Security Compliance Officer

You’ll work in the Security Services Department, work closely with other Security Compliance Officers and report directly to our CISO. In that role, you’ll support teams to help them comply with security requirements and improve processes, with the aim of increasing the maturity of our information security management (CMM). As well as managing our ISO27001 certification, you’ll contribute to the implementation of SOC2.

Here's what you'll be doing:

• Your focus will be on tactical and operational aspects. As Security Compliance Officer, you’ll support the CISO and independently assume responsibility for compliance tasks. You'll be working closely with teams within the organisation. Your main duties and responsibilities will be:

• Compliance and audits: You’ll monitor the effectiveness of security controls and ensure that they demonstrably meet the applicable internal and external requirements. In that context, you’ll work in close consultation with the control owners and your fellow Compliance Officer. You’ll play an active role preparing for and guiding external audits (e.g. for ISO 27001, SOC 2).

• Cooperation with teams: You’ll act as the contact person for teams with compliance questions, and you’ll help them demonstrably ensure that their day-to-day activities are compliant.

• Parameters and policy: You’ll contribute to the definition, maintenance and refinement of security policy, guidelines and standards, without unnecessary bureaucracy and in keeping with the character of our organisation.

• Reporting and analysis: You’ll provide input for management reports on compliance, risks and audit findings, and you’ll help to ensure that such reports are useful and understandable.

• Risk management: You’ll contribute to risk analyses and evaluations, and you’ll advise on appropriate action to mitigate the identified risks.

• Awareness programme: You’ll contribute to the design and implementation of an effective awareness programme for all personnel, in order to reinforce the organisation’s security culture.

• Legal compliance: You’ll ensure that our information security always complies with all relevant legislation and regulations, including the GDPR, NIS2 and CBW.

Our core values of customer focus, trustworthiness, innovation, independence and professionalism strike a chord with you. And you want to keep learning and developing. If that sounds like you, you'll fit right in! Because we allow people to be themselves.

You'll also have:

• At least a higher vocational qualification in a relevant field (e.g. informatics, technical business management, cybersecurity)

• At least 5 years' relevant work experience in a similar role, preferably within an organisation responsible for critical infrastructure or in the internet industry

• Preferably a CISM or CISSP qualification; otherwise we will support you in acquiring such a qualification

• Demonstrable experience of realising and maintaining ISO 27001 compliance, and preferably knowledge of SOC 2 and other relevant frameworks

• Up-to-date knowledge of the GDPR, NIS2 and CBW (essential)

• Good knowledge of cloud security, identity & access management (IAM) issues and understanding of network protocols and the OSI model

• Knowledge and experience of project management

• Knowledge of the Dutch language to at least B1 level and preferably B2 level

We’re looking for a proactive, stress-resistant professional with excellent communicative and advisory skills. You’ll be able to communicate with and persuade people at various levels, from executives to technical team members. You’ll have strong analytical ability and good organisational skills, enabling you to tackle complex issues effectively and see projects through to a successful conclusion. You’ll also need to live in the Netherlands.

For us, it's all about balance. Balance between hard work and relaxation, between performance and reward, between your ambitions and ours, between an inspiring office environment and the convenience of working from home, and of course between professional and private life. As well as utilising the latest, proven internet technologies, we also work with modern IT systems for easy collaboration, remotely, physically and in hybrid forms. We also make sure that our people have well-equipped home workstations, plus access to an office space with everything they need to get together, collaborate and inspire each another.

If you want to go running or visit granny during office hours, we're okay with that. As long as you live up to your professional responsibilities, we'll work out between us exactly how and when you do your work. And we're not fans of annual performance appraisal. What really matters is year-round personal development and results. Where you take the lead. It’s a philosophy that our personnel really like: Effectory designated us a Worldclass Workplace for 2025-2026. Recognition for our passion and outstanding employment practices.

Pay and other benefits

What’s in it for you? First, ample opportunity for growth and skills development. After all, you'll be helping us take our IT set-up in a whole new direction. On-the-job growth will go hand-in-hand with training-based personal development -- for which we have a generous budget! There's an attractive benefits package as well:

• Gross monthly salary of up to €5,600, depending on professional experience

• Holiday pay of 8 per cent, plus a thirteenth salary payment

• A variable collective bonus of up to 4 per cent

• An attractive extra bonus if you introduce us to a new colleague

• A basic holiday allowance of 25 days, plus scope for building up to 13 days' occasional leave entitlement, if you work full time

• A pension with ABP

• A business rail card if you come to work by public transport

• A travel allowance if you come to work using your own transport

• A PluralSight licence and the opportunity to acquire other certificates

• A daily home working allowance for every day that you work from home

• A complete, healthy home workstation

• €55 a month (net) for your home broadband

• €25 a month (gross) contribution to your health insurance

• Additional parenthood leave on full pay

• An optional cycle lease scheme, where SIDN covers 50 per cent of the lease cost, up to a maximum of €60 (gross) per month

• €500 a year to donate to a good cause of your choice

• Your own .nl domain name and hosting package

• Professional coaching and budget coaching

• A relocation allowance if taking the job means moving house

Everything above is for a full-time role.

The selection procedure includes screening, which involves obtaining a Certificate of Good Behaviour (similar to a criminal record check), and performing reference and integrity checks.

Recruitment agencies need not respond.