Risk and Compliance Officer
Introduction
At TenneT, we work on the electricity grid of tomorrow. As an Integrated Security Officer within Digital & Technology Transformation (DTT), you play a crucial role in ensuring a resilient and future-proof organization. From your expertise, you directly contribute to safeguarding critical operations and maintaining business continuity – today and in the future.
About TenneT, unit, department and team
TenneT is a leading European Transmission System Operator (TSO) and plays a key role in the energy transition. With more than 23,500 kilometers of high-voltage connections and thousands of employees, we ensure a reliable and secure electricity supply in the Netherlands and large parts of Germany.
You will be working within the Digital & Technology Transformation (DTT) unit. This unit is responsible for driving digital innovation, IT transformation, and ensuring secure and reliable digital operations across TenneT.
Within DTT, you will operate in a team focused on security, risk, and resilience, supporting business continuity and information security initiatives across
multiple business units.
You will be part of a multidisciplinary environment where collaboration with IT, security, and business stakeholders is essential to ensure operational continuity and resilience.
The function
How do you keep the Netherlands running?
The Risk & Compliance Officer is an experienced IT/OT Risk Manager acting as a second-line advisor, driving risk management and strengthening risk practices across the division.
Your responsibilities include:
• Act as a second-line trusted advisor to IT and OT teams on risk management, audit, and compliance topics.
• Orchestrate the end-to-end Risk Management process within the division, ensuring effective coordination with other units and alignment with enterprise risk frameworks.
• Own and continuously improve the risk register, ensuring it is accurate, up to date, and compliant with the defined Risk Management methodology, with a clear view on key and emerging strategic risks.
• Drive the design, implementation, and effectiveness of IT/OT controls and mitigation measures, working with stakeholders to ensure timely and sustainable remediation of identified risks.
• Monitor and challenge progress on risk mitigation actions, holding action owners accountable and addressing delays or gaps proactively.
• Promote and embed a strong risk-aware culture, increasing maturity and awareness across teams through coaching, communication, and practical guidance.
• Drive the continuous enhancement of the risk management framework by identifying opportunities to improve maturity, embedding best practices, standardization, and strategic risk-focused initiatives.
• Partner closely with Domain Risk & Compliance Officers across the division to ensure alignment, consistency, and integration of risk practices across business units.
What do you bring?
• Bachelor’s or Master’s degree in IT, Cybersecurity, Risk Management, or a related field.
• Proven experience (typically 5+ years) in IT/OT risk management, cybersecurity, audit, or compliance, preferably in complex environments.
• Strong knowledge of IT/OT risk management frameworks (e.g., ISO 27001, NIST, COBIT)
• Solid understanding of audit, controls design, and regulatory compliance
• Capability to translate risk into business impact and actionable insights
• Experience in orchestrating end-to-end risk management processes
• Ability to drive accountability and monitor remediation actions
• Experience in process improvement and increasing risk maturity within an organization.
• Strong communication and influencing skills, including constructive challenge
• Proactive and results-driven with a continuous improvement focus
• Good command of English language. Dutch language is a plus.
Competencies:
• Strong collaboration skills across multidisciplinary teams
• Ability to act as a central point of contact and coordinator
• Analytical mindset with a focus on risk and securtiy
• Service-oriented and stakeholder-focused approach
• Continuous improvement mindset
Important
• Role combines security, risk management, and resilience planning
• Stakeholder management and coordination are critical for success
• Experience with ISO frameworks is highly valued
• You need to be the eyes and ears of the manager for certain projects.
• The soft skills (communicational and politcaly senitivity) are just as important as the technical skills.
• The prefferance of TenneT is that the candidate works fulltime.
Practical information
• A Certificate of Conduct (VOG) and a UVO screening must be obtained before the candidate can start!
• Location: 3 days a week in Arhnem (monday and thursday are mandatory) the rest hybride. During the onboarding you will need to be more present at the office.
• ZZP: this role is suitable for freelancers*
• Extension option: yes
• Interviews: maximum of 2 rounds
• If there are enough suitable candidates this role can be closed on a earlier date or time.
*PLEASE NOTE: We no longer work with a ZZP Indirect construction within TenneT. This will be a fee-only construction where € 1,45 of the margin is retained from the supplier. After 1 year worked, the supplier will definitely leave out of the chain. So take this into account.
Additional information:
• Suppliers of candidates must be aware of the applicable laws and regulations in the field of employment conditions and the (TenneT) collective labor agreement. This commitment falls within scale 9 of the TenneT collective labor agreement;
• We would like to receive the personal motivation and CV in English/Dutch.
Screening:
• Pre-employment screening: If the candidate is allowed to start at the client, a pre-employment screening will take place. We will then send you the necessary documents. Your candidate may only start after completing the pre-employment screening. The VOG application is part of the screening from Magnit, the VOG must be received before the candidate can start; The UVO screening also needs to be completed.
• The candidate has proof of identity (a passport or identity card), which is valid at intake and on the start date of the candidate's contract and can be submitted for verification.
Availability:
• It is important that the candidate is available for the entire requested period in the application;
• When offering a candidate, we assume that you agree with the terms and conditions of this specific client. If you are not familiar with these conditions, you can request them from the responsible recruiter.
IMPORTANT! Fill in all candidate details correctly. Always enter the date of birth correctly and enter at ?place of residence? the candidate's place of residence. This is data that the customer wants to receive with the offer. In the event of incomplete/incorrect offers, there is a risk that the candidate cannot be offered and will therefore be rejected.