IT Security Officer

Rotterdam /
Technical – Security /
Mendix is a low-code app development platform:

First, what is low-code? Low-code is a visual approach to software development that enables you to abstract and automate every step of the application lifecycle. Gartner predicts that “by 2024, low-code application development will be responsible for more than 65% of application development activity.” Mendix is repeatedly ranked a Leader in analyst reports from Gartner and Forrester. In the 2021 Gartner® Magic Quadrant for Multiexperience Development Platforms, Mendix placed at the very top of the Leaders quadrant. 
Mendix, the global leader in enterprise low-code, was created to promote collaboration between Business & IT teams. Thousands of forward-thinking companies around the world like Ford Auto, Rabobank Netherlands, Zurich Insurance, and Red Bull, can unleash their best ideas faster with the help of the Mendix Platform. 
Mendix is a Siemens Business:
Siemens is a Top 10 Global Software Company and a leader on Fast Company’s Most Innovative Companies in the World! With the acquisition of Mendix in 2018, Siemens Digital Industries Software is driving transformation to enhance the digital enterprise where engineering, manufacturing and electronics meet the future of innovation. Mendix employees have the opportunity to work in a hyper-growth environment with the support of Siemens’ unbeatable market position and resources. 

Mendix is ISO 27001 and PCI DSS Level 1 certified. Furthermore, it holds SOC 1 Type II and SOC 2 Type II reports. To maintain our certifications and reports engage closely with a team of experts to work on the continuous improvement of our Integrated Management System and its implementation, in a way suitable for the organization. You are someone that can be the successful bridge between IT and the business users from various countries regarding Security Compliance

Duties & Responsibilities:

    • Work with the other (security) team members and business stakeholders to raise Mendix’ security posture based on the implemented plan, do, check, act cycle  
    • Support the business organization with the implementation and further enhancing of security controls, striving for automated evidence generation when feasible  
    • Support internal audits to enhance our IT control governance maturity  
    • Document policies and procedures based on ISO 27001, SOC 2 and Siemens’ control framework.  
    • Contribute to the improvement of operations based on ITIL and AGILE practices  
    • Implement data privacy requirements within IT, in collaboration with the IT Security- and Data Privacy Officer   
    • Monitor identified IT Risk and contribute towards its mitigation   
    • Support efforts to raise Information Security awareness within the organization 

Experience & Skills required:

    • Proven experience with IT audit or cybersecurity, have experience with SOC 2 or similar frameworks  
    • Relevant Information Security experience gained within the IT/SaaS industry
    • Ideally a Bachelor’s degree in management/computer information systems, computer science, accounting information systems, computer engineering, industrial engineering, or related program  
    • Brings a practical knowledge of technology, internal audit, external audit or risk  
    • Holds certification in CISA, CISSP, CISM, or similar certification(s) preferred  
    • Knowledge of - and affinity with ITIL v4 and COBIT. ITIL Foundation (or practitioner) certification - Beneficial 
    • Excellent analytical, technical and problem-solving skills, with strong attention to detail  
    • Fluency in English verbal and written communication and collaboration skills  
    • Naturally connects with others, finds joy in building relationships and setting shared goals 
Working for Mendix and with our Customers means your reliability has to be beyond any doubt, and therefore every employment is subject to an onboarding screening and the condition precedent a Certificate of Conduct is provided that demonstrates you did not commit any offences that are relevant to the performance of your function.