Technical Cyber Security Officer

As Technical Cyber Security Officer, you act as the security compass for our product and engineering organization, enabling teams to deliver safely at speed. You drive a shift-left approach by embedding security risk thinking early in design and delivery, identifying security risks, and shaping pragmatic mitigations. Your expertise directly informs decisions by engineering managers, lead engineers and product managers, and you escalate significant risks to security and business leadership when needed.

How do you make our customers happy?

You act as the Technical Cyber Security Officer for our product and engineering organization, enabling teams to deliver safely at speed. You drive a shift-left approach by embedding security risk thinking early in design and delivery, identifying security risks, and shaping pragmatic mitigations. Your expertise directly informs decisions by engineering managers, lead engineers and product managers, and you escalate significant risks to security and business leadership when needed.

The biggest challenge

We want to provide the product organization with the right level of security engagement at the right time—so that material risks are identified and treated early, and security becomes a predictable part of delivery rather than a late-stage blocker. Your mission is to bring early visibility into high-risk changes, advise senior stakeholders on risk trade-offs, and translate security strategy into practical guardrails that work for engineering teams.

What you'll do as Technical Cyber Security Officer

As our Technical Cyber Security Officer, you are part of the Cybersecurity team and report to the manager of Business Security Advisory. This is a senior individual contributor role: you lead through influence, operate with high autonomy, and partner primarily with Heads of Engineering, engineering managers, lead engineers and product managers. You’ll spend roughly 80% of your time embedded in the product organization and 20% maintaining close alignment with the security department.

You contribute to multiple high-profile initiatives and partner with lead engineers, engineering managers and Heads of Engineering to stay ahead of significant architectural and delivery changes. You identify and assess security risks early, propose risk treatment options, and help teams make informed trade-offs that balance delivery, usability and security. You provide direction at both tactical and strategic levels, from secure design choices to operating model improvements, and you escalate material risks and systemic control gaps. Because you are close to delivery while keeping an enterprise lens, you build a helicopter view of the security landscape and connect the dots across domains, feeding actionable insights into security leadership priorities, investment choices and the security roadmap.

Key responsibilities:

• Own security risk assessment and advisory for high-risk product and technology changes, and provide clear risk-based recommendations, including escalation for material risks.
• Partner with product and engineering leadership to embed secure-by-design practices into the SDLC, including threat modelling, secure architecture patterns, security requirements and pragmatic guardrails.
• Drive risk treatment plans with accountable engineering owners; track progress and unblock decisions by framing trade-offs in business and technical terms.
• Coordinate third-party security engagement for your domain, including intake, risk review, required controls and compensating measures, in alignment with TPRM, security policy and risk appetite.
• Maintain an enterprise overview of domain security posture: identify recurring patterns, systemic gaps and emerging risks, and translate these into prioritized improvement proposals.
• Represent product and engineering realities back to the security department and help evolve processes, strategy and standards so they are effective and adoptable.
• Advise security leadership using field insights, metrics, themes, and what’s changing in engineering to steer focus toward the highest-value risk reduction.
• Stay current on relevant security and tech risk developments and translate them into practical guidance for teams.

Key qualifications

Significant experience in an engineering setting with deep cybersecurity and technology risk expertise, typically 8+ years depending on breadth and impact.

Strong communicator and trusted advisor who can influence without authority across operational, tactical and strategic levels. Comfortable working in ambiguity, framing trade-offs, and tailoring messages from deep technical detail to leadership-ready risk summaries.

Hands-on experience with security risk management and secure delivery practices, such as threat modelling, secure design reviews, cloud/application security and vulnerability management, and familiarity with frameworks such as DORA, NIS2, ISO 27001, OWASP and common risk assessment approaches.

3 reasons why this role is (not) for you

You’ll enjoy this role if you like being involved in critical and high-impact security initiatives: you’re passionate about shift-left, you communicate clearly across disciplines, and you focus on practical risk reduction over theory.

This role may not fit if you prefer low-stake, low-exposure work or if you are most comfortable contributing only through policy writing rather than teaming up with the product departments to drive outcome.

This is where you'll work

bol.com is the leading online retail tech platform in the Netherlands and Belgium, serving millions of customers and partners.