Introduction
- 36 hours per week
- Start: 01-03-2026
- End: 01-09-2026
- Possible extension: Yes
- ZZP is not allowed
- Candidates Must live in Netherlands at this moment
Organization
The role of the senior (!) IT Risk SME is within the Center of Excellence (CoE) IT Control & Service Management which is part of our (IT) 1Global organization. In this role (based in EU, Amsterdam) you will help to manage and reduce the organization’s information risks through continuous management & reporting related to the IT Risk & Control Framework.
You act as a professional who is specialized in identifying, assessing, and mitigating risks associated with information technology systems and infrastructure.
Additionally, in this role you might also be involved as a domain expert for the timely completion of Internal & External IT audit evidence requests, questions, and action items.
You will fulfil a 1LoD QA Control role, help improve our IT R&C Framework and processes, and ensure compliance with laws and regulations.
You do this all in close collaboration with IT Risk SME’s in NL and in the other regions (AP and US), colleagues in IT, Risk Management (2LoD), and suppliers.
Function
Continuously manage, maintain and monitor on the IT R&C Framework.
Contribute to solving two (actual) IT Risk related OSI findings that are mainly about:
1. Further improvement of our IT R&C framework and related processes.
2. Further improvement of our Risk Self-Assessment (RSA) process.effectively
Prepare, coordinate, execute, and document 1LoD workshops and supporting evidence referrred to above-mentioned OSI findings.
Related to the OSI findings, 1LoD risk-related processes must be designed, documented, and implemented.
Liaise with the IT CoE (Center of Excellence), and 2LoD on key issues and projects.
Executes various risk assessments and analyzes the data, presents the results and conclusions to management. Researches deviations and advises about risk mitigating actions.
Organizes and controls follow-up on assessments.
Responsible for management reporting on the IT R&C Framework to senior stakeholders for any needed improvements and advises on the development and implementation of changes in standards and procedures.
Educating employees on IT Risk management best practices.
Give direction.
Reviews and revises IT procedures and makes recommendations for their implementation.
Provide 1LoD IT Risk guidance within the IT Control & Service Management team across all aspects of the IT landscape; inclusive of Client and Third Party questionnaires.
Collaboration and cooperation with IT teams and individuals across the globe on various IT Risk (process) related initiatives, projects and tasks.
Requirements
Bachelor’s / Master’s degree or equivalent degree/experience.
10+ years of working experience in an IT or Compliance environment.
Minimum of 5 to 7 years of IT Risk experience, working with both internal and external IT Risk & Control and Audit teams.
Certifications required:
CISM,
CISA,
CISSP,
CRISC or CGEIT
Certifications preferred:
Cloud Audit Academy AWS-specific,
Cybersecurity Practical Applications Certificate,
Certificate of Cloud Auditing (ISACA),
Certified Internal Auditor (IIA)
Experience working in a regulated and/or financial and/or IT industry preferred
Key Competencies:
Knowledge of IT Risk, NIST, COBIT, ITIL frameworks (knowledge and experience with NIST highly preferred).
Knowledge of Audit Lifecycle but main focus in the role will be on our IT R&C Framework activities.
Familiarity of IT best practices, particularly in the financial services industry.
Knowledge of information management and of IT systems, processes, and regulations.
Your nature is to take the lead and act in the driver seat, not waiting until others tell you what to do.
Excellent oral and written communication skills.
Ability to effectively communicate with all levels of an organization, including senior management/stakeholders.
Strong attention to detail & documentation required.
Strong interpersonal skills.
Familiarity with Atlassian Products (Jira, Confluence), AGRC and/or ServiceNow a plus.
Additional information:
We will only look into senior profiles. Medior and junior profiles will be rejected and not considered! So be critical of the job requirements when you deliver a profile!
Work from the NL office at least 3 days/week (Mon and Wed are mandatory)
Open to flexible working hours to collaborate with global teams.
As of January 1, 2026, we will be using a standard working week of 36 hours for external staff (to be determined in consultation with the functional manager)
Extra info:
Specialist or consultant on IT, Security, Risk Management
2 roles are a temporary addition to the current team / 2 persons who are already working on it
Certifications; One of CISM, CISA, CISSP, CRISC, CGEIT and Audit Certification and kind of Risk Management certification
There are 2 topics where needs to be work on;
1. Risk assessment (2nd line)
2. IT control framework (1st line)
Information
Sean Verhoef +31(0)20-3337629
Application
Sean Verhoef +31(0)20-3337629