logo
Schedule a meeting

Vacancies

Join Brightlyn

(Senior) Manager IT Audit

Location: The Hague (Binckhorst)

A role for experienced IT Audit professionals seeking deeper advisory impact.

Have you built a strong career in IT Audit or Technology Risk as a (Senior) Manager IT-Audit at a Big-4 and are you ready to take the next step? A step where you go beyond reporting findings and start helping organizations truly get in control of information security and cyber risk?

At Brightlyn, we work with society-critical organizations to strengthen security governance, manage cyber risk, and meet regulatory requirements in a way that is pragmatic, effective, and defensible. This role is designed for IT Audit professionals who want to apply their audit expertise in a broader, more impactful advisory context.

Extending IT Audit Experience into Security and Cyber Risk

You already know how to:

  • assess IT governance, risk, and controls;
  • work with frameworks like ISO 27001, COBIT, and NIST;
  • challenge management constructively;
  • communicate complex risk topics to boards and executives.

At Brightlyn, you build on those exact skills—but instead of stopping at assurance, you:

  • help clients design and improve controls;
  • guide them through cyber regulations such as NIS2 and DORA;
  • translate findings into practical roadmaps that actually get implemented.

This role builds on your IT Audit background while expanding your scope.

Your Role

As a (Senior) Manager IT Audit & Security Risk, you act as a trusted advisor to senior management, boards, and risk committees. You leverage your audit skills to assess, structure, and improve security governance, risk management, and controls—while translating regulatory and security requirements into pragmatic, achievable solutions. You combine your audit mindset with security and cyber risk expertise to help organizations become demonstrably in control of their information security.

You will assist and lead clients in automating their IT and security control testing, helping them move from manual, periodic assessments to more efficient and scalable approaches. This includes advising on control design, data-driven testing, and the use of tooling to enable continuous or semi-continuous assurance.

This role is ideal if you enjoy:

  • moving from assessing controls to helping organizations improve them;
  • combining assurance, advisory, and security;
  • working close to decision-makers on complex risk topics.

You will work across sectors such as financial services, public sector, utilities, production, and retail—often in complex, regulated environments where your background truly adds value.

Key Responsibilities

You will:

  • Lead IT, security, and cyber risk assessments, focusing on governance, risk management, and internal controls.
  • Translate audit-style findings into concrete, prioritized improvement plans aligned with business objectives.
  • Advise on compliance with NIS2, DORA, ISO 27001, and related standards—focusing on intent, proportionality, and practicality.
  • Support organizations in strengthening security governance, roles & responsibilities, and risk ownership.
  • Perform and oversee targeted reviews such as ransomware readiness assessments and regulatory gap analyses.
  • Act as a sparring partner for CISOs, CIOs, Risk Managers, and Boards.
  • Contribute to the development of new security, risk, and compliance services.
  • Present clearly and confidently at executive and board level.

What We’re Looking For

We believe this role fits you well if you bring:

  • A background (6-9 years of experience) in IT Audit, Technology Risk, or IT Assurance, ideally at Manager or Senior Manager level (Big-4 or similar).
  • A Master’s degree from a research university (WO level); a post-master degree (e.g. RE) is a strong plus.
  • Relevant professional certifications such as CISSP, CISM and/or CISA.
  • Fluency in both Dutch and English, written and spoken.
  • A proven ability to assess, structure, and explain IT and security risks.
  • Affinity with information security and cybersecurity, even if your career started from audit.
  • Interest or experience in cyber regulations such as NIS2, DORA, or similar regulatory frameworks.
  • Strong experience with frameworks such as ISO 27001, COBIT, NIST CSF, or comparable control frameworks.
  • Excellent communication and stakeholder management skills, including board-level interactions.
  • A pragmatic, advisory mindset and the confidence to challenge and guide clients.

Why Brightlyn?

  • From assurance to impact: Help organizations improve instead of just report.
  • Closer to decision-making: Work directly with boards and senior leadership.
  • Advisory depth: Combine audit, security, and regulation in one role.
  • Growth & learning: Coaching, mentoring, and room to deepen your security expertise.
  • Great culture & location: A modern office in The Hague’s Binckhorst district, with great facilities, food, drinks, and a gym.
Apply now

Frequently asked questions

We're here to answer all your questions

Got a question before applying? Here are some common things future Brightlyn team members often ask.

Our process is designed to be clear and personal. After you apply, we’ll review your CV and motivation. If there’s a match, we’ll schedule an initial call to get to know you. That’s followed by one or two in-depth conversations with our team—focused on your experience, your ambitions, and how we can grow together.

Make a real impact in cyber security

Looking to do meaningful work in cyber security and risk management? At Brightlyn, you’ll help protect the systems that keep our society running—think finance, energy, healthcare, and government. We go beyond checklists and compliance; we turn digital security into a strategic advantage for our clients.
  • Create real-world impact
  • Grow with expert guidance
  • Work that matters, every day