Third Party Security Advisor

At bol, you can make an impact by serving as the security conscience of the business, helping ensure bol remains an unquestionably secure environment to shop and sell.

How do you make our customers happy?

By ensuring bol remains an unquestionably secure environment to shop and sell. This may sound simple, but it’s not because we innovate rapidly and strive to maximize the benefits of the latest (often complex) technology. Moreover, bol isn’t just popular with 13 million customers; ‘black hats’ also appreciate our platform’s potential. So this role comes with considerable impact. All the more because almost every business and IT development team depends on a reliable and secure infrastructure for partner collaboration.

The biggest challenge

Our rapid innovation pace relies on external expertise. Since almost every innovation – from minor UX changes to impactful new propositions – includes an IT component, external partners must also keep the security perspective top of mind. You must also manage the increasingly regulated nature of supplier management, including DORA and NIS2. You will continuously challenge the business, and the role occasionally requires making abrupt course corrections.

What you’ll do

As 3rd Party Security Manager, you’re the ‘security conscience’ for our business and IT units when it comes to collaborating with third parties, integrating risk management, and regulatory compliance. You’ll help colleagues across bol integrate business partners into the bol IT ecosystem securely. You’ll make colleagues aware that security is a crucial prerequisite for success, and help them act accordingly.

Together with your colleagues, you’ll monitor the entire landscape, including risk profiles and vulnerabilities. When you spot something, you’ll take the appropriate steps to contain potential threats. In addition to advising the business, you scrutinize risky business partners to the extent warranted through audits and reviews, and advise business owners on how to address and mitigate undesirable risks.

While not your primary focus, you also manage business partner compliance checks. You continually search for ways to improve the security of our platforms and tools, and personally manage the resulting improvement projects.

Topics you can tackle include:

• Integrating new business partners securely
• Security-auditing business partners
• Identifying and mitigating risks with business stakeholders
• Assessing and promoting 3rd party management & compliance policy
• Coordinating security incidents at our partners
• Establishing processes and tools for scalable business partner risk management
• Promoting the ‘Think Like A Hacker’ mindset within the organization: inspire colleagues to reflect on the security implications of new initiatives, and don’t hesitate to challenge even the most beautiful ideas

Why you can make the difference

Because you’re a self-reliant and pragmatic Cybersecurity specialist, eager to make an impact in the field of secure shopping and selling with your business stakeholders. A background in Cybersecurity consultancy would be a great match, especially if you’ve supplemented that with business experience.

You’ll spend part of your time in the operational trenches at bol, so that needs to suit you. The role also requires you to get colleagues on board, book results, and intervene in projects and proposals kindly but firmly when the situation calls for it. We also expect you to have the self-confidence to brief senior management on our work.

You are not the kind of person who leans back after emailing a recommendation. You want to see your recommendations implemented and create the traction and commitment that requires.

3 reasons why this is (not) for you

Not a fit if:

• You'd rather work your way down a checklist than write actionable improvement proposals.
• You prefer 'standard' solutions to adapting approaches to the situation. IT audits and security testing are completely new territory.
• Your trick to getting colleagues on board is to escalate issues. Every issue.

A fit if:

• You work at a Bachelor/Master level, have at least 3 years of relevant experience, and are accustomed to colleagues and other stakeholders turning to you to collaborate with business partners securely.
• You want to know everything about the security of business partners and their integration with bol. You detect improvement opportunities everywhere and present them in concrete proposals.
• You can explain complex topics clearly, are persuasive, and always keep sight of the big picture.

Where you'll work

The Cybersecurity department is part of our broader Tech operation, which consists of five sub-teams with distinct focus areas. We embrace experimentation and new technologies, continually discovering new security opportunities and challenges.

As for the atmosphere: never a dull moment, open-minded, and no ‘holier-than-thou’ mentality. Our strength is that we collaborate as equals, sharing insights and continually improving one another. You can achieve great things on your own, but so much more with your colleagues. You’re never alone.

Perks of having a blue heart

Flexible working

We bring the best of both worlds together by working 50% at the office and 50% at home. This way, we find a balance between organisational and individual needs.

The culture and the office

Our colleagues work hard to make the daily lives of our customers easier and more fun. We do this in an inspiring and creative environment.

The extras

To start your bol journey off right, you’ll receive a welcome package, a laptop, and a noise-cancelling headset.