Audit & Compliance Manager - Information Security

Senior Information Security Audit & Compliance lead responsible for planning and executing security audits, assessing cyber-risk posture, and ensuring compliance with applicable standards and regulations. Drive audit programs, remediation tracking, and continuous improvement to protect critical assets and meet regulatory and internal requirements., * Develop and run information security audit plans (internal and supplier/vendor audits) across people, processes and technology.

• Assess controls against standards/regulations (ISO 27001, NIST, GDPR, SOC, PCI as applicable) and internal policies.
• Perform risk-based audits and gap analyses, identify control weaknesses and recommend pragmatic remediation actions.
• Lead compliance assessments, prepare evidence and reporting for management and external auditors.
• Track remediation activities, verify closure of findings and drive continuous improvement with stakeholders.
• Coordinate with security, IT, legal, risk and business teams to align control frameworks and ensure audit readiness.
• Review technical and procedural controls for cloud, network, application and endpoint security.
• Support third-party risk management: evaluate vendor security posture and manage supplier audit activities.
• Produce clear, actionable audit reports, risk ratings, executive summaries and presentations for senior management.
• Mentor and guide junior auditors; promote audit best practices and a culture of compliance.

• 10+ years' experience in information security audit, cybersecurity auditing or related compliance roles.
• Bachelor's degree in information security, cybersecurity, IT audit, or related field.
• Strong knowledge of security standards and regulatory frameworks (ISO 27001, NIST, GDPR, SOC, etc.).
• Hands-on experience performing technical and process audits across IT, cloud and security domains.
• Excellent audit methodology, risk assessment, evidence collection and reporting skills.
• Strong stakeholder management and communication skills; able to present findings to technical teams and executives.
• English at C1 level (minimum).

Preferred skills

• Professional certifications such as CISA, CISSP, CRISC, ISO 27001 Lead Auditor or equivalent.
• Experience auditing cloud platforms (Azure, AWS, GCP), identity/security controls and DevOps pipelines.
• Familiarity with penetration testing results, vulnerability management and secure-by-design principles.
• Experience with governance, risk and compliance (GRC) tools and audit management platforms.
• Prior experience in large enterprise or regulated industries (finance, healthcare, critical infrastructure).

What we offer

• Senior, high-impact audit role influencing security posture and compliance in a major organisation.
• Cross-functional collaboration with security, risk and business stakeholders in Amsterdam.
• 6-month engagement with potential for extension based on programme needs.