Skip to main content

Head of IT Security

Introduction:

DKV is part of the international Munich Re Group, one of the world's largest reinsurers. Working for DKV means working for the Belgian market leader in private health insurance.

It also means striving for values such as customer and result orientation, integrity and involvement (organisational commitment). We are building an open and inclusive corporate culture based on trust, teamwork, transformational leadership and a sense of initiative.

Together, we put these values into practice every day to further strengthen the trust of our two million policyholders.

Description:

DKV/ERGO is looking for an internal Head of IT Security to join our growing IT department. This will be a full-time, permanent role.

The Head of IT Security will report directly to the Chief Information Officer and is responsible for the IT security relevant aspects of the First Line of Defense of DKV Belgium and ERGO Belgium.

The position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The Head of ITS will proactively work with the ISO (second line of defense), business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. He/she should understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology.

The Head of ITS should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the CIO and other senior stakeholders. He/she serves as the process owner of the appropriate assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. A key element of the job is working with executive management to determine acceptable levels of risk for the organization.

The Head of ITS is leading an IT Security team and is responsible for its good collaboration with the other IT departments and our business partners. As a leader, he/she will guide the team during the transformation journey and insure their skills development.

More specifically, the tasks in this position will be to:

Establish Governance and Build Knowledge

  • Work with the central procurement department to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
  • Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
  • Lead the Organization

  • Lead the IT security function across the company to ensure consistent and high-quality IT security management in support of the business goals.
  • Determine the IT security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of nondigital risk areas.
  • Set the Strategy

  • Develop an IT security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
  • Design, construction and implementation of a solid technical security infrastructure using security architecture principles and integration of technical Security solutions. These include in particular
  • o Creation and implementation of security concepts, processes and measures to IT security

    o Design, structure and implementation of the process for identification, response, recovery and review of IT-based security incidents (Incident Response)

    o Establishment and implementation of a reporting system for the entire IT security status of the organization. This also includes the creation of guidelines for reporting in the Security environment, especially for log file management and SIEM. Contact person and consultant on IT security issues. This also includes the (further) development and implementation of awareness measures with IT security relevance to IT security.

  • Assist with the identification of non-IT managed IT services in use and facilitate a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensure that risk is reduced to the appropriate levels and ownership of this information security risk is clear.
  • Develop the Frameworks

  • Develop and enhance an up-to-date IT security management framework based on the existing DKV/ERGO framework
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets in collaboration with the ISO
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.
  • Build the Network and Communicate the Vision

  • Provide input for the IT section of the company's code of conduct.
  • Create the necessary internal networks among the IT security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
  • Create extensive network with the ERGO Group security team, insure synergies are detected and activated whenever added value has been confirmed for ERGO and DKV
  • Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
  • Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
  • Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
  • Operate the Function

  • Operate with Risk department a risk-based process for the assessment and mitigation of any information security risk in your system consisting of supply chain partners, vendors, consumers and any other third parties.
  • Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
  • Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable.
  • Define and facilitate the processes for IT security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
  • Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
  • Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
  • Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization.
  • Lead a team of CyberSecurity specialists and develop their potential
  • Requirements:

  • Completed studies in information technology or a comparable education/ training Qualification
  • Minimum of 7 to 10 years of experience in a combination of risk management, information security and IT
  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, Cybersecurity Framework
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists
  • Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization
  • Up-to-date knowledge of methodologies and trends in both business and IT
  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Ability to lead and motivate the IT security team to achieve tactical and strategic goals
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
  • We offer:

    At DKV we offer you a varied job with growing opportunities (thanks to trainings, coaching, projects and internal mobility) and all this in the heart of Brussels (close to the Grand Place and the central station).

    Besides a competitive gross salary, we offer an extensive standard package of extra-legal benefits:

  • year-end premium (13th month)
  • competitive insurance package (hospitalization insurance, ambulatory insurance, guaranteed income insurance and pension plan)
  • discount on DKV insurance products
  • free public transport
  • company restaurant
  • meal vouchers
  • eco cheques
  • gift voucher
  • collective company premium (CLA 90)
  • internet allowance
  • homeworking allowance
  • Moreover, you can also count on an attractive leave scheme (at least 31 days), flexible working hours and the possibility to homework up to three days a week. This way of hybrid working guarantees you a good balance between work and your private life.

    Head of IT Security

    DKV Belgium, Brussels
    Contract type: 
    Permanent
    Categories: 
    IT, Security Engineer