Ahold Delhaize is one of the world's largest food retail groups and a leader in both supermarkets and e-Commerce. Its family of great, local brands serves more than 50 million customers each week in Europe, the United States and Indonesia. Together, these brands employ more than 420,000 associates in more than 7,000 grocery and specialty stores. Our Global Support Office (GSO) is based in Zaandam in the Netherlands, but GSO associates also work in all the countries we serve. This team supports all our great local brands in finance, HR, IT, legal, communications, sustainable retailing, and other key functions. . 

Manager II Cyber Governance & Compliance

The ‘Head of Cyber Security Governance & Compliance’ plays a critical role in ensuring the organization's adherence to security standards, risk management, and regulatory requirements. They provide strategic leadership, oversee policies, and drive security initiatives.  This senior professional serves as a critical resource for staff and leaders setting up the appropriate cyber security governance bodies and processes supporting the overall cybersecurity management of the organization.​

About Ahold Delhaize

We’re Ahold Delhaize, one of the world’s largest food retail groups and a leader in both supermarkets and e-commerce. Together with our 19 strong local retail brands all over the world, we aim to make a meaningful difference in the lives of our customers, our people and the world around us. We offer a highly dynamic, international work environment in which our employees thrive.

You will be given the freedom and responsibility to take ownership of your work and broaden your horizons by working together with knowledgeable colleagues from different countries who have an abundance of expertise in many areas. We will continually invest in you and help you build on your talents and skills for the future.

Key responsibilities of your role

Your role is highly diverse and encompasses various responsibilities. Here are the key ones:

As the ‘Head of Cyber Security Governance & Compliance’ within the GRCO, you will: ​

• Lead the delivery, implementation, and continuous improvement of cybersecurity governance​
• Ensure the development and implementation of a suitable IS policy framework including identification and reporting of relevant cybersecurity risks, development of IS controls to mitigate those risks, and training of employees on cybersecurity best practices​
• Policy development and testing:  ​
  • Create and update security policies and procedures.​
  • Plan and test responses to security breaches, including communication with stakeholders.​
  • Oversee the selection, configuration, and maintenance of security products.​
• Establish or maintain a target operating model that provides the necessary cybersecurity competencies to protect how the firm chooses to operate in line with the geographic and industry regulations to which it’s held.​
• Establish a security compliance program aligned with internal and external stakeholders.​
• Establish and maintain governance and compliance standards​
• Ensure that all external IS requirements for the external legal and regulatory mandates are embedded in the IS control framework​
• Design and manage a security exception management process​
• Design and manage a security issue management process​
• Lead the evaluation program of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for senior management.​
• Own and operate the IS GRC platform facilitating all IS GRC requirements​
• Manage the budget allocations and associated financial forecasts relating to cybersecurity governance, including hardware, software, and service providers.​
• Be part of the GRCO lead team​
• Lead a team of 9-12 full time and external associates across the regions​

What’s in it for you?

Aside from what we ask of you in this role, we also have a great deal to offer you: plenty of growth opportunities and various cross-brand career options; flexible working hours; a hybrid working model (we ask you to spend at least 50% of your working time at the office); and the chance to drive meaningful change on a global scale. You can look forward to a good work-life balance, and the chance to work in an inclusive environment that wholeheartedly encourages growth and welcomes you just the way you are.

Requirements

We think you’ll be best geared for success if you meet the following requirements:

• Education:
  • Bachelor’s degree or equivalent technical training in Information Technology, Information Systems Security, Cyber security, Business administration or related field (master’s degree preferred)
  • CISM, CISSP, CRISC or other relevant certifications are required.​
•  ​Experience:
  • 10+ years of relevant IT and Information Security experience ​
  • 3+ years of people management experience, preferably in a multinational company​
• Knowledge/Skills:
  • Advanced knowledge of industry authoritative sources such as NIST, COBIT, and ISO standards​
  • Solid stakeholder management, communication and presentation skills ​
  • Strong results orientation to achieve goals​
  • Familiarity with the retail industry ​
  • Familiarity with GRC platforms, security-related legal and regulatory requirements ​
  • Ability to act independently with minimal supervision ​
  • Excellent command of English language, both written and spoken ​

Aside from these hard skills, we think you should also bring some much-valued soft skills to the table: an entrepreneurial mindset, outspoken communication skills and a proactive approach. In addition to these, a high level of creativity, empathy, and enthusiasm will take you far. 

Apply now!
Are you keen to join the team? Even if you don’t tick all the boxes, but you still believe you have the personality and skills that make you a suitable candidate, we strongly encourage you to reach out to us. Apply now via the button on this page, or feel free to contact Katie Hillman via Katherine.hillman@aholddelaizeusa.com if you have any questions.

At Ahold Delhaize and our local brands, we broadly define diversity as being inclusive of thoughts and skills, generational differences, LGBTQ+, gender, race and ethnicity, disabilities, nationalities and more, and we accept all people for who they are.

The GSO sets global strategies frameworks, facilitates the sharing of best practice and encourages economies of scale. Great examples include sharing technology and digital know-how, so we can continue to lead in online and in-store retailing, setting global targets for healthy and sustainable products-including reducing food waste, use of plastics and making our products healthier to use and eat, and championing development for our future leaders-from learning about the digital mindset to leading our stores of the future.

Under the federal Transparency in Coverage rule, group health plans are required to make publicly available machine-readable files that include in-network rates and out-of-network allowed amounts and billed charges. Click  the link to view the in-network rates and out-of-network allowed amounts and billed charges under the welfare benefits plan in which GSO participates

We are an equal opportunity employer. We comply with all applicable federal, state and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status or any other characteristic protected by law.