Senior Risk And Compliance Officer - Hybrid, Amsterdam

Laatste update 2024-03-02
Vervalt 2024-04-02
ID #2013962296
Senior Risk And Compliance Officer - Hybrid, Amsterdam
Netherlands, Noord-Holland, Amsterdam,
Gewijzigd February 2, 2024


Flexible hybrid working policy
37.5 hours per week

Up to EUR 75.000 plus excellent secondarybenefits (see below)

Do you want to work at the heart of the Internet and join our Information Security and Compliance team? Do you have proven experience in Risk and Compliance, and want to contribute to a risk management culture based on trustworthiness, openness, inclusiveness and care in the RIPE NCC?

Become our Senior Risk & Compliance Officer to manage all the aspects of the organisation’s risk management lifecycle, enabling the organisation to understand and operate within the desired risk appetite. In this role, you will be executing a compliance roadmap utilising industry known compliance frameworks. Your communication and stakeholder management skills will effectively be contributing to a good understanding in the whole organisation of the importance of Risk and Compliance, and inspiring your colleagues to contribute to this purpose.

As our Risk & Compliance Officer, you will report to the Chief Information Security Officer and work together with our Risk and Compliance Manager. You enable each team by structuring, coordinating, monitoring and advising on their risk management activities. Together with your team, you ensure that business and technology processes are organised and executed in such a way that the risks are being managed within the assigned risk appetite.

Compliance is essential for the integrity of the RIPE NCC’s registry of IP addresses and Autonomous System Numbers, and the RPKI trust anchor. You will lead the process of a mindset change where Risk and Compliance are integrated into everyday business. This will require a proactive, coaching and change-focused leadership style.

In this role, you will


Maintain and optimise the Enterprise Risk Management Framework and execute periodic (enterprise level) risk assessments

Maintain the enterprise risk register and track risk exposures against RIPE NCC’s risk appetite

Execute a company wide compliance roadmap and shape an integrated control framework to demonstrate continuous compliance against industry standards

Guide compliance control implementation and perform periodical compliance control reviews

Monitor control performance of compliance controls across the organisation for timely and effective execution

Report on risks and control effectiveness using data driven methods

Assist in internal and external audit and assurance activities and act as a point of contact for external auditors

Work together with other departments to increase their awareness regarding Risk & Compliance

Assist in the development and implementation of Business Continuity Planning and testing

Minimum five years of experience in Risk and Compliance, preferably in the Technology sector

MSc in Computer Science, Information Security or equivalent

Relevant certifications such as CISM, CISA, CRISC, ISO 27001 lead auditor/implementor or similar

Hands-on experience with at least one of following industry standards: ISO 27001, ISO31000, ISAE 3000 (SOC2)

Practical experience on maintaining risk registers & controls, familiar with control procedures, automation, monitoring, testing, collecting evidence and remediation activities

Familiar with Governance, Risk & Compliance (GRC) tooling. GRCimplementation experience is a plus

Excellent program management skills

Excellent presentation and communication skills, with fluency in English.

Proactive, independent and assertive approach

What you can expect from us


A modern, international and informal work environment, in our state of the art office with a great view and an emphasis on a healthy work/life balance

Flexible work-from-home policy, so you can arrange your weekly office and 'working from home'-days in a way that works for you. Working from abroad for a number of days per year is possible

An annual salary up to EUR 75.000. This includes the standard 8% annual “holiday pay”

Excellent secondary benefits : 5% end-of-year allowance, annual budgets for health, transportation and technology purposes, non-contributory pension scheme, paid parental leave, health insurance coverage for you and your family and 33 vacation days (full-time)

A generous training allowance per year which can be used for professional development

An in-house free barista, company-wide free lunch on Wednesdays and breakfasts on Thursdays

The department

Our Information Security and compliance team is composed of 5 dedicated colleagues: our CISO, our Risk and Compliance Manager and three Information Security Engineers. They are responsible for all the security and compliance aspects of our organisation.

About the RIPE NCC

The RIPE NCC is a not-for-profit organisation founded on the belief that the Internet should be governed openly, transparently and together with the wider Internet community. We are one of the oldest Internet organisations in Europe and are proud of our legacy.

Our strongest asset is our staff. We bring together more than 185+ people from more than 40+ countries in our modern, vibrant office in the east wing of Amsterdam Central Station. Our official working language is English, but more than 30 languages are spoken by our colleagues.

Our backgrounds are diverse, but our goal is the same: work for the good of the Internet. Our vision: Together, let’s shape the future of the Internet. Will you join us?

How to Apply

If you are interested in this position, please click on the Apply Button and fill in the short application form. Send it to us together with your CV and motivation letter (in English only please). An assignment and a pre-employment screening (done by Validata) will be part of the recruitment process.


Details van de baan

Soort baan: Full time
Contract type: Permanent
Salaris type: Maandelijks
Bezetting: Senior risk and compliance officer - hybrid

⇐ Vorige baan

Volgende baan ⇒     


Neem contact op met de werkgever

    Werkgever info



    Typ stad of regio