Head of Information Security - Den Haag, Nederland - Catawiki

Beschrijving

,, - at Catawiki, we come across exceptional objects such as these every day.

Catawiki is the leading online marketplace to buy and sell special objects. We offer over 75,000 special objects in auction every week — each reviewed and selected by one of Catawiki's hundreds of in-house experts specialised in Art, Design, Jewellery, Fashion, Classic Cars, Collectables and many more.

We've sold 10 million unique items to date and it's our mission to become the world's most popular auction destination for special objects.

We're an innovative, pioneering and fast-growing scale-up . If you think you can make a difference to our team, go ahead and apply.

About the role and team

We are looking for a Head of Information Security to lead and manage our cybersecurity function.

As the leader of the team, you'll be responsible for driving our efforts toward ensuring that our customers and employees stay safe: you will do so leveraging automation, being an advisor and evangelizing best security practices. As a manager you will use your experience and technical acumen to lead the security function, coaching and mentoring your security engineers.

To convey a sense of scale, here are a few numbers:

• Around 120 people are in the engineering function
• 12 cross-functional agile teams, grouped into 4 teams of teams
• Around 40 microservices [ruby on rails, golang]
• Up to 15-20k requests per second served

And plenty of bots and bad actors that are trying to breach our perimeter, steal our customers' financial information and commit fraud.

What you'll do

• You are responsible for the entire security team's project success and overall protection of user data and intellectual property.
• You'll maintain security policy compliance, spearhead security projects, and manage technical staff.
• Develop and implement a comprehensive information security strategy aligned with objectives and regulatory requirements.
• Conduct risk assessments to identify vulnerabilities and potential threats in the organization's systems and processes.
• Directly oversee security systems and infrastructure monitoring, promptly identifying and responding to security incidents.
• Assess and oversee the security aspects of third-party vendors and service providers.
• Liaise with Product Development, Platform, Legal and Data Protection to advise on best practices and influence their roadmap

All in a work environment where people from all backgrounds can thrive and grow. Your impact will help millions of people buy and sell the objects of their dreams.

Who you are

• 2+ years of experience as a manager
• 8+ years of experience in the security domain
• Deep understanding of technical security controls requirements and emerging security trends.
• Experience of implementing security detection and response controls within one the major cloud providers (AWS, GCP, Azure)
• Ability to translate technical security issues to a large audience and gather their support.
• Experience with corporate security controls on MacOS.
• Excellent communication skills in English, including communicating well across different functions and different levels in an organization.
• Experience in scale-ups and ability to cope with ambiguity and changing business requirements
• Hands-on experience implementing security controls (i.e. bot detection, WAF) for an environment deployed on GCP, using a major vendor such as Akamai, Cloudflare and similar
• Experience with security regulations such as ISO27001, NIST, or CIS Controls

Where you'll be

This role is based in our Amsterdam office, the Netherlands and reports to our VP Engineering

Here's what we can offer you

This is your chance to join our mission to fulfill people's passions as part of a young and dynamic organization. You'll be part of an enthusiastic, highly motivated team of 800+ Catawikians.

Additionally, you can expect:

• A challenging role in a diverse, international and fast-growing organisation with over 50 nationalities.
• Regular fun activities both on and offline e.g summer parties, boat rides and regular team events.
• Great secondary benefits including a holiday allowance and a fantastic pension plan paid for by Catawiki.
• Hybrid ways of working between home and office. We offer remote and activity-based working, suited to the team and individual responsibilities
• We care about our teams' wellbeing and offer a holistic wellbeing programme including our Employee Assistance Programme offering clinical services, single-session therapy, wellness support and more.
• Tailored learning and development opportunities to support your personal and professional growth;

We want to help you celebrate special occasions in life by:

• Provide employees with a 100 EURO Catavoucher upon joining and 50 EURO birthday Catavouchers;
• Extra days of annual leave for work anniversaries at 3, 5, 8 and 10 years;
• Additional leave allowances for important life events such as moving, engagement & marriage;
• Each year Catawikians get an additional day's leave to Pursue their Passion

Please note that our benefits offering changes depending on which country you are employed in. For our country-specific offering please ask your recruiter.

Our commitment to you

Catawiki's eclectic team represents an international and intergenerational mix of people from different professional and cultural backgrounds. We foster an inclusive and queer-friendly work environment, committed to making every Catawikian feel welcomed and empowered. Whatever your story, we encourage you to bring your unique perspective to the table.

Catawiki stands with Ukraine and encourages people displaced by the current conflict to apply. In addition to the several initiatives we've launched, we're open to ideas on ways we can continue to support the humanitarian effort.

Our offices and way of working

We have sensational offices in Amsterdam, Groningen, Paris and our newest office in Lisbon. Most of our employees are within commutable distance of one of our office locations and enjoy a hybrid work model. This means we expect you to be in the office 2 out of 5 days, roughly 40% of your working time, to collaborate and connect with each other. The exception is of course, if the job description specifically states that the role is 100% remote, as some experts and sales positions are.

Interested?

Apply directly with an English CV and cover letter by submitting your information at the bottom of this page. By submitting your application you agree to .

If you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

Updated: 1 month ago

Job ID:

Report issue

Consumer Goods Rental

Catawiki is the leading online marketplace to buy and sell special objects. Over 75,000 objects are offered in auction every week - each reviewed and selected by one of Catawiki's...

Accept All

Settings

Strictly necessary

Performance

Targeting

Functionality

Unclassified

Strictly necessary

Performance

Targeting

Functionality

Unclassified

Name

Provider / Domain

Expiration

Description

auth Session Used to remember tokens of authenticated user, while user is logged in. Necessary for keeping user logged in.

_icl_visitor_lang_js 1 day Used for saving the visitor's language for default redirection on some pages.

_gaexp Google LLC 3 months Used by Google Optimize to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in

_opt_expid 10 seconds This cookie is created when running a Google Optimize redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that's being redirected.

fccid 1 year 1 month Used by Front. Allows users to live chat with JOIN.

fcaid 1 year 1 month Used by Front. Allows users to live chat with JOIN.

fcuid 1 year 1 month Used by Front. Allows users to live chat with JOIN.

_csrf Session This cookie is used to prevent cross-site request forgery (CSRF) attacks, ensuring that only the legitimate user can submit forms and data requests on the website.

_cfuvid Session Cookie used by Cloudflare for rate limiting, distinguishing individual users who share an IP address for enhanced security and access control.

__mmapiwsid 1 year 1 month Cookie used by minFraud for device tracking, generating a unique ID to distinguish individual devices for fraud prevention and Geo IP tracking.

locale 1 year This cookie is used to remember the user's language version of a website

_hjIncludedInPageviewSample Hotjar Ltd 30 minutes Determines if the user's navigation should be registered in a certain statistical place holder.

_hjUserAttributesHash Hotjar Ltd 1 year User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.

_ga_R6711PBXL0 1 year 1 month This cookie is used by Google Analytics to persist session state.

_gat Google LLC 1 day Used by Google Analytics to throttle request rate.

NID Google LLC 6 months Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.

_gcl_aw Google 3 months Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.

_gcl_aw Google 3 months Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.

_cioid 1 day Used by to identify visitors and offer to send targeted email messages.

RUL Google LLC 1 year Used for re-targeting, optimisation and reporting of online adverts on behalf of Google Inc. Advertising platform DoubleClick.

IDE Google LLC 1 year Used by Google DoubleClick to register and report the website user's actions after viewing or clicking on e of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

SM Session This is a Microsoft MSN 1st party cookie which we use to measure the use of the website for internal analytics.

_clck 1 year Cookie used by Microsoft Clarity to persist the Clarity User ID and preferences, unique to that site is attributed to the same user ID.

_gat_UA seconds This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.

last_marketing_source 1 month Used for internal conversion tracking, saving the source of campaigns.

_ga_9ELT72REP5 1 year 1 month Used by Google Analytics to store and count pageviews.

bscookie LinkedIn Corporation . 1 year Used by the social networking service, LinkedIn, for tracking the use of embedded services.

juj 1 month Used for internal conversion tracking. Keeps track of the user's journey.

li_sugr LinkedIn 3 months Used by LinkedIn to make a probabilistic match of a user's identity outside of their "designated countries" for the purpose of delivering targeted advertisements across various websites and applications.

_gcl_au Google LLC 3 months Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.

CLID 1 year This cookie is usually set by Dstillery to enable sharing media content to social media. It may also gather information on website visitors when they use social media to share website content from the page visited.

_fbp Meta Platform Inc. 3 months Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.