Key skills
RLeadershipRisk Management
About this role
Role Overview
- You design and evolve a company-wide Information Security Management System that goes beyond IT, embedding security into engineering, R&D, production, and supply chain operations
- You translate complex frameworks like ISO 27001, NIS2, GDPR, and other regulatory requirements into clear, practical measures that teams across different countries can actually implement
- You take ownership of the information security risk landscape, building and maintaining a structured risk register, driving assessments, and ensuring risks are actively managed by the right people
- You act as the central authority for information security governance, setting the direction while working closely with IT, HR, Facilities, and local teams to make sure execution matches intent
- You connect information security with physical and personnel security, ensuring these domains work together as one coherent system rather than isolated controls
- You define how we secure our ecosystem, building frameworks to assess and monitor suppliers, partners, and third parties with access to our systems, data, and facilities
- You establish and continuously improve incident management processes, making sure we can detect, respond, and recover fast while strengthening resilience through simulations and real-world learning
- You shape how security is understood across the company, driving awareness and accountability so every team knows their role in protecting what we build
- You operate at the intersection of strategy and execution, working with senior leadership to turn risk, compliance, and security into informed decisions that move the company forward without slowing it down
Requirements
- Solid experience in information security, risk, or compliance, ideally within regulated environments like aerospace, defense, critical infrastructure, or government
- Strong understanding of frameworks such as ISO 27001 and hands-on experience applying risk management and compliance processes in real operational contexts
- Ability to translate regulatory and security requirements into practical, scalable solutions that work across different teams and geographies
- Familiarity with defense-related frameworks like ABDO or similar is a strong plus
- Relevant certifications such as CISSP, CISM, or CISA are valuable, along with an academic background in a related field
- Confidence working with senior stakeholders, clearly communicating risks, priorities, and decisions without overcomplicating things
- Excellent command of English, both written and spoken. Dutch will be highly considered.
- Eligibility for national security clearances in one or more jurisdictions
- Flexibility to travel across Destinus locations and stay close to where things are actually being built.