors and lecturers.

General function description

• Reporting to the Board of Directors (BoD) on strategic, tactic and operational risks related to information security.

• Advising the BoD and management on an appropriate risk response, including policy proposals.

• Translating developments and the organizational strategy into information security strategy and policy, including a multi-year roadmap for realization.

• Monitoring and reporting progress on the information security roadmap, advice management on projects related to this roadmap.

• Carrying accountability for the Information Security Risk Management process and the Information Security Management System (ISMS) as a whole.

• Identifying and analyzing developments and needs in the field of relevant legislation and regulations and market development of organizational (im)possibilities.

• Consulting the Technical Information security officer (TISO) concerning developments and needs in the field of relevant legislation and regulations and market development of technical (im)possibilities.

• Ensuring coordination of (policy) proposals regarding information security with various parties.

• Acting as a sparring partner for the privacy officer and the data protection officer on information security strategy and policy.

• Preparing and monitoring an annual risk-based budget. Measuring and reporting on progress of implementation of Information Security using the (Surf) NBA Maturity Model (SURFaudit toetsingskader informatiebeveiliging).

• Supervising compliance with policy, including supervising (external) security audits.

• Being responsible for the team Information security and developing this team further towards the next level of maturity and services provided by this team.

• Advising on information security issues, including making risk analyzes with associated security measures.

• Supervising awareness measures related to information security organization wide.

• Participating in steering committees of information security related projects and programs.

• Providing solicited and unsolicited (proactive) advice on information security issues.

• Collaborating with and participating in various consultative bodies and working groups of SURF related to Information Security (actively).

Candidate profile

You have/are:

• A proven track record acting as an experienced information security specialist.

• A broad theoretical knowledge in the field of privacy & information security:

• Minimum bachelor’s degree in a relevant field of study, supplemented with several certifications, such as CCISO, CISSP, CISM, CRISC or CISA.

• Preferably, experience in a higher education institution.

• Experience with GRC tooling (preferably Trustbound).

• Skilled in creating a strategic vision and managing the activity and multi-year department plan.

• Management and advisory skills with emphasis on:

• Good communication skills (oral and written) to convey (the importance of) information security to all levels within the organization an maintain contact with external stakeholders and suppliers.

• Organizational sensitivity and empathy - strong political skills and persuasiveness.

• Hands-on mindset
• Excellent spoken and written proficiency both in Dutch and English.

Remuneration

Hotelschool The Hague offers a salary based on scale 12 the labour agreement of Universities of Applied Science (CAO HBO) with a range between € 5.486,78 and € 7.175,82 gross per month, depending on your professional experience and qualifications.

In addition, Hotelschool the Hague offers:

• A 13th month.

• An excellent package of fringe benefits.

• Employees with a 40-hour working week are entitled to 428 hours (53 days) of leave annually with retention of salary.

• Excellent opportunities for further personal development.

• Compensation towards your health insurance expenses.

• Option to make use of group discounts for multiple insurances.

• Travel allowances for commuting to and from work.

• A pension plan through ABP.

Most importantly you would work for an organization that strives to have a positive impact on society, helping to develop future leaders in the hospitality industry.

Additional information

Hotelschool The Hague works with a 40-hour workweek. The starting date for this position is as soon as possible.

The main campus for this position is our campus The Hague.

Additional information can be provided by Mr. Tim van Leeuwen, through email: t.v.leeuwen@hotelschool.nl.

An English language proficiency test may be part of the selection procedure. Upon receiving an offer, a certificate of conduct (VOG) is required.

How to apply

We look forward to receiving your English CV and motivation letter. Kindly submit your CV and motivation letter to the attention of Mr. M.Koeslag, HR Advisor, no later than 15 June. Interviews might start prior to this date with suitable candidates.

Department

Facility & Real Estate

Locations

The Hague/ Amsterdam

Remote status

Hybrid