Senior IT Security Auditor

Co-design a best-in-class Tech Risk & Security framework

How do you make our customers happy?

By keeping their data secure while ensuring our platform remains innovative and accessible. Combining freedom with security is a balancing act — enhancing security entails following more and stricter rules. But when it comes to our platform, security always takes priority because we manage vast amounts of customer and partner data, and we would never jeopardize their trust. As the Senior IT Security Auditor, you’ll analyze and continuously improve our Tech Risk & Control framework, earning the continuing confidence of 13.7 million customers and 47,000 partners. Ready to make security an enabler rather than a barrier?

The biggest challenge

Leading the evolution of our Tech Risk & Security framework while keeping pace with regulatory changes and engineering innovations. How do you translate complex EU regulations such as DORA, NIS2, and AI Act into practical technical controls that developers can embrace? How do you raise the security bar without slowing down teams that are eager to build the next great thing? And how do you ensure demonstrable control of Tech-related risks? Success requires someone who can challenge colleagues when needed while collaborating to find win-win solutions that satisfy both compliance requirements and engineering objectives.

What you'll do as Senior IT Security Auditor

As a senior team member, you’ll co-design and manage our control framework for the entire Tech community, aligning proposals with engineering management while determining implementation strategies. You’ll lead improvements to first-line Tech risk and compliance processes based on your expertise with EU legislation, directives, and industry standards, including DORA, SOC2, ISO27001, NIS2, PCI DSS 4.0, and GDPR.

And your role extends beyond ‘basic framework implementation’—you’ll also help the Tech community implement controls that align with our risk appetite. You’ll educate engineering management in next-level compliance, translating abstract regulations into clear technical requirements that complement our control framework. Supporting complex internal and external audits, you’ll provide insights to senior management, auditors, and regulators, including DNB and AP.

Raising our overall security and compliance awareness is also in scope. This presents unique challenges as developers might overlook IT-related risks in their (understandable) enthusiasm to innovate. You’ll help them be diligent, challenge them when necessary, and always keep their perspective in mind when explaining the need for safeguards that satisfy everyone from regulatory bodies to customers and partner-sellers. Your key responsibilities:

• Co-develop and manage our comprehensive Tech Risk & Security Framework
• Lead Tech Risk team improvements with a "good is not good enough" mentality
• Ensure complete control of Tech-related risks and compliance with relevant standards
• Conduct first-line audits and advise Tech teams on control implementation
• Challenge Tech teams and management on technical solutions based on identified security risks

• Advise GRC board and C-level execs on Tech and compliance matters
• Facilitate in- and external audits with proactive stakeholder management
• Translate regulations into practical IT measures, aligned with overall risk management
• Boost awareness and commitment to Tech risk management across the organization

Why you can make a difference

You combine 10+ years of IT Audit/Risk management experience in complex tech organizations with proven expertise in BigQuery, CloudSQL, Kubernetes, PubSub, and related cloud technologies. Your background as a Security Consultant, Officer/Auditor, security-oriented engineer, or Security Manager demonstrates leadership skills in elevating organizational security maturity. Professional certifications such as CISA, CISM, or CISSP validate your expertise in establishing and evaluating IT Control frameworks (SOC2, ISO27001, CoBIT) and navigating EU legislation, including AI Act, Data Act, ePrivacy, NIS2, GDPR, and DORA. Most importantly, you challenge the status quo constructively and don’t just identify problems but find solutions and help colleagues understand the ‘why’ behind security measures.

3 reasons why this is (not) for you

• Security skeptic: You suspect IT Security will always be an afterthought and consider it futile to invest in a robust, proactive security culture
• Checkbox champion: You prefer ticking compliance boxes to explaining the rationale behind them. Helping colleagues find workable solutions? You’re not compliant.
• Status quo supporter: You avoid questioning established practices and don't dare challenge teams to reach higher security standards

+ Framework fanatic

• You excel at translating complex regulations into practical technical controls that engineering teams can implement and embrace
• Collaborative challenger: You don’t put up security roadblocks; you work with teams to find solutions
• Technical translator: Your cloud technology expertise lets you get into details with developers while maintaining rigorous compliance standards

Where you'll work

You’ll join our extensive IT operation as a member of the Cyber Security team, which consists of five specialized sub-teams that all embrace experimentation and new technology. The security field continually presents fresh opportunities and challenges that we take in stride in our quest to reinvent retail. The atmosphere is dynamic and open-minded. There is no ‘holier-than-thou’ mentality—our strength comes from cooperating as equals, sharing insights, and striving for professional improvement. With 2,900 colleagues serving 13.7 million customers and 47,000 partners across a platform that’s never ‘finished,’ you’ll work alongside highly experienced colleagues who ensure you’re never on your own. Ready to make security everyone’s success story?

We take pride in our B Corp certification and strive for continuous improvement every day. Our annual bonus is tied to sustainability goals, and we are committed to equality and equal opportunities for all.

Perks of having a blue heart

Flexible working

We bring the best of both worlds together by working 50% at the office and 50% at home. This way, we find a balance between organisational and individual needs.

The extras

To start your bol journey off right, you’ll receive a welcome package, a laptop, and even a noise-cancelling headset.

The culture and the office

Our colleagues work hard to make the daily lives of our customers easier and more fun. But of course, we do this in an inspiring and creative environment!