Senior Advisor information security and privacy protection

• Supports the Information Security & Privacy Officer in developing, keeping up to date, adapting and implementing the information security and privacy policy for the MGZ domain and thus contributes to guaranteeing the confidentiality, integrity and availability of the (digital) information provision (IV ) and the lawful processing of (special) personal data by:
• Monitoring and updating developments in the field of information security and privacy protection and assessing their consequences for the MGZ domain;
• Supporting the translation of requirements from relevant legislation and regulations (such as the GDPR, the WGBO, the WegiZ) into preconditions and requirements in the field of information security and privacy protection;
• Supporting the translation of the MGZ IV vision and strategy into preconditions and requirements in the field of information security and privacy protection;
• Adjusting and applying the policy in the field of information security and privacy protection for the MGZ domain;
• Developing guidelines, implementing regulations and procedures in the field of information security and privacy protection for the MGZ based on the policy of the HDBV and other policy-making bodies and officials relevant to the functional area (including BA, FG, IMG);
• Drawing up and keeping up to date a framework of standards for information security and privacy protection for the MGZ;
• Providing advice and expertise in policy translation into implementable information security and privacy policies within the MGZ domain.
• Supports the Information Security & Privacy Officer in obtaining and maintaining the necessary certifications for the ISO27001, ISO27701 and the NEN7510 standard for the staff and for the various healthcare companies, by ensuring the management of the Information Security & Privacy Management Systems (IPMS). ) Through:
• Supporting the integration of the IPMS with the quality management system (QMS - ISO9001) within the staff and healthcare companies;
• Preparing periodic meetings with the information security committees (IBC) of the staff and the various healthcare companies;
• Keeping the Measuring and Monitoring tool of the staff / healthcare company up to date by monitoring ongoing actions, risks and the status of the mitigating measures for identified deviations during internal or external audits;
• Planning and carrying out internal audits in the field of information security and privacy protection as part of the management system and supporting healthcare companies in carrying out the planned internal audits;
• Supporting the performance of risk analyzes by identifying information security and privacy risks, initiating proposals for measures to mitigate these risks and keeping the risk register for the staff / healthcare company up to date;
• Providing support in setting up and initiating periodic information security and privacy awareness programs and advising on information and training from the ISPO to users in the correct handling of information (systems) and digital (personal/special) data;
• Identifying processing operations of personal data and maintaining the Defense register of data processing operations;
• Determining risky data processing for which a Data Privacy Impact Analysis (DPIA) is required and initiating and developing DPIAs (together with the staff / healthcare companies) in the role of secretary;
• Supporting staff / healthcare companies in carrying out operational planning as part of the ISMS;
• Supporting the preparation of an annual audit plan for the MGZ; supporting the organization and preparation of external (certification) audits; preparing periodic reports on the information security policy and privacy policy pursued, the progress of implementation of mitigation
• Background of the assignment
• The military health care system is responsible for providing regular and operational medical support with the best care for the (deployed) soldiers, takes into account the provision of humanitarian aid to needy parties and can provide medical support to the civil authorities if necessary . Military healthcare is housed within the Defense Healthcare Organization (DGO) and several defense units (DOs).
• The DGO staff consists of the Command Group, the Strategic Military Healthcare department (SMG), the Operational Military Healthcare department (OMG), the Regular Military Healthcare department (RMG), the Operations department (BV), the Medical Information Management department (MIM), the Healthcare Information, Declaration and Expertise (ZDE) department and the Sustainable Healthy Employable Team.
• The Medical Information Management (MIM) department is responsible for the development and maintenance of the (digital) information provision of the entire military healthcare system. The MIM department consists of a head, a deputy head, (senior) information managers, (temporary) project leaders and the Information Security & Privacy Officer.
• The department has a varying pool of temporary employees depending on the projects underway at any time. The Information Security & Privacy Officer acts as an advisor and internal auditor in the field of information security and privacy protection of information provision within military healthcare.
• To strengthen the team for information security and privacy protection, we are looking for a (senior) advisor to support the Information Security & Privacy Officer.
• To demand
• Candidate has at least 5 years of demonstrable work experience in advising on and implementing an information security and privacy policy within healthcare organizations (with a highly differentiated IT environment).
• Candidate has at least 5 years of demonstrable work experience in guiding healthcare organizations with setting up and implementing an ISMS to achieve ISO/NEN certification (hands-on mentality/experience is required; not experience as an advisor).
• Candidate has experience with integration of management systems ISO27001 and ISO9001 within healthcare organizations (hands-on mentality/experience is required; not experience as an advisor).
• Completed HBO education (diploma)
• Certified ISO27001 and ISO9001 lead auditor
• Completed training for CIPP/e and/or CIPM
• Wishes
• Completed HBO or academic education in business administration, (administrative) information science or computer science
• At least 5 years of demonstrable work experience within healthcare organizations with regard to drawing up an audit plan and the associated work program, carrying out internal audits, drawing up audit reports, monitoring the follow-up of findings and reporting progress.
• Completed training for CISSP and/or CISM
• Completed training for ISO27701 lead auditor / lead implementor
• Completed training for RE and/or CISA

Belmont Lavan