- Develop and manage an information security risk management program including development, evaluation, and adherence to multiple areas of practice
- Directly responsible for security policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
- Develop a risk strategy that identifies and classifies cyber risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels
- Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards
- Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms and suppliers and drive explicit requirements and timelines in all environments
- Develop strong relationships with internal audit and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable to TomTom
- Develop security compliance strategy and approach and ensure compliance with ISO27001, GDPR, local privacy laws, contractual requirements and globally-recognized standards and guidelines
- Gather, analyze, and report status and metrics on risks, controls and issues including coverage metrics, KRIs and KPIs
- Manage and mature risk management dashboards and reports to inform risk prioritization, risk remediation, and management decision making
- Understand the latest trends and policies within the regulatory risk environment that could affect impact TomTom
What you’ll need
- 6+ years’ experience in information technology; 3+ in a security governance, risk, and compliance management experience
- Practical understanding of security and risk frameworks such as ISO 27001/2, NIST 800-53, & NIST CSF
- Prior experience with security policy, standards, and controls definition
- Ability to collaboratively develop a risk strategy in conjunction with stakeholders
- Superb communication skills with a variety of levels, business and technical functions
- Strong knowledge of current and emerging cyber security risks, and innovative risk management methods and solutions
- Experience communicating complex technology risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them
- Experience creating and utilizing KPIs, KRIs, and dashboards
- Program and project management experience with process change implementation
- Self-starter, experience working independently and as part of a team
- Strong analytical, research, and problem-solving skills with a keen attention to detail
What’s nice to have
- CISSP, CISA, CISM, CRISC, or similar industry certification(s)
- Experience managing people
- Experience working with distributed teams
- Knowledge of the automotive industry
Meet your team
We’re Information Security. We protect TomTom’s infrastructure, applications, employees and customers. We work alongside Enterprise IT, Commercial IT, Legal, Finance and HR to minimize risk and increase resilience across the business. We take an intelligence-driven approach, relying on innovative commercial and open-source solutions to proactively identify vulnerabilities and contain threats. On our team, you’ll help secure a safe, connected, autonomous world that is free of congestion and emissions.
We are self-starters who play well with others. Every day, we solve new problems with creativity, meet new people and learn rapidly at our offices around the world. We will invest in your growth and are committed to supporting you. In everything we do, we’re guided by six values We care, putting our heart into what we do; we build trust (you can count on us); we create – driven to make a difference; we are confident, but don’t boast; we keep it simple, since life is complex enough; and we have fun because life’s too short to be boring.
After you apply
Our recruitment team will work hard to give you a meaningful experience throughout the process, no matter the outcome. Your application will be screened closely and you can rest assured that all follow-up actions will be thorough, from assessments and interviews through your onboarding.
TomTom is an equal opportunity employer
We celebrate diversity, thrive on each other’s differences and are committed to creating an inclusive environment at our offices around the world. Naturally, we do not discriminate against any employee or job applicant because of race, religion, color, sexual orientation, gender, gender identity or expression, marital status, disability, national origin, genetics, or age.
Ready to move the world forward?