IT Security Auditor

How do you make our customers happy?

By ensuring 13.5 million customers and 47,000 partners can shop, sell, and sleep securely. As an IT Security Auditor, you’ll co-design and continuously improve a Tech Risk & Control framework that protects vast amounts of sensitive data without creating undue friction. You’ll transform security requirements into controls that engineering teams can implement efficiently, strengthening our ability to maintain customer and partner trust.

The biggest challenge

Striking the right balance between robust security and engineering speed in a rapidly evolving tech landscape. You’ll need to translate increasingly complex regulatory requirements (SOC2, ISO27001, DORA, NIS2, PCI DSS 4.0, GDPR) into controls that secure our platform without impeding innovation. You’ll need to forge strong bonds with engineers, helping them understand why measures are necessary and how they can be implemented. How do you foster a security-first mindset where compliance is a logical part of development instead of an afterthought? How do you become a trusted advisor who strengthens our security posture while empowering business objectives?

What you'll do as IT Security Auditor

As part of our Cyber Security team, you’ll co-design and manage the control framework for our extensive tech community. Working collaboratively with team members, you’ll analyze EU legislation, industry standards, and best practices to propose improvements to our first-line tech risk and compliance processes.

You’ll partner with engineering teams to implement necessary controls, explaining the rationale behind security measures and offering practical implementation advice. This ‘consultative’ approach helps developers integrate security into their daily work rather than treating it as a burdensome add-on. You’ll also bring information together to provide insights on control effectiveness and support in- and external audits by helping the tech community gather the required documentation and evidence.

A key aspect of your role involves raising security awareness across the organization. You’ll help engineers identify potential risks they might otherwise miss in their enthusiasm to build the next great innovation. This requires both technical expertise and strong communication skills—you know when to challenge, when to explain, and how to present your case convincingly. Your goal is to achieve a win-win: compliant code that protects our customers while enabling our business to thrive.

Key responsibilities:

• Contribute to developing and managing our Tech Risk & Security Framework
• Collaborate with Tech Risk team members to improve control processes
• Ensure we're in control of potential risks and meet all applicable standards
• Draft assessments and advise Tech teams on implementing control measures
• Translate evolving regulations into workable IT security controls
• Boost awareness and commitment to tech risk management
• Partner with multiple teams to cultivate a culture of security compliance

Why you can make a difference

You combine IT audit expertise with a collaborative mindset. With 5+ years of experience in IT risk management and compliance in tech-oriented organizations, you know how to bridge the gap between regulatory requirements and engineering realities. Your credentials (RE, CISA, CISM, or CISSP) demonstrate your tech expertise, and your experience as a Security Consultant, Security Officer/Auditor, and/or security-oriented engineer showcases your knack for driving organizational improvement.

• Safety second believer You think IT Security is a bonus and don't want to join a team that takes it too seriously
• Checkbox commander You're more concerned with ticking off compliance boxes than helping colleagues understand why controls actually matter
• Conflict chameleon You'd rather blend into the background than have the – sometimes challenging - conversations necessary to elevate security practices and cultivate a security-first mindset

• Tech risk connoisseur You excel at translating complex regulations into practical security measures that engineers can understand and implement
• Framework fanatic You have deep knowledge of control frameworks (SOC2, ISO27001, CoBIT) and can navigate the intricacies of compliance requirements
• Collaborative challenger You know when to stand firm on security principles and when to find creative solutions that balance security needs with business goals

Where you'll work

You’ll join our Cyber Security team, part of our extensive IT operation. Working with highly knowledgeable colleagues across five sub-teams, you’ll help shape the security posture of one of the leading retail tech platforms in the Netherlands and Belgium. The environment is intellectually stimulating—we embrace experimentation and new technology, which means security continuously presents fresh challenges and opportunities. The atmosphere is collaborative; there’s never a dull moment, we maintain an open-minded approach, and there’s no room for a “holier-than-thou” mentality. Ready to help us balance security and innovation? We’d love to hear how you’ll contribute to our security journey!