Maurits Van den Heuvel
IT Risk Management & Cybersecurity Consultant
Rotterdam
Summary
I am an experienced Program Manager and Consultant (25 years). I have a strong background in Cybersecurity and Information Risk Management. I help organisations implementing security and risk compliance, including design and testing controls, performing risk assessments and IT audits. I have extensive experience with application development, IT infrastructure (changes) and outsourcing. Other areas of knowledge are: (Customer) Identity & Access Management, Privileged Access Management, ABAC, SIEM, Vulnerability Management, ISO27001/2, Fraud Analytics, Online banking and mobile banking. Last 5 years I have gained experienced in introducing Agile/Scrum and DevOps way of working. I worked for companies like Shell, ING, Accenture, ABN AMRO, Rabobank and iWelcome in different roles like Program/Project Manager, IT Risk Manager, CISO, Risk Management Consultant or Product Owner. I am result driven and pragmatic. I feel responsible and dedicated to my job. This is what I also expect from my team members. I am passionate about new technology developments like Artificial Intelligence, Policy Based Access Control, Self-Sovereign Identity and the application of these developments in private and business life.
Overview
26
26
years of professional experience
3
3
Languages
Work History
Partner
CPI
10.2022 - Current
- CPI is a consultancy firm specialized in Governance, Risk, Compliance
- We help customers improving on Enterprise Risk Management, Information Risk Management, Compliance, Cybersecurity topics and related areas.
Program manager IT Risk Management
OOM Verzekeringen
10.2022 - 09.2023
- Implementation of the DNB Good Practice
- Defining IT Risk Control framework, design and implementation of IT Controls, including Risk Mngt process, IAM controls, Third party risk management controls, etc., Identity & Access Management
- Product Owner involved in implementing Policy Based Access Control
- Publications
- Identifying the cost of security, Journal of Information Assurance and Security, Volume 5, 2010, page 74-84
Program manager Security
Isabel Group
01.2023 - 06.2023
- Leading a program to replace an authentication solution (Smart Card) with a token-based solution
- 50,000+ customers needed to switch from a Smart card to a token solution.
Sr. IRM Consultant
LeasePlan
07.2022 - 12.2022
- Follow up of ECB findings and get them closed; Policy writing, facilitating RCSA execution and any other IRM related tasks.
Global Product Owner Identity & Access Management
AXA Group
02.2021 - 09.2022
- Access Management Tasks and responsibilities:
- Providing Identity related services to all AXA GO entities worldwide; increase customer base and keep services on par with market
- Ensuring the Identity Access Governance implementation project delivers the right features
- Design of IAM TOM based on new solution
- Upgrade of the current Global PKI Infrastructure
- Implementing Internal Controls and ensure Operational Effectiveness
- Result: IT controls have been implemented
- IGA project is still running, same for PKI upgrade project.
Security & Compliance Manager
CSU Total Care
09.2021 - 06.2022
- Implementation of an ISMS
- Vendor security management
- Assurance of data privacy within the company
- Security/privacy incident management
Owner / Managing Consultant
Red Angle
05.2020 - 05.2022
- Red Angle is a Security consulting company
- Red Angle focuses on Security Advisory, Risk Management and Identity & Access Management
- Red Angle does help companies with a variety of IT Risk Management and Security related challenges, from ISO 27001/2 certification and compliance programs to the implementation of security technologies for MFA, Security Monitoring, End point protection, threat hunting, etc.
Risk Management Consultant
KNAB
11.2020 - 02.2021
- Creation of an IT Risk Control framework
- Define an improvement plan for implementation of IT Controls
- Translate IT Controls into measures that should be implemented
- Result: IT Risk Control framework has been created
- It has been explained and handed over to the standing ORM and IT Security organization
- A draft implementation plan has been defined
- This draft plan has been taken over by IT Security team to start implementation.
IT Security Consultant and Project Manager
Rabobank
02.2019 - 11.2020
- Helping the organisation to plan and execute initiatives (projects), as part of the STEP (Security Threat Elimination Program)
- Portfolio management, priority setting of initiatives to ensure highest risks are mitigated first
- Result: Maturity of the organisation (against the NIST framework) has significantly increased
- Enhancements have been achieved in different areas like end point detection and response, security monitoring, threat management, hardening, zoning, ransomware detection and response, Identity & Access Management, and a lot more.
Information Security Consultant
Fujitsu / Gemeente Groningen
12.2019 - 05.2020
- Developing IT Control framework specifying ISO27001/2, BIO and AVG controls including test plans
- Result: Evidence has been specified for about 540 controls of ISO27001/2, BIO and the AVG (GDPR)
- These instructions have been entered into the corporate compliance tool
- The company has implemented internal control testing process.
IT Security Consultant and Project Manager
VodafoneZiggo
09.2018 - 02.2019
- Consolidation of PKI environments; creating PKI design; Project Management; Implementation of Compliance and vulnerability management process; creation of policies and standards; process implementation
- Result: PKI Roadmap has been delivered; accountabilities and responsibilities are assigned and initiative to reduce the number of PKIs has started.
Identity & Access Management Consultant
Port of Rotterdam
10.2018 - 11.2018
- Helping Port of Rotterdam to define next steps for a I&AM strategy; conducting an Identity &Access Management market scan for selecting a new I&AM product (Okta)
- Result: An advisory report has been delivered discussing direction, I&AM strategy and potential products that could be purchased
- Specific attention was given to organisational aspects and processes.
IAM Consultant / Program Manager
ING
03.2018 - 08.2018
- On boarding of, entities to the Global IAM Services
- Central program management activities, supporting entities with their objectives to decrease IT risk appetite scores, increasing User experience, and lower TCO
- Provide advice on IAM topics like role management, implementing fine grained access, capturing IAM requirements
- Result: On boarding plan has been created, 3 entities on boarded based on ETL technology
- Assignment was not completed as a result of strategic changes.
Product Owner
iWelcome B.V
03.2017 - 06.2018
- Identity as a Service
- Tasks and responsibilities:
- IWelcome is the only European based IDaaS provider being GDPR compliant; I was responsible for on boarding of customer environments; connecting applications and portals to the iWelcome platform; stakeholder management and project management
- Identity federation (OpenID, OAuth, SAML, WS-Federation), SSO (SAML, ADFS, Shibboleth, etc.) and other technologies like 2FA, self-service, etc
- Are provided by the solution
- Working with an Agile/scrum t
- Result: Onboarded several customers like Admiral, Ohra, Quby and Aktion-Mensch
- Customer Identities were then managed in the cloud and enabled their businesses to roll out new on line services.
Interim Delivery Manager and Risk Manager
Rabobank
11.2016 - 03.2018
- Responsible for implementing a DevOps way of working within five IAM development teams, driving change in behaviour and attitude, initiating knowledge sharing sessions, educate persons on Agile/Scrum/ DevOps principles
- Resource management (50 fte)
- Responsible for all GRC topics within the IAM department; IT Risk self-assessments, GDPR topics, guiding internal audits; business continuity implementation and develop agile security skills of our people
- Result: DevOps way of working further improved
- Security controls implemented based on outcome of IT risk assessment.
Continuity Manager / DevOps Implementation Lead
06.1997 - 11.2016
- Tasks and responsibilities:
- Resource management, responsible for the continuity of all applications managed by the IAM department (15 fte); incident & problem management; implementation of DevOps way of working within the IAM development teams; driving change in behaviour and attitude, initiating knowledge sharing sessions, educate persons on Agile/Scrum/DevOps principles
- Result: Further improved agile way of working in the teams; no major incidents have happened
- During this period I have had assignments with companies like ING, Postbank, NN, Accenture, Shell and ABN AMRO
- For a few years I had a start-up company focussing on Application Performance testing
- Working for Accenture as a Managing Consultant involved in HR, Project Management, Sales
- I’ve started my own business (Hillmoor Consulting) being a freelance Security Consultant and Project Manager in 2008
- I’ve had several assignments in the field of Information Security and Risk Management working as a:
- Security Consultant involved in policy writing, executing risk assessments and IT audits
- Project Manager involved in implementing PKI environment, outsourcing of Postbank.nl D/R environment, Mobile Banking, Outsourcing of Security services, Fraud prevention
- Information Risk Management Consultant involved in Risk Assessments, IT Compliance, implementing a new policy framework based on ISO27001.
Education
Bachelor of Science degree - Business Administration
Technische Hogeschool Rijswijk
Master of Science degree - Cooperative Computing
Middlesex University
Master of Science - Co-operative Computing
Middlesex University
December 1999
Bachelor of Science - Business Administration, Logistics
Technische Hogeschool Rijswijk
December 1996
VWO - undefined
June 1993
C. - undefined
.G. Comenius, Capelle aan den IJssel - undefined
2018
Defense Against Modern Targeted Attacks (Blue/Red teaming, Outflank) - undefined
2018
CIPP/E + CIPM (Certified Information Privacy Professional/Manager) (IAPP) - undefined
2017
ISO 27001 Lead Implementer (PECB) - undefined
2016
CISM (ISACA) - undefined
2015
Scrum Master - undefined
PSM - undefined
2014
Cloud Security and Compliance (Cloud Security Alliance, TSTC - undefined
2012
Essentials of Banking Risk (NIBE) - undefined
2012
Critical Chain Project Management (ToC Academy) - undefined
2010
MSP - undefined
2010
Theory of Constraints Thinking Processes (Ceasar Academy) - undefined
2009
CISSP (ISC2) - undefined
2009
Lean Six Sigma Black Belt (University of Amsterdam - undefined
2006
Prince II Practitioner - undefined
2006
Prince II Foundation - undefined
De
2002
Master of Information Security - undefined
Technical University Eindhoven
Project management (NIMO) - undefined
2000
Information Security Policies (IBB, Exin) - undefined
2000
Generic banking course (AOB/NIBE - undefined
2000
Master - undefined
2001
Skills
- Expertise
- Information risk management:
- Identity & Access Management, Key Management, PKI, DNB Good Practice, IT audit, ISO27001/2, IRAM, DORA, NIS2, SOx, COSO, IT Control framework, Control Testing, risk assessments
- Application development: Agile, Scrum, DevOps, Performance testing, REST, SOA, ESB, Data migrations
- Program/Project management: Prince II, IPMA, MSP, Agile project management, Waterfall, Digital Transformation, DevOps
- Process control and improvement: CMMI, ITIL, Lean Six Sigma, COBIT, ASL, BiSL, FMEA
- Outsourcing: Infrastructure / business processes
- Business areas: Insurance, Banking, Oil & Gas, Payments, Clearing, Leasing, Financial markets, Internet Banking, Cards
Work Preference
Work Type
Full TimeLocation Preference
HybridTimeline
Program manager Security
Isabel Group
01.2023 - 06.2023
Partner
CPI
10.2022 - Current
Program manager IT Risk Management
OOM Verzekeringen
10.2022 - 09.2023
Sr. IRM Consultant
LeasePlan
07.2022 - 12.2022
Security & Compliance Manager
CSU Total Care
09.2021 - 06.2022
Global Product Owner Identity & Access Management
AXA Group
02.2021 - 09.2022
Risk Management Consultant
KNAB
11.2020 - 02.2021
Owner / Managing Consultant
Red Angle
05.2020 - 05.2022
Information Security Consultant
Fujitsu / Gemeente Groningen
12.2019 - 05.2020
IT Security Consultant and Project Manager
Rabobank
02.2019 - 11.2020
Identity & Access Management Consultant
Port of Rotterdam
10.2018 - 11.2018
IT Security Consultant and Project Manager
VodafoneZiggo
09.2018 - 02.2019
IAM Consultant / Program Manager
ING
03.2018 - 08.2018
Product Owner
iWelcome B.V
03.2017 - 06.2018
Interim Delivery Manager and Risk Manager
Rabobank
11.2016 - 03.2018
Continuity Manager / DevOps Implementation Lead
06.1997 - 11.2016
Bachelor of Science degree - Business Administration
Technische Hogeschool Rijswijk
Master of Science degree - Cooperative Computing
Middlesex University
Master of Science - Co-operative Computing
Middlesex University
Bachelor of Science - Business Administration, Logistics
Technische Hogeschool Rijswijk
VWO - undefined
C. - undefined
.G. Comenius, Capelle aan den IJssel - undefined
Defense Against Modern Targeted Attacks (Blue/Red teaming, Outflank) - undefined
CIPP/E + CIPM (Certified Information Privacy Professional/Manager) (IAPP) - undefined
ISO 27001 Lead Implementer (PECB) - undefined
CISM (ISACA) - undefined
Scrum Master - undefined
PSM - undefined
Cloud Security and Compliance (Cloud Security Alliance, TSTC - undefined
Essentials of Banking Risk (NIBE) - undefined
Critical Chain Project Management (ToC Academy) - undefined
MSP - undefined
Theory of Constraints Thinking Processes (Ceasar Academy) - undefined
CISSP (ISC2) - undefined
Lean Six Sigma Black Belt (University of Amsterdam - undefined
Prince II Practitioner - undefined
Prince II Foundation - undefined
De
Master of Information Security - undefined
Technical University Eindhoven