66.671 vacatures

19 mei 2026

Security & Privacy Officer

Branche Zie onder
Dienstverband Zie onder
Uren Zie onder
Locatie Lijnden,
Haarlemmermeer
Opleidingsniveau MBO
Organisatie PME Legend - HQ
Contactpersoon Zie onder

Informatie

SECURITY & PRIVACY OFFICERMake security and privacy real, practical, and business-ready. Lijnden (Amsterdam Area) | Operations / IT (Information Security / GRC) | 40 hours | Full-time

At Just Brands, we build menswear brands with character. PME Legend, Cast Iron and Vanguard each have their own voice, their own audience and their own place in the market. As we operate across retail and e-commerce, the stakes around information security and data privacy keep rising. Threats move fast, regulations are complex, and the impact of getting it wrong is real: disruption, reputational damage, and GDPR/AVG exposure.
But what really sets us apart is how we work together.
We’re team first. No ego, no unnecessary layers, no endless talking, no corporate theatre. We back each other, speak up, take ownership and keep pushing for better. We work hard, stay sharp and make sure there’s room to enjoy the ride too.

That’s where you come in.

Why this role mattersThis is where GRC (Governance, Risk & Compliance) becomes resilience. As our Security & Privacy Officer (Information Security / GRC), you set the governance standards that keep our business safe and compliant without slowing it down. You translate security and privacy risks into clear, business-relevant decisions, drive the right priorities at MT level, and embed security and privacy into daily operations and projects. You are not here to write policies that no one follows.

You are here to make sure risk is understood, controls work, and the organization stays compliant and prepared.

What you’ll do
  • Own and maintain security and privacy governance (policies, standards, lifecycle) aligned with ISO 27001 and NIST CSF;
  • Own the cyber risk register, risk scoring and treatment plans, and run MT-level risk review rhythms;
  • Lead the Business Impact Analysis (BIA) and translate outcomes into business continuity and disaster recovery (BC/DR) requirements;
  • Govern control effectiveness: access reviews, patch compliance, monitoring/logging and endpoint protection, and drive corrective actions when controls deviate;
  • Establish and govern incident response, escalation paths and communications, including GDPR breach notification integration;
  • Drive privacy governance: data classification, handling standards, DPIAs, records of processing and privacy-by-design;
  • Run third-party / vendor risk management, embedding security and privacy requirements into contracts and SLAs;
  • Own audit readiness: evidence, documentation and representation in audits and regulatory interactions;
  • Build awareness with HR/Marketing: training completion, phishing simulation metrics and behavioral improvement;
  • Report to MT on top risks, incidents, control effectiveness, awareness metrics and compliance status;
  • Partner with privacy stakeholders (Legal/DPO) and translate regulatory change (e.g., EU security developments like NIS2 where applicable) into practical actions.

What makes this role exciting
  • You have enterprise-wide impact without needing a big team to get things done;
  • You sit at the intersection of IT, business leadership and regulation, where decisions actually matter;
  • You build governance that fits a lean, pragmatic organization (no over-engineering);
  • You lead a high-visibility deliverable (BIA) that influences continuity priorities across the business;
  • You shape how security and privacy show up in projects, systems and vendor relationships.

You’ll probably love this role if you…
  • like turning complex risk into clear actions people can execute;
  • prefer pragmatic governance over theoretical perfection;
  • can influence without hierarchy and don’t wait for permission to improve things;
  • stay calm when the pressure is on (incidents, audits, escalations);
  • enjoy balancing trade-offs: security vs usability, speed vs control, cost vs risk;

What you bring
  • Bachelor’s degree in Information Security, IT, Business Administration or similar (or equivalent experience);
  • 5+ years of experience in information security, IT governance, and/or privacy/compliance roles;
  • Hands-on experience implementing or governing ISO 27001 and/or NIST CSF, plus GDPR/AVG;
  • Experience with risk management, audit preparation and working with external parties (auditors, regulators, vendors);
  • Confidence driving governance in organizations with limited dedicated security resources;
  • Familiarity with modern identity and cloud environments (e.g., Microsoft 365, Okta/Identity & MFA, cloud SaaS and enterprise systems);
  • Certifications are a strong plus (CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CIPP/E or similar);
  • Experience in retail/e-commerce or distributed environments is a plus.

What Just Brands is really likeWe’re team first. We keep it direct, make clear decisions and take ownership. No ego. Just practical collaboration, honest conversations and a team that likes improving what matters.
You’ll join a company where:

  • People help each other out;
  • Ideas and people matter more than job titles;
  • Hard work matters, and so does enjoying the ride;
  • If something can be better, we improve it.

What you getYou step into a high-impact governance role with real visibility and influence. You’ll help protect the business, strengthen resilience, and build a security and privacy baseline that scales as we grow.

  • Salary depending on experience and background;
  • End-of-year bonus equal to one gross monthly salary;
  • Healthy and varied lunch every day;
  • (our own) Gym access including classes (boxing, yoga and padel);
  • Parties and drinks that will be talked about for years to come;
  • Staff discount on our clothing.

Ready to raise the bar on security and privacy?
Still reading? Good sign.
If you want a role where your judgment, structure and influence directly reduce risk and improve resilience across the business, this could be your next step.

Ready to apply?
Interesse in de functie van Security & Privacy Officer bij PME Legend - HQ regio Lijnden? Reageer nu met je CV en motivatie via de "solliciteer" button.

Acquisitie naar aanleiding van deze vacature wordt niet op prijs gesteld.

Omschrijving

SECURITY & PRIVACY OFFICERMake security and privacy real, practical, and business-ready. Lijnden (Amsterdam Area) | Operations / IT (Information Security / GRC) | 40 hours | Full-time

At Just Brands, we build menswear brands with character. PME Legend, Cast Iron and Vanguard each have their own voice, their own audience and their own place in the market. As we operate across retail and e-commerce, the stakes around information security and data privacy keep rising. Threats move fast, regulations are complex, and the impact of getting it wrong is real: disruption, reputational damage, and GDPR/AVG exposure.
But what really sets us apart is how we work together.
We’re team first. No ego, no unnecessary layers, no endless talking, no corporate theatre. We back each other, speak up, take ownership and keep pushing for better. We work hard, stay sharp and make sure there’s room to enjoy the ride too.

That’s where you come in.

Why this role mattersThis is where GRC (Governance, Risk & Compliance) becomes resilience. As our Security & Privacy Officer (Information Security / GRC), you set the governance standards that keep our business safe and compliant without slowing it down. You translate security and privacy risks into clear, business-relevant decisions, drive the right priorities at MT level, and embed security and privacy into daily operations and projects. You are not here to write policies that no one follows.

You are here to make sure risk is understood, controls work, and the organization stays compliant and prepared.

What you’ll do
  • Own and maintain security and privacy governance (policies, standards, lifecycle) aligned with ISO 27001 and NIST CSF;
  • Own the cyber risk register, risk scoring and treatment plans, and run MT-level risk review rhythms;
  • Lead the Business Impact Analysis (BIA) and translate outcomes into business continuity and disaster recovery (BC/DR) requirements;
  • Govern control effectiveness: access reviews, patch compliance, monitoring/logging and endpoint protection, and drive corrective actions when controls deviate;
  • Establish and govern incident response, escalation paths and communications, including GDPR breach notification integration;
  • Drive privacy governance: data classification, handling standards, DPIAs, records of processing and privacy-by-design;
  • Run third-party / vendor risk management, embedding security and privacy requirements into contracts and SLAs;
  • Own audit readiness: evidence, documentation and representation in audits and regulatory interactions;
  • Build awareness with HR/Marketing: training completion, phishing simulation metrics and behavioral improvement;
  • Report to MT on top risks, incidents, control effectiveness, awareness metrics and compliance status;
  • Partner with privacy stakeholders (Legal/DPO) and translate regulatory change (e.g., EU security developments like NIS2 where applicable) into practical actions.

What makes this role exciting
  • You have enterprise-wide impact without needing a big team to get things done;
  • You sit at the intersection of IT, business leadership and regulation, where decisions actually matter;
  • You build governance that fits a lean, pragmatic organization (no over-engineering);
  • You lead a high-visibility deliverable (BIA) that influences continuity priorities across the business;
  • You shape how security and privacy show up in projects, systems and vendor relationships.

You’ll probably love this role if you…
  • like turning complex risk into clear actions people can execute;
  • prefer pragmatic governance over theoretical perfection;
  • can influence without hierarchy and don’t wait for permission to improve things;
  • stay calm when the pressure is on (incidents, audits, escalations);
  • enjoy balancing trade-offs: security vs usability, speed vs control, cost vs risk;

What you bring
  • Bachelor’s degree in Information Security, IT, Business Administration or similar (or equivalent experience);
  • 5+ years of experience in information security, IT governance, and/or privacy/compliance roles;
  • Hands-on experience implementing or governing ISO 27001 and/or NIST CSF, plus GDPR/AVG;
  • Experience with risk management, audit preparation and working with external parties (auditors, regulators, vendors);
  • Confidence driving governance in organizations with limited dedicated security resources;
  • Familiarity with modern identity and cloud environments (e.g., Microsoft 365, Okta/Identity & MFA, cloud SaaS and enterprise systems);
  • Certifications are a strong plus (CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CIPP/E or similar);
  • Experience in retail/e-commerce or distributed environments is a plus.

What Just Brands is really likeWe’re team first. We keep it direct, make clear decisions and take ownership. No ego. Just practical collaboration, honest conversations and a team that likes improving what matters.
You’ll join a company where:

  • People help each other out;
  • Ideas and people matter more than job titles;
  • Hard work matters, and so does enjoying the ride;
  • If something can be better, we improve it.

What you getYou step into a high-impact governance role with real visibility and influence. You’ll help protect the business, strengthen resilience, and build a security and privacy baseline that scales as we grow.

  • Salary depending on experience and background;
  • End-of-year bonus equal to one gross monthly salary;
  • Healthy and varied lunch every day;
  • (our own) Gym access including classes (boxing, yoga and padel);
  • Parties and drinks that will be talked about for years to come;
  • Staff discount on our clothing.

Ready to raise the bar on security and privacy?
Still reading? Good sign.
If you want a role where your judgment, structure and influence directly reduce risk and improve resilience across the business, this could be your next step.

Ready to apply?
Interesse in de functie van Security & Privacy Officer bij PME Legend - HQ regio Lijnden? Reageer nu met je CV en motivatie via de "solliciteer" button.

Acquisitie naar aanleiding van deze vacature wordt niet op prijs gesteld.

Solliciteer direct
Vacatures per stad

Amsterdam (6,311) , Rotterdam (5,777) , Utrecht (4,195) , Eindhoven (2,877) , Den Haag (2,866) , Breda (1,869) , Tilburg (1,604) , Zwolle (1,436) , Den Bosch (1,409) , Apeldoorn (1,298)

Vacatures per beroep

Verzorgende individuele gezondheidszorg (ig) (3,572) , Mechanisch operator procesindustrie (2,821) , Vrachtwagenchauffeur binnenland (2,816) , Productiemedewerker (2,580) , Logistiek medewerker (1,706) , Onderhoudsmonteur machines / installaties (1,570) , Monteur elektrische installaties (1,498) , Magazijnmedewerker (1,325) , Schoonmaker (interieur bedrijven, instellingen) (1,252) , Medewerker technische dienst elektrotechnisch (1,234)

Vacaturelijst
Werkzoekenden vinden
Waar kan ik werk vinden?
Wat voor vacatures zijn er?