Security Analyst - Amsterdam

To best protect our organisation from threats, you will have an important role at HEMA as a Security Analyst. In this role, you will report directly to the Chief Information Security Officer (CISO), but will collaborate a lot with HEMA’s Digital teams. Your duties will include improving the Security Awareness programme, drafting and verifying security policies and testing and monitoring the IT landscape. In addition, you will create, follow up, explain and monitor security tickets originating from incidents, scans, assessments, audits and supplier reports.

With your keen eye, you will work with all parts of the IT organisation, from all the headquarters departments to the Utrecht distribution centre and from our own stores at home and abroad to the franchisees. You will also work with external stakeholders such as suppliers, partners, consultants, auditors and the Security Operations Centre (SOC). You must be able to provide solicited and unsolicited advice and information to the IT organisation on various implementations for the benefit of IT security.

• You will be the go-to person for security issues at HEMA and are the link between technology, security and the business
• You will take care of following up security incidents and questions from colleagues, from phishing to generic questions and from writing manuals and processes to incident response
• You will implement and manage security tooling throughout the organisation.
• You will drive the Security Awareness programme for all HEMA employees, from (e)learnings to the phishing awareness campaign
• You will perform security assessments/pentests and help colleagues interpret and eliminate security risks
• You will work with internal and external colleagues/partners on one of many security projects, from network architecture to Security monitoring
• You will help establish, maintain and roll out security policies, procedures, standards and guidelines

• An external Security operations centre at one of our security partners
• Vulnerability management tooling, on-prem and in the cloud
• A laptop for locally building and running tools, scripts, etc.
• Jira Service Management, Confluence and TOPdesk
• Are we missing something? Build it yourself... Or write a good business case!

• A small team, in which freedom, trust and continuous development are number one... And pizza and caffeine a close second
• Development and security community: As a technical security team, we understand that learning does not stop at attending training courses such as Security+ and OSCP. You get the extra value from learning from other security experts at events such as Troopers, MCH, BruCon, DefCon and by participating in CTFs. We provide room for this, because all work and no play makes Jack a dull boy
• The toys and tools you need to do your job, such as a Mac or Windows machine and a phone. But, of course, also tools and hardware such as Burp Suite, Vulnerability Management tooling and (virtual) machines
• A gross salary between €3,200 and €4,600
• Travel and expense allowance, a fixed (!) bonus of 4%, a variable bonus of up to 14%, a pension scheme and a generous discount on everything that makes HEMA extraordinarily good
• A unique setting: a fast-moving retailer and the most archetypal Dutch brand, with its own product development and international reach
• Flexibility: you can work where you work best (by agreement)
• Nice headquarters: At the NDSM wharf, above a bustling HEMA store
• The chance to make the everyday lives of millions extraordinarily more fun and the everyday lives of your 17,000 global colleagues extraordinarily more secure

• You combine a relevant IT (security) HBO (higher professional education) or WO (university) degree with a tremendous passion for security, as shown through your interests, projects, Capture the Flag scoreboards or your endless insights into specific security topics
• You have solid knowledge of what is happening in information security and are able to translate these developments into consequences and actions for HEMA
• Relevant certifications such as Security+, OSCP and CISM are a plus, but certainly not mandatory. Expressing your passion for security is much more important
• You have excellent communication skills and are good at building bridges between technology, security and business. Your verbal and non-verbal soft skills are as great as your passion for security
• You feel at home in a dynamic environment where driven teams work at a rapid pace and with great drive
• You have a pragmatic attitude and like to get things done ‘quickly’
• Because we work internationally, good knowledge of the English language (spoken and written) is no problem for you