About the Role
Cybersecurity never sleeps - and neither does our commitment to maintaining a resilient, compliant, and secure digital environment. We are looking for an experienced, communicative, and proactive GRC (Governance, Risk & Compliance) Professional to join our growing team on a permanent basis.
With strong expertise in Information Security Management Systems (ISMS), business continuity, IT risk management, and compliance, you will play a key role in reducing security risks, supporting strategic security initiatives, and helping shape a strong security culture across the organisation.
Key Responsibilities
Security Governance & Risk Management
Lead end‑to‑end risk assessments, including identification, analysis, treatment, and monitoring.
Draft and maintain security plans, roadmaps, and business continuity plans.
Ensure proper third‑party risk management is implemented and maintained.
Security Engineering & Hardening
Design and develop secure solutions to complex application challenges.
Implement hardening controls based on CIS benchmarks across systems and applications.
Support or implement DevSecOps practices, code review, and secure configuration assessments.
Compliance & Audit
Support internal and external audits: planning, evidence collection, gap analysis, and remediation follow‑up.
Ensure alignment with frameworks and regulations (e.g., ISO 2700x, NIS2, GDPR, AI security standards).
Strategy, Collaboration & Stakeholder Management
Collaborate closely with key stakeholders, including senior leadership or CISO‑level roles.
Contribute to security initiatives related to NIS2, AI governance, and risk management.
Support business development by contributing to proposals, RFPs, and security‑related offerings.
Profile - What You Bring
Experience & Knowledge
5+ years of experience in cybersecurity, GRC, or information security.
Strong background in ISMS, compliance audits, and security‑by‑design principles.
Familiarity with ITIL‑based processes, and experience working in structured or complex environments.
Knowledge of ISO 2700x, NIS2, GDPR, AI regulations, and cybersecurity frameworks.
Interest in or exposure to AI security developments and risk management.
Certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementor/Auditor, or ISO 42001 are considered strong assets.
Language Skills
Fluency in Dutch and English.
Fluency in French is a strong advantage.
Soft Skills & Mindset
We're looking for someone who is:
Proactive & entrepreneurial - takes initiative, drives projects forward.
Structured & organised - able to manage multiple activities simultaneously.
Communicative - excellent written and verbal communication abilities.
Stakeholder‑savvy - capable of engaging effectively with different levels of the organisation.
Analytical & rigorous - able to deliver high‑quality documentation, reports, and presentations.
Collaborative - a positive team player with strong interpersonal skills.
To find out more about Huxley please visit