Security Analyst - Amsterdam

join the retail tech revolution!

The HEMA Security Office is the central location for information security and is the youngest and fastest growing team within HEMA. We have a very complex IT landscape, countless websites and terabytes of data flowing through our networks. Besides availability, security is also crucial. There are great challenges (for you!) at the Security Office. Do you want to establish workable security policies and optimise existing processes? Automate security controls and build custom tooling? Or help DevOps teams keep their CI/CD environment as secure as possible in an efficient way? You’ll make a big impact at HEMA, because our systems facilitate some 250 software developers, more than 700 office colleagues and millions of customer interactions every day. Without downtime, and as secure as possible. Will you join us in building a secure retail landscape, from office to distribution centre?

make an extraordinary impact!

As a Security Analyst, we will onboard you within the HEMA Security Office, HEMA’s central security organisation. The atmosphere? Informal and dynamic. The challenges? Every day is different. Acting on security incidents and helping over 19,500 colleagues become (and stay!) security-aware are at least part of your role as a Security Analyst. Together with other Security Analysts, Security Engineers and internal and external colleagues from the HEMA Security Office, you will ensure that HEMA becomes a little more secure every day. A role with extraordinary impact, because if you live up to that ambition, you will keep every day not only affordable, but also secure. So the stakes are high, just like the eventual payoff.

To best protect our organisation from threats, you will have an important role at HEMA as a Security Analyst. In this role, you will report directly to the Chief Information Security Officer (CISO), but will collaborate a lot with HEMA’s Digital teams. Your duties will include improving the Security Awareness programme, drafting and verifying security policies and testing and monitoring the IT landscape. In addition, you will create, follow up, explain and monitor security tickets originating from incidents, scans, assessments, audits and supplier reports.

With your keen eye, you will work with all parts of the IT organisation, from all the headquarters departments to the Utrecht distribution centre and from our own stores at home and abroad to the franchisees. You will also work with external stakeholders such as suppliers, partners, consultants, auditors and the Security Operations Centre (SOC). You must be able to provide solicited and unsolicited advice and information to the IT organisation on various implementations for the benefit of IT security.

Job characteristics

  • You will be the go-to person for security issues at HEMA and are the link between technology, security and the business
  • You will take care of following up security incidents and questions from colleagues, from phishing to generic questions and from writing manuals and processes to incident response
  • You will implement and manage security tooling throughout the organisation.
  • You will drive the Security Awareness programme for all HEMA employees, from (e)learnings to the phishing awareness campaign
  • You will perform security assessments/pentests and help colleagues interpret and eliminate security risks
  • You will work with internal and external colleagues/partners on one of many security projects, from network architecture to Security monitoring
  • You will help establish, maintain and roll out security policies, procedures, standards and guidelines

Our favourite tech-stack

This is what we like to work with:
  • An external Security operations centre at one of our security partners
  • Vulnerability management tooling, on-prem and in the cloud
  • A laptop for locally building and running tools, scripts, etc.
  • Jira Service Management, Confluence and TOPdesk
  • Are we missing something? Build it yourself... Or write a good business case!

this is what you’ll get at HEMA

  • A small team, in which freedom, trust and continuous development are number one... And pizza and caffeine a close second
  • Development and security community: As a technical security team, we understand that learning does not stop at attending training courses such as Security+ and OSCP. You get the extra value from learning from other security experts at events such as Troopers, MCH, BruCon, DefCon and by participating in CTFs. We provide room for this, because all work and no play makes Jack a dull boy
  • The toys and tools you need to do your job, such as a Mac or Windows machine and a phone. But, of course, also tools and hardware such as Burp Suite, Vulnerability Management tooling and (virtual) machines
  • A gross salary between €3,200 and €4,600
  • Travel and expense allowance, a fixed (!) bonus of 4%, a variable bonus of up to 14%, a pension scheme and a generous discount on everything that makes HEMA extraordinarily good
  • A unique setting: a fast-moving retailer and the most archetypal Dutch brand, with its own product development and international reach
  • Flexibility: you can work where you work best (by agreement)
  • Nice headquarters: At the NDSM wharf, above a bustling HEMA store
  • The chance to make the everyday lives of millions extraordinarily more fun and the everyday lives of your 17,000 global colleagues extraordinarily more secure

this is what HEMA needs from you

  • You combine a relevant IT (security) HBO (higher professional education) or WO (university) degree with a tremendous passion for security, as shown through your interests, projects, Capture the Flag scoreboards or your endless insights into specific security topics
  • You have solid knowledge of what is happening in information security and are able to translate these developments into consequences and actions for HEMA
  • Relevant certifications such as Security+, OSCP and CISM are a plus, but certainly not mandatory. Expressing your passion for security is much more important
  • You have excellent communication skills and are good at building bridges between technology, security and business. Your verbal and non-verbal soft skills are as great as your passion for security
  • You feel at home in a dynamic environment where driven teams work at a rapid pace and with great drive
  • You have a pragmatic attitude and like to get things done ‘quickly’
  • Because we work internationally, good knowledge of the English language (spoken and written) is no problem for you

team HEMA will get it done!

At HEMA, we all have the same goal. To make daily life better, more fun and easier. We do this by rolling up our sleeves together. We are bursting with ideas, which we implement together. We don’t let ourselves off the hook and learn by doing. Of course, it has to be that way, with our big ambitions: we want to grow into an international lifestyle brand we can be proud of.

application procedure

questions about this vacancy?

please contact:

Alide-Marie Hovenkamp

Corporate recruiter

never miss a job opening again