Are you the GRC specialist who helps organizations gain control over risks, compliance, and information security? Do you get energy from translating laws and regulations into practical policies and processes, guiding audits, and increasing security awareness? Do you want to work on challenging projects without having to worry about sales? Then you may be the GRC/IS Consultant we are looking for.
With us, you will work on complex governance, risk, compliance, and information security challenges for leading clients. You advise on, implement, and optimize GRC frameworks, and you have the freedom to choose which projects suit you best. Whether your focus is on ISO 27001 implementations, NIS2 or DORA compliance, privacy by design, or security awareness programs, you can shape your path based on your expertise and interests.
What are you going to do?
Imagine this: you are starting a new project at a large organization. You begin by analyzing current processes and risks, developing and implementing policies and procedures, guiding internal and external audits, and helping ensure compliance with relevant laws, regulations, and security standards. You advise management, train employees in security awareness, and act as a sparring partner at different levels of the organization.
Your responsibilities may include:
- Developing and implementing policies, procedures, and work instructions
- Advising on compliance with regulations and frameworks such as GDPR, NIS2, DORA, ISO 27001, NEN 7510, and BIO
- Guiding internal and external audits
- Setting up and conducting risk assessments
- Providing support during security incidents, such as data breaches
- Developing and delivering security awareness training and campaigns
- Advising management and stakeholders on governance, risk, and compliance
What are you bringing?
- A completed higher professional or university degree, for example in Information Security, IT, Law, or a related field
- Fluent Dutch, both spoken and written, at C1 level
- At least 5 years of experience in GRC, information security, or a similar role
- Experience with relevant laws, regulations, and frameworks such as GDPR, NIS2, DORA, ISO 27001, NEN 7510, and BIO
- One or more relevant certifications, such as CISM, CIPP/E, CRISC, CISSP, or similar
- Excellent communication skills and the ability to explain complex topics in a clear and understandable way
- Strong stakeholder management skills and the ability to translate IT and security topics into business language
- Fluency in both Dutch and English
You like this
✅ Making risks manageable — helping organizations gain insight into risks and improve control
✅ Turning frameworks into practice — translating rules and standards into workable, effective solutions
✅ Supporting audits and certifications — guiding organizations through assessment and improvement processes
✅ Building awareness — increasing security awareness through training and campaigns
✅ Working across the organization — collaborating with both management and operational teams
You don’t like this
🚫 Vague policies — documentation that exists on paper but is not applied in practice
🚫 Box-ticking without impact — compliance efforts that lack real substance
🚫 Unclear documentation and responsibilities — poorly defined ownership and incomplete processes
What we offer
- A permanent contract
- The freedom to choose projects that match your specialization and ambition
- A competitive compensation model
- A 32, 36, or 40-hour work week
- Optional work resources such as a laptop and phone
- A training budget and internal knowledge sessions
- Access to events, meet-ups, and professional communities
Application process
🔎 You apply — You will hear from us within 5 working days.
🫲🏻 Initial meeting — We get to know each other and discuss your ambitions.
🧑🤝🧑 Technical interview — A conversation with one of our consultants to dive deeper into your experience.
🏹 Final match — We go through the employment terms together in clear, understandable language.
📝 Signature — Once everything feels right for both sides, we move forward together.
Interested?
If you want to help organizations gain real control over risks, laws and regulations, and information security, and you enjoy working on challenging GRC projects, we would love to hear from you.
