Job summary

We are looking for an experienced and hands-on Group Information Security Officer to design, implement and enforce information security policies and standards with our business teams, including our Product and Tech teams, and in close collaboration with our Risk and Compliance team. In addition, you have a monitoring role for Group managed IT processes, such as software acquisition. As a Group Information Security Officer, you report to the Group COO and lead the Information Security Office, including information security representatives from our auction brands.

You are responsible for information security risk assessments, identifying security improvements and weaknesses and working with our Product and Tech teams to resolve these, ensuring that our network and data remain secure.

To be successful, you should have expert analytical skills and in-depth knowledge of information security best practices to prevent and resolve a wide range of security threats. Top candidates will also be excellent communicators, able to train and educate our staff in various information security topics.

To monitor and align Group managed IT processes and solutions, you have a solid level of leadership and management skills allowing you to closely cooperate with Group and Regional functions. You work very closely with the Product and Tech teams, located in the Netherlands and Sweden as well as with the Group Risk and Compliance team based in the Netherlands.

As part of our strategy, we make significant investments in our auction software and data platforms to make them the invisible engines of our business. We work with different platforms, some for a specific brand and some integrated with multiple brands. We plan to continue integrating brands and platforms further in line with our vision “Better together”. While learning from our integration efforts we continue building new features in the system at the same time. You have an essential role in this transition to ensure a security mindset among the business teams and developers and to ensure that security best practices are created and followed.

Key responsibilities

• Own and continuously evolve TBA’s information security strategy, policies, and standards across all regions and brands.

• Act as the single point of accountability for information security, including cloud, application, infrastructure, and data security.

• Define and enforce security-by-design principles across product development, IT operations, and third-party integrations.

• Lead risk assessments, threat modeling, and vulnerability management; maintain an up-to-date security risk register.

• Own security incident response, including detection, escalation, communication, and post-incident reviews.

• Help with future compliance, regulatory and standardization projects (e.g. ISO 27001/2, GDPR, NIS2).

• Manage third-party and supplier security, including due diligence, ongoing reviews, and security clauses in contracts.

• Partner closely with Product, Development, IT, Legal, and Operations to balance security, speed, and business impact.

• Drive security awareness and training across the organization.

• Provide clear reporting to executive management, including risk posture, incidents, and remediation progress.

About you

As the company wants to build a group that works well together, team chemistry and the desire to develop something great together are central. It is important to be self-driven and to enjoy working together towards a common goal.

Qualifications & Experience

• Degree in computer science or a technology-related field.

• Professional information security certification.

• More than 5 years of experience in information security management, including conducting risk assessments, setting companywide standards, actively creating awareness, and managing incidents.

• Solid understanding of relevant laws, regulations and standards related to information security (amongst which NIS2 and ISO27001/2)

• Excellent problem-solving and analytical skills.

• Ability to educate a technical as well as a nontechnical audience about various security measures.

• Effective verbal and written communication skills in English.

What we offer you

• A pleasant workplace in Amsterdam, with city and regional transportation nearby.

• We support a hybrid work model, usually 2 days from home and 3 at the office, with adjustable working hours per day and offer 30 days of vacation, wellness contribution, pension solution, and health insurance.

• Start day: According to agreement

• Location: Amsterdam

• Salary: According to agreement

This is TBAuctions

In a world where overconsumption is a threat, TBAuctions finds it important to extend the life of products as long as possible. So, nothing of value should be lost. Our online intelligent auction platform makes this happen. By using data and a smart system we match supply and demand of used industrial products. Together with our auction brands (Troostwijk Auctions, Klaravik, Auksjonen, British Medical Auctions, PS Auction, Vavato, HT and Surplex) we bring sustainable trade to a higher level. With buyers and sellers all over the world millions of products are auctioned every year.

Auctioning is trendy and the way to buy and sell. We are fascinated by technology, with a love for user-friendliness and the drive to preserve value. Do you share this drive, and do you want to work for a company that has the ambition and the firepower to become the largest online auction platform in Europe? Apply for this vacancy!