GRC Manager- Netherlands

Using cutting edge technologies and our global financial network, we provide our customers, individuals or businesses, advanced services including multi-currency account, international Visa card, and real-time cross-border payments, with expertise in hard-to-reach destinations. Role Summary: We are looking for a practitioner, not just a policy writer. As our GRC Manager, you will be responsible for the technical integrity of our compliance posture. You will spend as much time in IT systems and security consoles as you do in spreadsheets. This is a high-visibility, high-execution role where you will personally gather evidence, answer complex security questionnaires, and ensure we are "audit-ready" every single day., 1. Technical Evidence Collection & Verification

• System Deep-Dives: Directly access IT and Security systems (e.g., Azure/AWS consoles, CrowdStrike, SIEM) to extract evidence of control effectiveness.
• Continuous Monitoring: Rather than waiting for an audit, you will perform monthly "spot checks" on user access reviews, firewall configurations, and encryption standards.
• Data and Assets Mapping: Manually map data flows across the organization to maintain an accurate GDPR Article 30 ROPA (Record of Processing Activities) and maintain the DORA Register of Information (RoI).

2. Audit Lead: ISO, DORA & GDPR

• ISO/IEC 27001:2022 : Oversee security implementation according to this framework and conduct internal audits.
• DORA Implementation: Execute the technical requirements of the Digital Operational Resilience Act. You will personally lead necessary activities, collect evidence and document ICT risk management frameworks.
• Audit Defence: Act as the primary point of contact for external auditors. You will be responsible for building the "Audit Room," organizing evidence folders, and explaining technical control implementations to regulators.
• Privacy Impact Assessments (DPIAs): Conduct hands-on assessments for new software or vendors, identifying specific data risks and documenting mitigation steps.

3. Security Questionnaires & Sales Support

• The "Source of Truth": Own and maintain the internal knowledge base for security and compliance queries.
• Questionnaire Execution: Personally draft responses to complex security questionnaires from institutional clients, partners, and regulators, ensuring 100% accuracy and rapid turnaround.
• Trust Portal: Manage the company's security documentation repository for external stakeholders.

Do you have experience in System security?, * IT Proficiency: Comfortable navigating Cloud environments (AWS/Azure/GCP), IAM tools, and vulnerability management scanners.

• Regulatory Fluency: You don't just know of DORA and GDPR; you know how to map their requirements to specific technical settings (e.g., mapping DORA's "Backup & Recovery" to specific AWS S3 immutable backup configs).
• Knowledge of NIS2, PSD2, and EU AI acts are required as well.
• Documentation Craft: Ability to write technical procedures that are clear enough for an engineer to follow but formal enough for a regulator to approve.
• Tooling Experience: Experience with GRC automation tools (e.g., Vanta, Drata, OneTrust, or Secureframe) to automate evidence collection.

Preferred Certifications

• ISACA CISA (Certified Information Systems Auditor)
• ISACA CRISC (Certified in Risk and Information Systems Control)
• ISACA CISM (Certified Information Security Manager)
• ISC2 CISSP (Certified Information Systems Security Professional)
• ISO/IEC 27001 Practitioner or Auditor

Neema is all about impact - How often do you get the chance to affect the life of others, across the globe? Our vision is to let everyone enjoy financial freedom, regardless of their banking status, credit score or other obsolete metrics. Our platform does just that, without depending on the traditional banking system. We provide digital financial services for a variety of populations, serving tens of thousands of customers every month.