Senior Risk and Compliance Officer - Hybrid
Hybrid- Amsterdam, Noord-Holland, Netherlands
Information Security and ComplianceCompliance, Hybrid, Security, Senior
Job description
Hybrid: from our office at Amsterdam Central Station and from home
Full-time: 37.5 hours per week (working part-time is also possible)
Salary: Up to EUR 80.000 plus excellent secondary benefits (see below)
IMPORTANT: you should be living in the Netherlands or willing to relocate
Become our Senior Risk & Compliance Officer to manage all the aspects of the organisation’s risk management lifecycle, enabling the organisation to understand and operate within the desired risk appetite. In this role, you will be executing a compliance roadmap utilising industry known compliance frameworks. Your communication and stakeholder management skills will effectively be contributing to a good understanding in the whole organisation of the importance of Risk and Compliance, and inspiring your colleagues to contribute to this purpose.
As our Risk & Compliance Officer, you will report to the Chief Information Security Officer and work together with our Risk and Compliance Manager. You enable each team by structuring, coordinating, monitoring and advising on their risk management activities. Together with your team, you ensure that business and technology processes are organised and executed in such a way that the risks are being managed within the assigned risk appetite.
Compliance is essential for the integrity of the RIPE NCC’s registry of IP addresses and Autonomous System Numbers, and the RPKI trust anchor. You will lead the process of a mindset change where Risk and Compliance are integrated into everyday business. This will require a proactive, coaching and change-focused leadership style.
In this role, you will:
Maintain and optimise the Enterprise Risk Management Framework and execute periodic (enterprise level) risk assessments
Maintain the enterprise risk register and track risk exposures against RIPE NCC’s risk appetite
Execute a company wide compliance roadmap and shape an integrated control framework to demonstrate continuous compliance against industry standards
Guide compliance control implementation and perform periodical compliance control reviews
Monitor control performance of compliance controls across the organisation for timely and effective execution
Report on risks and control effectiveness using data driven methods
Assist in internal and external audit and assurance activities and act as a point of contact for external auditors
Work together with other departments to increase their awareness regarding Risk & Compliance
Assist in the development and implementation of Business Continuity Planning and testing
Job requirements
What we expect from you:
Minimum five years of experience in Risk and Compliance, preferably in the Technology sector
MSc in Computer Science, Information Security or equivalent
Relevant certifications such as CISM, CISA, CRISC, ISO 27001 lead auditor/implementor or similar
Hands-on experience with at least one of following industry standards: ISO 27001, ISO31000, ISAE 3000 (SOC2)
Practical experience on maintaining risk registers & controls, familiar with control procedures, automation, monitoring, testing, collecting evidence and remediation activities
Familiar with Governance, Risk & Compliance (GRC) tooling. GRCimplementation experience is a plus
Excellent program management skills
Excellent presentation and communication skills, with fluency in English.
Proactive, independent and assertive approach
What you can expect from us:
- 😎 A modern, flexible and informal work environment with an emphasis on a healthy work/life balance
- 🏡 Flexible work-from-home policy, so you can arrange your weekly office and 'working from home' days in a way that works for you. Working from abroad for a number of days per year is also possible
- 💸 An annual salary up to EUR 80.000 (before tax). This includes the standard 8% annual “holiday pay”.
- 👏 Excellent secondary benefits: 5% end-of-year allowance, ❤️🩹annual budgets for health, 🚲 transportation and 💻 technology purposes,💰 non-contributory pension scheme, 👪 paid parental leave, 🫶 top-tier health insurance coverage for you and your family and 🌴 33 vacation days (full-time).
- 📚A generous training budget each year that can be used for professional development.
- 🌮An in-house free barista providing healthy varied lunches on Tuesdays and Wednesdays and nice breakfasts on Thursdays, plus monthly office drinks.
The department
Our Information Security and compliance team is composed of 5 dedicated colleagues: our CISO, our Risk and Compliance Manager and three Information Security Engineers. They are responsible for all the security and compliance aspects of our organisation.
About the RIPE NCC
The RIPE NCC is a not-for-profit organisation founded on the belief that the Internet should be governed openly, transparently and together with the wider Internet community. We are one of the oldest Internet organisations in Europe and are proud of our legacy.
Our strongest asset is our staff. We bring together more than 185+ people from more than 40+ countries in our modern, vibrant office in the east wing of Amsterdam Central Station. Our official working language is English, but more than 30 languages are spoken by our colleagues.
Our backgrounds are diverse, but our goal is the same: work for the good of the Internet. Our vision: Together, let’s shape the future of the Internet. Will you join us?
How to Apply
If you are interested in this position, please click on the Apply Button and fill in the short application form. Send it to us together with your CV and motivation letter (in English only please). An assignment and a pre-employment screening (done by Validata) will be part of the recruitment process.
or
Thanks for your application!
We have received your application. Our team will review and contact you regarding next steps as soon as they can.