Information Security Assurance Officer

Robeco is a mid-sized asset manager with about EUR 190 bln assets under management. Robeco services both retail and professional clients with innovative investment products, -services and -solutions. We have offices in 15 countries worldwide and our head office is located in Rotterdam, The Netherlands. More information about the organisation is available on


Robeco FIRST
Weena 850
3014 DA Rotterdam
The Netherlands

Continuity & Stability

The Continuity & Stability department (C&S) is responsible for ensuring stability, security, business continuity and reliability of Robeco’ s data processing and IT environment. For this environment, Robeco makes use of different types of outsourcing, including external data centres and several SaaS and PaaS cloud solutions. In the highly regulated financial services industry, expectations of clients, regulators and other stakeholders related to cyber security are increasing. This requires additional attention from C&S to provide assurance about compliance with information security principles, good practices and frameworks. Therefore implementing, assessing and reporting of information and cyber security frameworks and controls is a key topic of Robeco’s Cyber Security Roadmap. This roadmap will be further aligned with the Global ORIX Cyber Security Roadmap for the coming years. These important activities require a dedicated function to provide assurance about information and cyber security.

Job responsibilities

As the Cyber Security Assurance Officer you provide assurance about information and cyber security by assessing, reviewing and reporting security risks, policies, measures and controls. You report directly to Robeco’s Chief Information Security Officer (CISO). Your main responsibilities are:

  • Define and manage Robeco’s information and cyber security assessment program
  • Assess and evaluate Robeco’s information and cyber security status and maturity conform the assessment program
  • Align information and cyber security assessments with other IT assurance frameworks, assessments and maturity roadmaps
  • Assess and evaluate compliance with security standards, guidelines and requirements
  • Perform information security risk analyses
  • Initiate and coordinate information security improvements related to the assessments and roadmaps
  • Contribute to internal and external information security risk assessments, reviews and audits
  • Enhance Robeco’s information security framework with new industry good practices, legislation and regulations
  • Inform CISO and senior management of the status of information security and present improvement proposals
  • Inform internal and external stakeholders about the status of information security and compliance to policy and frameworks. These stakeholders include Risk Management, Compliance, Internal and External audit, Clients (e.g. for RFP’s and ODDs), Supervisory authorities and Regulators.


You are a highly motivated professional who is eager to grow, learn, and gain new skills. You are a flexible team player with problem-solving capabilities who is comfortable in working under tight deadlines in an hectic environment. You have a relevant education at Master/Bachelor+ working and thinking level, or comparable, excellent communication skills and a strong personality and leadership skills. The candidate should be able to function autonomically as well as in the team. Experience with managing security and assurance programs is a must, knowledge of the financial sector and asset management industry is a benefit.

You also have the following skills, knowledge or experience:

  • Information risk management and security assurance expertise
  • Five years’ work experience in an information security position
  • Fluent in Dutch and English (both spoken and written)
  • Keeps priorities straight and can make adjustments easily if required
  • Ability to communicate effectively, constructively and professionally
  • Strong strategic and critical thinking skills; ability to see the “big picture” while also diving into details as necessary
  • Identifies and initiate improvements on cyber security and assurance processes and tooling, e.g. GRC tooling and process automation.
  • Strong analytical skills, pragmatic and quality driven
  • Knowledge of security and IT and information security assurance frameworks and reporting standards, such as ISO27001, NIST Cyber Framework, NIS/ENISA regulations, EBA and ECB/DNB/AFM guidelines, COBIT, ISAE 3402, SOC1, SOC2
  • Technical knowledge about information security measures and cyber threat management
  • Relevant background and certifications are Certified IT auditor (RE), CISA, CRISC, CISM or comparable.

Application process

Do you wish to apply for this position or would you like more information? Please contact Glenn Sweelssen at Oliver James associates

All applications will be treated with the utmost confidentiality. An assessment and integrity test may be used in the selection procedure.