Head of IT Governance, Risk & Compliance (IT GRC)

Are you an experienced and strategic IT GRC leader with a strong passion for governance, risk management, and compliance? Do you enjoy operating at group level and playing a key role in IT integration following acquisitions? On behalf of a growing international organisation, we are currently looking for a Head of IT Governance, Risk & Compliance.

The role

As Head of IT GRC, you will act as the strategic authority for IT Governance, Risk & Compliance across the group. Reporting directly to the Group CISO, you will be responsible for building and maintaining a secure, compliant, and resilient IT environment. You will work closely with stakeholders across IT Operations, Security, Legal, and senior Management, and play a pivotal role in shaping the organisation’s IT risk and compliance landscape.

Key responsibilities

In this role, you will:

• Develop and implement a comprehensive IT GRC strategy and roadmap aligned with business objectives and regulatory requirements.
• Lead the identification, assessment, and mitigation of IT-related risks, including ownership of the IT risk register and reporting to senior management. Strong knowledge of COSO SRA and COBIT IT controls is essential.
• Ensure compliance with relevant regulations and standards such as NIS2, GDPR, ISO 27001, and others, coordinating both internal and external IT audits and managing remediation activities.
• Develop, implement, and maintain IT-related policies, procedures, and standards, ensuring they are practical, effective, and scalable.
• Assess IT risks, compliance, and IT maturity during acquisition processes, and define and coordinate improvement roadmaps to support smooth post-acquisition integration.
• Communicate clearly and effectively with senior leadership, board members, and external auditors on IT GRC status, risks, and compliance matters.

The offer

The organisation offers:

• A competitive annual gross salary
• 25 days of annual leave.
• Hybrid working arrangements.
• A collective pension scheme, with 50% of the premium covered by the employer.
• Ample opportunities for professional growth and development.
• A dynamic, fast-paced environment where your expertise will directly influence the organisation’s security and compliance posture.

Your profile

The ideal candidate brings:

• A completed bachelor’s or master’s degree in IT, Cybersecurity, Business Administration (with an IT focus), IT Auditing, or a comparable field.
• At least 5 years of relevant experience in IT Governance, Risk & Compliance.
• Strong knowledge of IT GRC frameworks and standards such as ISO 27001, GDPR, NIST, and COBIT.
• Relevant certifications including CISA, CISM, CRISC, CISSP, or equivalent (required).
• Experience with selecting and implementing GRC tooling (e.g. Trustcloud) is a plus.
• A proactive, resilient mindset and the ability to perform effectively in a changing environment.
• Fluency in English and current residence in The Netherlands.