IT Security Risk and Compliance Senior Analyst

Apply now

IT Security Risk and Compliance Senior Analyst

This role is tasked with the identification, assessment, measurement, and monitoring of risk and compliance of industry standards. Related duties include auditing responsibilities and project management. Primarily, the role’s goal is to bring our company compliant with industry standards (such as ISO 2700X, ITIL guidelines), eliminate unnecessary risk, and create auditable “paper trails” to record progressive improvement with our procedures. Maintaining this compliancy is of utmost importance.

FULL-TIME · 40 HOURS · Enschede (NL) / Berlin (DE)

The ideal candidate will be up to the challenge of developing risk standards, frameworks, and processes in an innovative and flexible way compatible within an Agile environment. Experience with software development lifecycles (SDLC) is a plus.

This role will work closely with high level management, product owners, and external auditors to implement the procedures and controls necessary to ensure the protection and security of information systems, assets, and customer data.

A strong candidate will work comfortably against roadblocks and habits of a startup environment, can manage projects by order of urgency and impact, and provide timely updates to goals and projected milestones.

This role extends to all our offices in Europe but is primarily centered in Amsterdam. Extend effort toward the following activities: risk assessments, monitoring, and mitigation; policy, standards, and control design and implementation; compliance program management; training and awareness; and, business continuity planning and disaster recovery programs.

Requirements The successful candidate for this role will:

• Design and implement a road map that clearly shows key milestones, associated needs and dependencies to develop a sustainable, effective risk management program.

• Develop a risk framework and processes that allow for effective risk monitoring and mitigation, while still facilitating innovative, fast-moving, empowered cultures.

• Support risk assessment and risk management activities across the company.

• Lead risk-focused culture and process change through training and interaction with key leaders.

• Work closely with team leaders to ensure security standards, policies, and procedures are deeply embedded, understood, and routinely checked for accuracy.

• Support risk and security awareness and training programs.

• Define compliance strategy and lead regulatory compliance initiatives (e.g. HIPAA, PCI, SOX, SSAE16, ISO, FedRAMP or FISMA).

• Lead and perform internal policy and procedure audits.

• Develop and implement a risk reporting framework for management teams and governance committees.

• Support business continuity planning and disaster recovery program.

Desired Qualifications:

• 5+ years experience in risk management, information security, privacy or a data protection or assurance-related function.

• Technical and Functional experience in the domain of Governance, Risk Management, and Compliance

• Proven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations

• Facilitates IT governance implementation

• Effective balancing between policy and procedure related changes versus pragmatic control implementation

• Ability to think strategically about risks and tie those risks to tactical organizational activities

• Ability to manage all aspects of large-scale projects to bring about organizational change

• Experience with risk assessments and compliance of major regulatory initiatives (e.g. HIPAA, ISO, PCI, SOX, FEDRAMP, SSAE16)

Additional Skills:

• Experience within and adjustment of software development lifecycles

• Knowledge of information management, asset management, data classification, and vulnerability remediation

• Experience with Privacy and/or business continuity and disaster recovery

• Effective and comfortable at justifying a control through presentation or debate, highlighting its importance and pushing for appropriate prioritization.

Education: 4 Degree in a related field preferred or previous experience (7 years) can be substituted for 4 year degree

Certifications (at least one preferred but not required): Risk-related certifications (CISM, CISA, CRISC, CISSP, CIPP)

Experience: 7+ Years IT security related role

Other Qualifications:

• Excellent oral and written communication skills in English. German or Dutch skills are a plus

• Superior presentation skills

• Leadership skills

• Ability to multi-task and prioritize your work

• Ability to work effectively with both technical and business executives

• Be approachable for concerns, questions, and priority adjustment

• A willingness to travel is a plus is the leading food ordering website in Continental Europe, with a proven business model that provides an effective revenue stream for restaurants and convenience for consumers. Headquartered in Amsterdam and with established operations in 9 countries across Europe and Vietnam, our business has grown rapidly in recent years. With almost 50 million orders and double-digit growth we are the fastest growing player in many markets and still see a lot of untapped potential.

Are you ready to join?