IS and IT Risk Officer

This is Adyen

Adyen provides payments, data, and financial products in a single solution for customers like Meta, Uber, H&M, and Microsoft - making us the financial technology platform of choice. At Adyen, everything we do is engineered for ambition.

For our teams, we create an environment with opportunities for our people to succeed, backed by the culture and support to ensure they are enabled to truly own their careers. We are motivated individuals who tackle unique technical challenges at scale and solve them as a team. Together, we deliver innovative and ethical solutions that help businesses achieve their ambitions faster.

IS and IT Risk Officer

The Information Security and IT Risk domain within the second line Enterprise Risk team ensures that risk management practices are applied across Adyen’s technological environments, teams and initiatives, followed by appropriate actions to treat these risks and monitoring against the pre-defined risk appetite. This continuous task requires a close relationship with technical teams in the first line, in order to understand changes in the tech landscape but also to guide them in relation to risk mitigations.

Adyen is both a technology company and a licensed bank. We combine the best of both worlds; the innovative strengths of technology with the stability of our financial licenses. We operate a single central setup and do this globally, this means you will also interact with second line compliance and privacy colleagues from different regions, and act as an SME for the implementation of security and tech and security regulatory requirements.

The ideal candidate is a knowledgeable IT risk professional, with relevant experience in IS/IT Governance, Risk and Compliance activities. The candidate has reasonable technical understanding, and can advance the Adyen Security and IT/IS framework to the next level of maturity, providing guidance in areas such as IT Excellence, IT Resilience and Data / AI Governance.

What you will do

• Execute on Information Security and IT Risk Assessments across a number of diverse IT areas and assets, advising on and ensuring risk mitigation actions are implemented.
• Maintain and further develop the Adyen IT and Information Security Policies.
• Engage with key stakeholders and work cooperatively to identify, create, develop or implement mitigations to IT and Security risks, and actions that drive policies adoption and process maturity.
• Collaborate with other Enterprise risk domains, in order to incorporate Security and IT risks into Adyen’s risk profile, ensuring those are considered when evaluating company objectives.
• Collaborate with other second-line teams, typically regulatory compliance and privacy, in the implementation of Security and IT requirements, as well as engage with local auditors or external partners as a trusted point of contact for the specific risk domains, globally.
• Engage with various regulators to provide clarity on Adyen’s IT and security landscape.
• Identifies and drives process improvements that enhance scalability and efficiency of the Information Security and IT Risk team.
• Own and lead the second line risk oversight for specific Technology risk domains or projects.

Who you are

• You have at least 3+ years experience with IT risk management, working within the second line risk management or technology risk consulting in a Big 4.
• Demonstrated experience in IT Excellence components, such as resilience or general technology risk evaluations, and recognized industry frameworks.
• You feel comfortable explaining risks associated with Information Security or IT areas, to engineers or other business stakeholders.
• A good understanding of technology and security regulations such as DORA.
• You have experience in engaging with regulators or in regulatory projects, with understanding of requirements related to Security and IT risk management for regulated institutions or the payments industry.
• You have a good understanding of Information Security and IT program domains, in order to recommend risk mitigations, risk metrics and enable risk monitoring and oversight.
• Passionate and driven about building for risk management, owning projects and objectives in the medium, long term.
• You are innovative, flexible with strong problem-solving capabilities and able to define efficient and effective processes and procedures.
• You have strong written and verbal communication skills.
• An understanding of how to improve and build a Data Governance Framework is considered a plus.

This role is based out of our Amsterdam office. We are an office-first company and value in-person collaboration; we do not offer remote-only roles.