Junior IT Risk Expert

Embark on a transformative journey with our team as a Junior IT Risk Expert, where your expertise is crucial in our IT risk & control frameworks. In this pivotal role, you're not just a subject matter expert; you're a consultant, an advisor, and a team player, crafting and leading the activities that redefine how we manage IT risk and control.

You and your job

Imagine a position where your day-to-day efforts directly influence the 1st line risk management activities of Rabobank's IT department, where collaboration with a team of dedicated professionals is not just encouraged but essential to our collective success.

You are part of a team whose mandate is to oversee the General IT Controls (GITC) lifecycle, align stakeholders including External Auditors, and drive continuous improvement across risk control execution, without owning risks or controls. By embedding and coordinating consistent execution, automation and quality oversight you ensure the control structure can adapt and scale in response to new regulatory demands.

In order to achieve our strategic ambitions we are looking to expand the team with a Junior IT Risk Expert.

Practical examples

• Coordination of IT assurance framework testing – e.g. SoX, Swift, DGS, but also internal global assurance exercises - and be first point of contact for External Auditor.
• Define and enforce standards for GITC control design, control implementation and control testing as well as control framework integration.
• Prioritize finding management based on reporting.
• Drive innovation and automation in GITC.

Key responsibilities

• IT Assurance and Consultancy: Act as first contact on IT Assurance and as a consultant within first line IT, providing expert guidance on risk management and control testing.
• In-depth Knowledge of IT Risk with focus on GITC: Utilize your extensive knowledge of IT risk management to advise on improving risk and control processes and ensuring compliance.
• Stakeholder Management: Engage with stakeholders across various levels of the organization, translating their input into standards and actionable requirements.
• Proactive and Autonomous Work: Take initiative in identifying and addressing IT risk-related issues, working autonomously to drive improvements and efficiencies.

Within Rabobank's CITO (Chief Innovation & Technology Office), there’s a community with over 150 first-line risk & control colleagues. You'll join the Control Office, a team of ca. 30 professionals dedicated to IT risk and control management whose purpose it is to “strengthen, simplify, and safeguard the control environment for innovation and technology to enable secure, seamless banking anytime, anywhere. We act as a central hub, connecting various IT divisions and ensuring the alignment of IT activities with overarching risk and compliance policies”.

The Control Office is the crucial link between IT, the business, and external stakeholders, including regulators like the ECB. This involves not only monitoring and reporting but also proactive risk management and guiding the organization through regulatory compliance. We foster a collaborative and supportive environment, characterized by open communication and a shared commitment to excellence. Our team values both professional expertise and a friendly, approachable work atmosphere.

Together we achieve more than alone

The 30 people at CITO Control Office support the domain in establishing a risk governance structure that ensures senior management can steer on the right priorities to keep a healthy risk profile and be in control. Working together is the way we work; as 1 results-driven team at Rabobank.

You and your talent

• Experience: 3-5 years in an IT audit or IT Assurance function, continuously seeking and implementing improvements with a proven track record in risk and control within technology-driven environments.
• Stakeholder Engagement: Skilled in engaging with stakeholders and translating their input into effective risk management approach and guidance.
• Framework Knowledge: Familiarity with GITC in frameworks like SoX, COBIT, ISO 27000, and Assurance reports (such as ISAE 3402 and AICPA SOC reports).
• Communication: Proficient in conveying the essence of Framework compliance and Control testing and maintaining clear instructions and templates.
• Certifications: RE or CISA (Certified Information Systems Auditor) certifications are a plus.

🚨 To be considered for this position, you must be located in the Netherlands or elsewhere in the EU and have the legal right to work in the Netherlands. We are unable to consider candidates requiring relocation from another country.