Risk Manager (reference number: 3435)

Our client is a fast growing International technology organization (SAAS) organization in the BENELUX with operational activities in Kuala Lumpur and with a “buy and built” strategy, PE supported. For them we are looking for a Risk manager with the potential to be responsible for the entire risk area.

As risk manager you support management with a wide range of activities from enterprise risk management, to compliance, to financial reporting risk assessments in total with a team of 3 fte. Together with the CISO department 7fte. In this position you will help management besides others  in designing, implementing, and monitoring the key control frameworks and product certification schemes. For this position we are looking for a generalist in risk. You will be working in a it services organisation with lots of 3rd parties.

You will act as the right hand of the head of payments and GRC with defining, implementing, and applying the risk methodology

• Independently facilitate risk workshops on senior management level
• Help increasing risk awareness with the organization and its subsidiaries
• Continuously improve the control frameworks of different departments to manage the key risks within the organization and its subsidiaries (NL, Ger, Be)
• Perform control framework monitoring (evaluation and escalation of control deficiencies)
• Develop/Improve the metrics for measuring and reporting control effectiveness
• Prepare periodic risk and monitoring reports for the governance bodies
• Participate in Risk board meetings
• Coordinate the annual external audits and certifications of products, from planning to managing the question logs up to professional practice discussions with the external auditors.

Working environment:

You will join the 7 colleagues in the Governance Risk & Control department and work closely together with the risk specialists at our subsidiaries and other 2nd line functions, like Compliance and Data Protection Officer. They are known for their drive, professionalism, and cooperation. Asking for help if necessary and offering help if possible is part of their DNA. We have few predefined paths, which gives you plenty of room to choose your own. The GRC department is known for its knowledge of all relevant risk categories, her knowledge of the industry in which we operate and the organisation and products. This is particularly evident in the risk-based risk management approach which is based on both proven risk management frameworks as well as practical experience. The main responsibilities of the department are:

• Design, implement, apply, and monitor risk management processes and framework, including the Enterprise Risk Management framework
• Support management to design, monitor and improve internal controls to ensure external assurance can be given on the products and services.
• Set and monitor compliance with information security policies and increase risk awareness.

Culture:

The company culture is young dynamic and entrepreneurial. Our client has high standards without being a typical corporate environment. Here you can be yourself, developing yourself towards your dot at your horizon. The organization offers lots of opportunities and support personal development.

In this role you need to be capable to pull the chestnuts out of the fire in the discussions with the external auditor and you must be able to write  relevant chapters of the audit report fairly independently. The role needs also a suitable level of professional skepticism and the competence to bridge differences, take people along and bring risk forward.

• A (post) masters in business administration, finance, assurance, audit. Cia, RA, RE or similar is an advantage.
• Minimum seven years of work experience in risk or process management or similar experience
• Knowledge of security and data privacy related controls 
• Proven experience with designing/implementing risk control frameworks (e.g. SOC2, ISAE3402, SOX, COSO, ISO27001/2) and implementing enterprise risk management processes.
• Experience in leading and/or coordinating internal and external audits (SOC2, ISO27001, ISAE3402), preferably acquired through working at a Big 4 firm.
• Affinity with one or more risk areas which are relevant including strategic, information security, data privacy, financial reporting and/or compliance risks

Offering:

• Salary package around 90k
• incl. a 13th month and 8% holiday allowance
• An international, innovative and hybrid working environment, with the flexibility to work from home or any of their offices
• 27 vacation days and in addition, loyalty days; one for each year in service with a max of 5
• 3 Giving back days, which can spend on giving back to (local) community
• A modern pension scheme
• All the room your ambition needs and to further develop your skills we facilitate training via our learning and development center to help you to fulfill your career potential