Senior Information Security Officer (32-40 hours per week)

About this vacancy

At TMC Holding, it's all about making an impact with technology — People Drive Technology — within an entrepreneurial community of engineers, scientists, and digital experts. For this senior role, we are looking for an experienced professional who will steer information security and privacy, take organization-wide ownership, and accelerate the further professionalization of our security and compliance landscape.

What we expect from you

The Role

As a Senior Information Security Officer, you are a substantive driving force and strategic sparring partner in the field of information security and privacy within TMC. You take the lead in further developing, implementing, and embedding policies, governance, and compliance, positioning these themes firmly within the organization. You smoothly navigate between strategy and execution, from advising management and the board to overseeing audits, risk analyses, and improvement projects. The key focus areas you address include IT fundamentals, ISO 27001, NIS2, IT security, governance, and privacy (GDPR). TMC Holding B.V. is ISO/IEC 27001:2022 certified; you ensure we remain demonstrably compliant, risks are addressed proactively, and information security is structurally strengthened further.

What You Will Do

• Policy, Governance & ISMS — You are responsible for further developing, updating, and implementing the information security policy and ISMS (including Statement of Applicability), aligning with ISO 27001:2022 and NIS2. You ensure clear governance, establish structured decision-making processes, and translate policy frameworks into actionable standards and processes for the organization.

• Risk Management, Audits & Compliance — You initiate and oversee risk analyses, define appropriate control measures with stakeholders, and monitor follow-up actions. Additionally, you take the lead in preparing and supporting internal and external audits, acting as a strong discussion partner for management, auditors, and other stakeholders.

• Privacy & Regulatory Alignment — You work closely with the Senior Information Security Officer and Privacy Officer/DPO on topics such as DPIAs, processor agreements, data minimization, and data subject rights. You ensure alignment between security, privacy, and applicable laws and regulations.

• Awareness & Change Management — You develop and implement awareness programs, training, and communication approaches that sustain focus on safe and responsible behavior. You engage people effectively, create buy-in, and enhance the organization's security maturity.

• Incident Management & Business Continuity — You coordinate incident response, root cause analysis, and evaluations while contributing to strengthening business continuity and resilience. You maintain oversight of the bigger picture, connect relevant parties, and provide clear reporting and escalation as needed.

• Advisory & Security by Design — You advise on security requirements for projects, applications, and cloud platforms (e.g., Microsoft 365/Azure), ensuring security is integrated timely and comprehensively into decision-making, design, and implementation.

• Supplier and Stakeholder Management — You assess suppliers and external parties on security and privacy aspects, establish agreements on control measures, and act as an internal liaison advisor for IT, HR, legal, business, and the board.

• RFP/RFI & Due Diligence — You coordinate complex security questionnaires, client inquiries, and due diligence processes, ensuring high-quality, consistent input in collaboration with business, IT, and privacy colleagues.



Collaboration

You work closely with colleagues from IT, Privacy, HR, business cells, and external partners. Specifically, you coordinate with colleagues such as Martijn to ensure synergy and alignment in tasks related to incident management, continuity, and audits.

Your Profile

• Experience: You have several years of relevant experience in a senior role within information security, risk, compliance, or governance and demonstrable expertise with ISO 27001 (preferably the 2022 version), NIS2, IT security, governance, and privacy (GDPR).

• Seniority: You are capable of independently setting direction, prioritizing, and advising/disputing decisions at various organizational levels. You combine deep substantive knowledge with pragmatism and organizational sensitivity.

• Language: Excellent command of both English and Dutch is a must.

• Context: Experience in an international or multinational environment is a strong plus, as well as the ability to operate in a dynamic stakeholder field.

• Competencies: You are highly analytical, decisive, communicative, and capable of translating complex issues into clear choices, actions, and improvements.

• Pluses: Certifications such as ISO 27001 Lead Implementer/Lead Auditor, CISM, or CISSP are considered a plus; familiarity with NEN 7510 is also welcome.

What you can expect from us

Working at TMC means being part of an entrepreneurial, inclusive community that uses technology to deliver real value. Our Employeneurship philosophy provides space for ownership, development, and impact at the group level. You work closely with IT, Privacy, HR, and business cells, and play a visible, leading role in the further professionalization of information security within TMC. You report periodically to the (executive) management.

What we offer

• Excellent primary and secondary employment conditions.

• Extensive options for coaching, training, and development opportunities.

• Impactful role in a team with great colleagues.

• TMC is a growing company, and you can grow alongside it.

• Hours: 32–40 hours per week.

• Location: Eindhoven (High Tech Campus), with options for hybrid working.