Privacy & Security Specialist

Privacy and security must be built in from the very beginning. As a technically skilled specialist, you help teams build solutions that are secure, compliant, and practical. You bridge the gap between technology and legislation, ensuring that your colleagues can rely on your advice with confidence.

Where you will work

SURF is the ICT cooperative for Dutch educational and research institutions. Together with them, we work on digital services and complex innovation challenges to enhance the quality of education and research.

You will be working in the Accessible and Open Education & Research unit, which consists of 10 different types of teams, all of which are involved in the development of digital sector-wide services for institutions.

Working at SURF means working for a unique and open organization. This is evident in everything: the structure of the organization, the setup of the project teams, the culture in our offices, and the atmosphere among colleagues. SURF offers excellent terms of employment and takes a flexible approach to work/life balance. Employees enjoy working independently. In addition, everyone is given the space and freedom to use and develop their talents as effectively and broadly as possible.

The team you will join

Within the unit, you’ll work in an environment where privacy and security are essential: we handle sensitive data from education and research, and new digital services are constantly being developed and expanded. We adhere to the principles of open and reusable design, while at the same time ensuring that privacy and security are built into our development process “by design” and “by default.” The challenge lies in striking the right balance: how do you ensure maximum openness and accessibility while firmly safeguarding privacy and security?

You’ll work closely with team leads, product managers (PMs), technical product managers (TPMs), legal counsel, and a fellow privacy and security advisor. As our products and services grow, the team is expanding. Together, you’ll ensure that technical solutions comply with applicable standards and best practices, while also being practically applicable for the teams that build and manage them.

What you will do

As a Privacy & Security Specialist, you advise teams on the privacy and security aspects of technical solutions and processes. You ensure that teams incorporate privacy and security from the design phase through to the decommissioning of a service, in a way that is feasible for the teams. You interact daily with PMs, TPMs, team leads, and legal counsel, serving as a clear bridge between these disciplines.

Other responsibilities include:

• Assessing risks and aspects related to availability, integrity, and confidentiality;
• Evaluating technical designs, architecture, and processes for privacy and security aspects
• Advising on how to apply privacy and security by design and by default
• Documenting privacy risk assessments in DPIA’s and internal documentation.
• Translating practical, technically feasible guidelines and implementations within (legal) frameworks and best practices
• Engaging and supporting team leads and the unit so they can effectively manage privacy and security within their teams
• Contributing ideas on solutions and alternatives, with a focus on what is feasible within the frameworks
• Contributing to a consistent and reliable compliance process within the unit

Your skills and experience

First and foremost, you are a tech-savvy professional with a strong sense of privacy and security. You understand how systems are designed and built, while also being able to interpret and apply legal and compliance frameworks. Your colleagues rely on your advice because you work meticulously, provide well-reasoned arguments, and look beyond just risks and the GDPR.

In addition, you have:

• A college or university level of work and thinking, preferably in IT, cybersecurity, or a related field;
• Preferably knowledge of or experience with (best practices in the field of) the security of digital systems and personal data;
• Preferably knowledge of or experience with privacy-by-design strategies, in which privacy is an inherent attribute of digital (eco)systems, software, and innovation.
• Preferably knowledge of or experience with privacy legislation (such as the GDPR) and compliance processes;
• The ability to switch between technical, legal, and organizational perspectives;
• Experience advising on privacy and security in technical environments;
• Affinity with or knowledge of the fields of education and/or open science (a plus);
• A proactive attitude and the ability to contribute constructively to finding solutions.

SURF takes pleasure in doing its recruitment itself; acquisition is therefore not appreciated.