Tech & Data Security Auditor

Co-design a best-in-class Tech & Data Risk & Compliance framework

How do you make our customers happy?

By keeping their data secure while ensuring our bol platform remains innovative and accessible. In your role in Tech Risk, you’ll analyze and improve our Tech & Data Risk/Compliance & Control framework, earning the continuing confidence of 13.7 million customers and 47,000 partners.

The biggest challenge

Leading the evolution of our Tech Risk & Security framework while keeping pace with regulatory changes and engineering innovations. How do you translate complex EU regulations such as DORA, GDPR, GPSR, NIS2, and AI Act into practical bol policies (also taking into account the policies of KAD), procedures and of course controls that Tech and Data embraces?

What you'll do as the Tech & Data Security Auditor

In this role, you’ll co-design and manage the control framework with the team for our entire Tech & Data community, aligning proposals within the team, coordinating with management, and determining implementation strategies. You realize improvements in first-line Tech & Data risk and compliance processes based on your expertise in EU legislation, directives, and industry standards, including DORA, SOC2, ISO27001, NIS2, PCI DSS 4.0, and GDPR.

Your role extends beyond ‘basic Tech & Data framework implementation’—you’ll also help the Tech & Data community implement controls that align with our risk appetite. Supporting complex internal and external audits, you’ll provide insights as a team member or with the senior members of the team to management, auditors, and regulators, including DNB, AFM and AP.

Your key responsibilities:

• Co-develop and manage policies based on the laws/regulations/KAD policies into bol policies and related procedures and guidance
• Co-develop and maintain the Tech & Data Risk & Security Framework and align with stakeholders in Risk & Control and Tech & Data
• Draft reports for internal and external supervisors: 2nd line R&C, GRC board, 3rd line ADIA (KAD), 4th line external audit FSA, 5th line like DNB, ACM, AFM, AP and external assurance parties
• Be the expert for Tech/Data topics in case of internal or external audits and assurance reviews
• Be the expert for Tech/Data processes: clear understanding of the processes, relevant key controls, possible mitigating measures based on risk assessments, compliancy or bol policies and develop the result into controls in the Tech & Data Framework
• Conduct first-line audits and advise Tech or Data teams on control implementation
• Challenge Tech and Data teams and management
• Facilitate in- and external audits, including proactive stakeholder management
• Be the person to go to regarding compliance topics and issues from 1st line perspective (ad hoc and in a more structured way)
• Co-develop training/workshops/e-learnings to raise awareness and knowledge of Tech & Data community
• Give input for the Q/M-reports to Tech & Data MT and GRC board on the level of being in control of Tech & Data processes, being compliant and net risk

Why you can make a difference

You combine 5-7 years of audit/risk/compliance management experience in complex Tech or Data organizations with proven expertise in IT audit, risk management and/or compliance.

Professional certifications such as CISA, CISM, or CISSP further demonstrate your expertise in establishing and evaluating control frameworks (SOC2, ISO27001, CoBIT) and navigating EU legislation, including AI Act, Data Act, ePrivacy, NIS2, GDPR, and DORA.

Even more importantly, you challenge the status quo constructively and don’t just identify problems but find solutions. You help colleagues understand the ‘why’ behind security measures.

3 reasons why this is (not) for you

Switch to find out

• Security skeptic You suspect security and compliance will always be an afterthought and consider it futile to invest in a robust, proactive risk and compliance culture
• Checkbox champion You prefer ticking compliance boxes to explaining the rationale behind them. Helping colleagues find workable solutions? You’re not compliant.
• Status quo supporter You wouldn’t dream of challenging teams to achieve higher security standards

• Framework fanatic You excel at translating complex regulations into practical controls that Data and Tech teams can implement and embrace
• Collaborative challenger You communicate openly and enjoy helping colleagues across engineering, data, and business disciplines. You work with teams to find solutions
• Proud of what you do You take ownership of your work and defend them with care—you stand behind your solutions.

Where you'll work

You’ll join our extensive operation as a member of the Cybersecurity team, which comprises five specialized sub-teams that all embrace experimentation and new technology. The security, risk and compliance field continually presents fresh opportunities and challenges that we take in stride in our quest to reinvent retail. The atmosphere is dynamic and open-minded. There is no ‘holier-than-thou’ mentality—our strength comes from cooperating as equals, sharing insights, and striving for professional improvement. You’ll work alongside highly experienced colleagues who ensure you’re never on your own. Ready to make security, risk and compliance a success story for every stakeholder?

We take pride in our B Corp certification and strive for continuous improvement every day. Our annual bonus is tied to sustainability goals.