IT Controls Expert for IT Control Standardisation and Automation Programme (Freelance)

This freelance assignment is part of the IT Control Standardisation & Automation program. The IT Controls Expert will play a pivotal role in the transition from decentralised periodic control testing to automated, data driven continuous monitoring.

The IT Controls Expert will collaborate with a wide range of stakeholders to develop proposals for key control indicators (KCIs) and their thresholds, enabling reliable conclusions and reporting on the design and operating effectiveness of IT general controls. The role also includes defining the process and capability changes required to support a data driven control environment.

A key responsibility is to secure endorsement for the harmonised test of design (ToD) and test of operating effectiveness (ToE) approach. This requires navigating differing and sometimes strongly held views, as the new metric based methodology requires a balanced compromise between assurance needs and the cost and effort involved, aligned with the organisation’s risk appetite.

What you are going to do

Develop proposals for harmonisation and automation of ToD and ToE:

• Work closely with IT, Security, Risk Management, Automation, and Data teams to align control requirements with process owners, system owners, and stakeholders
• Facilitate workshops to define:

• A harmonised view on control requirements and key control activities
• Key control indicators and thresholds
• Required data points
• Opportunities for automation of control execution
• Process dependencies needed to implement KCIs and automation

• Provide subject‑matter expertise during design and review sessions

Automation Opportunity Assessment

• Identify IT control activities suitable for automation (e.g., access logs, configuration checks, preventive monitoring)
• Work with automation workstreams to shape proposals, feasibility assessments, and business cases
• Define functional requirements for automated control execution and evidence‑collection tooling
• Support pilot implementations and contribute to automation governance

What we offer you

• Competitive hourly rate depending on your knowledge and experience
• Hybrid way of working, partly from home and partly from the office in the Hague
• International working environment with loads of knowledge sharing

Who you are

We are looking for a professional with:

• Strong understanding of IT Risk Management, IT General Controls, and relevant control frameworks
• Experience with control design and ToD/ToE scripts
• Familiarity with GRC, data‑analytics, and reporting tooling (e.g., Power BI, ServiceNow GRC)
• Background in regulated financial institutions (e.g., banking or insurance), with familiarity in navigating strict supervisory requirements
• Strong data literacy and ability to interpret control‑related datasets
• Strong stakeholder engagement and workshop‑facilitation skills
• Understanding of change‑management and implementation methodologies (Agile preferred)

Preferred Qualifications

• Experience in IT control automation or transformation programs
• Knowledge of IT risk and control frameworks and governance models
• Experience designing ToD/ToE testing scripts
• Bachelor’s or Master’s degree
• Relevant certifications: RE, CRISC, CISSP, CISA, CISM
• Familiarity with DNB information‑security good practices

When it comes to soft skills, we are looking for someone with strong analytical and critical thinking abilities, who is customer‑centric and demonstrates a collaborative mindset, communicates effectively in both written and verbal English, remains flexible and able to prioritise effectively, and shows a high sense of ownership and accountability.

Who you will work with

The team in our programme is compact enough for everyone to know each other well and to move forward quickly together. The atmosphere is open, relaxed, and focused on collaboration: we help each other progress and celebrate achievements together. Within IT Control Automation & Standardisation, people work with a wide range of skills, from IT control and automation to process improvement and compliance. This mix makes the work both varied and highly instructive. Together, we ensure that our IT controls become increasingly standardised and automated.

At NN we work hybrid. We combine working from home and working in the office. Teams can meet online or in person. You and your team agree on what suits you best. We have set up our offices in such a way that there is a suitable place for every type of work.