Cyber Security GRC Analyst

Flow Traders is looking for a Cyber Security GRC Analyst to join our growing Security team in Amsterdam. This is a unique opportunity to join a leading proprietary trading firm with an entrepreneurial and innovative culture at the heart of its business. We value quick-witted, creative minds and challenge them to make full use of their capacities.

In this function you will play a crucial role in safeguarding the organization's security framework by supporting governance, risk management, and compliance activities. This position assists with external audits and ensures compliance with standards such as ISO 27001 and the Digital Operational Resilience Act (DORA). It also drives security awareness and culture through training initiatives and proactively identifies improvements by staying updated on regulatory changes and emerging technologies. Effective communication with stakeholders ensures alignment and understanding of security practices across the business.

What you will do

• Maintain and improve the ISMS in line with ISO/IEC 27001:2022. Ensure policies, procedures, and controls are up to date and implemented.
• Support risk management by tracking remediation, maintaining risk registers, and developing KRIs.
• Coordinate BIAs, control assessments, and vendor security reviews with a central risk register.
• Lead or assist with security projects such as tooling, policy rollouts, awareness campaigns, and control implementation. Manage related documentation and reporting.
• Design, deliver, and evaluate the Security Awareness Program, including role-specific training and phishing tests.
• Collect and report KPIs and KRIs. Provide dashboards and insights for leadership.
• Serve as liaison during audits, inspections, and certification processes. Act as a contact point for stakeholders.
• Work with teams on assessments, campaigns, training, and security improvements.

What you need to succeed

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field.
• 2–5 years of experience in information security governance, risk, or compliance roles.
• Knowledge of ISO/IEC 27001, SOC 2, and regulatory frameworks (e.g., GDPR, DORA).
• Experience with security frameworks (e.g., CIS Controls, NIST CSF, COBIT).
• Strong project management, communication, analytical, and documentation skills.
• Experience supporting audits (internal, external, financial, certification) is a plus.
• Familiarity with GRC platforms (e.g., ServiceNow GRC, Drata, Vanta, OneTrust) is a plus.
• Certifications (e.g., CISA, CRISC, ISO 27001 Lead Implementer/Auditor) are a plus.
• Understanding of financial sector regulations, operational resilience (DORA, NIS2), and threat modeling is a plus

Flow Traders does not accept unsolicited resumes from any professional staffing or search firms. All resumes, and any other information identifying potential candidates, submitted to any employee at Flow Traders via-email, the Internet or directly without a valid and signed search agreement will be deemed free to contact by Flow Traders without any restrictions and no placement fee of any kind will be paid in the event the candidate is hired by Flow Traders.