IT Controls Expert for IT Control Standardisation and Automation Programme (Freelance)

This is a 1 year freelance assignment (40 hours per week).

As part of the IT Control Standardisation & Automation program, the IT Controls Expert will play a pivotal role in the transition from decentralised periodic control testing to automated, data driven continuous monitoring.

The IT Controls Expert will collaborate with a wide range of stakeholders to develop proposals for key control indicators (KCIs) and their thresholds, enabling reliable conclusions and reporting on the design and operating effectiveness of IT general controls. The role also includes defining the process and capability changes required to support a data driven control environment.

A key responsibility is to secure endorsement for the harmonised test of design (ToD) and test of operating effectiveness (ToE) approach. This requires navigating differing and sometimes strongly held views, as the new metric based methodology requires a balanced compromise between assurance needs and the cost and effort involved, aligned with the organisation’s risk appetite.

What you are going to do

Develop proposals for harmonisation and automation of ToD and ToE:

• Work closely with IT, Security, Risk Management, Automation, and Data teams to:
• Align control requirements with process owners, system owners, and stakeholders
• Facilitate workshops to define:
  • A harmonised view on control requirements and key control activities
  • Key control indicators and thresholds
  • Required data points
  • Opportunities for automation of control execution
  • Process dependencies needed to implement KCIs and automation
• Provide subject‑matter expertise during design and review sessions

Automation Opportunity Assessment:

• Identify IT control activities suitable for automation (e.g., access logs, configuration checks, preventive monitoring)
• Work with automation workstreams to shape proposals, feasibility assessments, and business cases
• Define functional requirements for automated control execution and evidence‑collection tooling
• Support pilot implementations and contribute to automation governance

What we offer you

Our people are the driving force behind our organisation. We value the knowledge and expertise you bring. We believe that your temporary commitment can take our organization to a higher level. We offer you:

• Competitive hourly rate depending on your knowledge and experience
• A 1 year assignment (40 hours per week) until February 2027
• Hybrid way of working, partly from home and partly from the office in the Hague
• International working environment with loads of knowledge sharing

Who you are

We are looking for a professional with:

• Strong understanding of IT Risk Management, IT General Controls, and relevant control frameworks
• Experience with control design and ToD/ToE scripts
• Familiarity with GRC, data‑analytics, and reporting tooling (e.g., Power BI, ServiceNow GRC)
• Background in regulated financial institutions (e.g., banking or insurance), with familiarity in navigating strict supervisory requirements
• Strong data literacy and ability to interpret control‑related datasets
• Strong stakeholder engagement and workshop‑facilitation skills
• Understanding of change‑management and implementation methodologies (Agile preferred)

Preferred Qualifications:

• Experience in IT control automation or transformation programs
• Knowledge of IT risk and control frameworks and governance models
• Experience designing ToD/ToE testing scripts
• Bachelor’s or Master’s degree
• Relevant certifications: RE, CRISC, CISSP, CISA, CISM
• Familiarity with DNB information‑security good practices

When it comes to soft skills, we are looking for someone with strong analytical and critical thinking abilities, who is customer‑centric and demonstrates a collaborative mindset, communicates effectively in both written and verbal English, remains flexible and able to prioritise effectively, and shows a high sense of ownership and accountability.

Who you will work with

The team in our programme is compact enough for everyone to know each other well and to move forward quickly together. The atmosphere is open, relaxed, and focused on collaboration: we help each other progress and celebrate achievements together. Within IT Control Automation & Standardisation, people work with a wide range of skills, from IT control and automation to process improvement and compliance. This mix makes the work both varied and highly instructive. Together, we ensure that our IT controls become increasingly standardised and automated.

At NN we work hybrid. We combine working from home and working in the office. Teams can meet online or in person. You and your team agree on what suits you best. We have set up our offices in such a way that there is a suitable place for every type of work. The official location for this job is The Hague.

Any questions?

If you have any questions about the job, you can reach out to Nina Moekotte (Talent Acquisition Specialist) via [email protected].

Bij NN geloven we dat onze kracht ligt in het omarmen van de volledige diversiteit van de mensheid. We erkennen en waarderen ieders uniciteit en bijdrage, wat ons in staat stelt om te groeien: als individu, als team en als organisatie. 

Diversiteit, Gelijkheid en Inclusie zijn verankerd in onze cultuur, die wordt geleid door onze kernwaarden: care, clear en commit. Deze waarden helpen ons om een werkomgeving te creëren waarin iedereen zich welkom, gerespecteerd en trots voelt om deel van uit te maken.

Be you. You have our support.