
Awin · Amsterdam
Purpose of Position As Information Security Risk Specialist (f/m/d) you will own and drive Awin’s global Information Security Risk Management capability end-to...
Purpose of Position
As Information Security Risk Specialist (f/m/d) you will own and drive Awin’s global Information Security Risk Management
capability end-to-end, ensuring the business not only understands its risks but takes measurable action to reduce them. You will
be accountable for embedding a strong culture of risk ownership across the organisation, proactively identifying gaps, and driving
remediation through to completion.
This role requires structured risk identification, assessment, and reporting whilst acting as a advisor to senior leadership and
the board. It ensures that risk appetite is clearly defined, actively used in decision-making, and consistently monitored.
Your location: Ideally in Berlin, Munich, Madrid, Warsaw, London, Iași, Stockholm, or Paris (or in Germany, Spain, Poland, UK,
Romania, Sweden, or France)
Key Tasks
risks are prioritised and clearly articulated in business terms (financial, regulatory, reputational) to enable effective
decision-making. Drive risk remediation to closure, holding risk owners accountable for delivery and escalating where progress
stalls. Ensure risk management is embedded in cross-functional initiatives and considered as part of key business decisions.
just status updates. Facilitate risk reviews that are focused on decisions, accountability, and measurable progress.
decision-making. Establish and track KPIs that measure real improvements in risk posture, not just activity.
technical and business teams, ensuring risks are clearly understood and acted upon.
requirements. Monitor control effectiveness, proactively identify weaknesses, and drive improvements.
assurance. Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into
practical risk implications and actions for the business.
Skills & Expertise
stakeholders
Our Offer
completely disconnected day per week) at full pay, with no reduction to your annual holiday allowance.
foster a culture of mutual trust and working flexibility.
as well as a furniture package to support you in setting up a comfortable workspace when working from home.
physical wellbeing.
professional and personal growth, with trainings conveniently packaged to help your overall development.
We are hiring in multiple countries for this role. Additional benefits, including health and wellbeing offerings, will be
discussed during the initial interview.
Established in 2000, Awin is proud of our dynamic, social and inclusive culture.
Like all businesses, we’ve had to adapt and nurture our culture in a virtual environment. Our virtual ‘Life @ Awin’ hub brings our
colleagues from across the globe together for various social activities.
Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and
authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the
employees powering our vision to build the world’s leading open partner ecosystem. We welcome all backgrounds, identities, and
experiences. If you need support at any point in the application or interview process, please let us know.
Awin is part of the Axel Springer group. Learn more at axelspringer.com/en/, and explore the Axel Springer Essentials here:
axelspriger.com/en/inside/the-essentials-what-we-have-adapted-and-why
Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal
development.
Purpose of Position As Information Security Risk Manager (f/m/d) you will own and drive Awin’s global Information Security Risk Management capability end-to-end, ensuring the business not only understands its risks but takes measurable action to reduce them. You will be accountable for embedding a strong culture of risk ownership across the organisation, proactively identifying gaps, and driving remediation through to completion. This role requires structured risk identification, assessment, and reporting whilst acting as a advisor to senior leadership and the board. It ensures that risk appetite is clearly defined, actively used in decision-making, and consistently monitored. Your location: Ideally in Berlin, Munich, Madrid, Warsaw, London, Iași, Stockholm, or Paris (or in Germany, Spain, Poland, UK, Romania, Sweden, or France) Key Tasks * Lead enterprise-wide risk identification and assessment across strategic initiatives, technology, and third parties. Ensure risks are prioritised and clearly articulated in business terms (financial, regulatory, reputational) to enable effective decision-making. Drive risk remediation to closure, holding risk owners accountable for delivery and escalating where progress stalls. Ensure risk management is embedded in cross-functional initiatives and considered as part of key business decisions. * Own and maintain the Information Security Risk Register, ensuring it reflects true risk exposure, progress, and outcomes, not just status updates. Facilitate risk reviews that are focused on decisions, accountability, and measurable progress. * Define, embed, and maintain the organisation’s risk appetite, ensuring it is actively used in both business and technology decision-making. Establish and track KPIs that measure real improvements in risk posture, not just activity. * Provide clear, opinionated, and actionable risk insights to senior management and the board. Act as the bridge between technical and business teams, ensuring risks are clearly understood and acted upon. * Confidently challenge and influence stakeholders to ensure risks are neither understated nor inappropriately accepted. * Own and continuously improve Awin’s global information security risk management framework, aligned to ISO 27001 and regulatory requirements. Monitor control effectiveness, proactively identify weaknesses, and drive improvements. * Embed risk management into business processes so that risks are considered early and proactively, rather than retrospectively. * As the most senior member of the team, mentor and develop GRC team members, building capability in risk management and assurance. Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into practical risk implications and actions for the business. Skills & Expertise * Proven track record of owning and delivering risk management initiatives end-to-end * Experience driving risk remediation across teams without direct authority * Strong experience presenting and defending risk positions to senior leadership and boards * Hands-on experience within an ISO 27001-certified ISMS environment * Strong knowledge of frameworks such as ISO 27001 * Experience designing, implementing, or improving control frameworks * Experience with GRC platforms (e.g. Hyperproof) * Confident communicator (with very good English skills) - able to build relationships and challenge/influence senior stakeholders Our Offer * Flexi-Week: We prioritise your mental health and wellbeing by offering you a four-day Flexi-Week (with one lighter or completely disconnected day per week) at full pay, with no reduction to your annual holiday allowance. * Flexi-office: We offer an international culture and flexibility through our hybrid/remote working scheme which is designed to foster a culture of mutual trust and working flexibility. * Work Expense Contribution & Remote Working Furniture: You will receive a monthly allowance to cover part of your running costs, as well as a furniture package to support you in setting up a comfortable workspace when working from home. * Health and Wellbeing: With our support and access to various initiatives and sports offers, you can focus on your mental and physical wellbeing. * Development: We’ve built our extensive training suite, Awin Academy, to cover a wide range of skills that support your professional and personal growth, with trainings conveniently packaged to help your overall development. * Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer recognition programme. We are hiring in multiple countries for this role. Additional benefits, including health and wellbeing offerings, will be discussed during the initial interview. Established in 2000, Awin is proud of our dynamic, social and inclusive culture. Like all businesses, we’ve had to adapt and nurture our culture in a virtual environment. Our virtual ‘Life @ Awin’ hub brings our colleagues from across the globe together for various social activities. Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world’s leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know. Awin is part of the Axel Springer group. Learn more at axelspringer.com/en/, and explore the Axel Springer Essentials here: axelspriger.com/en/inside/the-essentials-what-we-have-adapted-and-why Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development. #LI-AM1
YOUR MISSION About the Job Title: Senior JavaScript Security Researcher Position: Full-time | 40 hours per week Location: Amsterdam, Netherlands | Work From home (2-3 days per week in the office) Salary Range: 80.000,- to 100.000,- annually At ThreatFabric, we help the world's leading banks stay ahead of fraudsters, scammers, and cybercriminals. Our technology protects millions of users every day by detecting fraud, malware, and emerging attack techniques before damage is done. As a Senior JavaScript Security Researcher, you'll explore new browser capabilities, uncover detection methods, and turn cutting-edge research into real-world protection used at global scale. Your discoveries won't remain on a whiteboard, they'll directly help safeguard people and businesses around the world As a senior JavaScript Security Researcher, you’ll be responsible for maintaining our FRS web SDKs. Next to that you’ll be driving the new (detection) capabilities of our SDK. This includes detecting and investigating fraud patterns & trends. You’ll be working closely with Threat Analysts and Product teams to enhance fraud detection. Part of your job is exploring and experimenting with (new and upcoming) browser APIs, and research how these APIs can be used to create new and novel detections mechanism. This requires a creative and out-of-the-box mindset. Proven experience with browser and JavaScript security research is a plus. The position You should have the ability to research, develop, manage, test, and deploy browser-based JavaScript code in the following areas: * Latest browser fingerprinting tactics * Ability to research the underlying working of browser APIs * Ability tocome up withnovel to use these APIs for detection; this includes looking for anomalies, side channels, and other side effects of these APIs * Creating a production ready web SDK Your daily work is to collaborate with the behaviour and device risk analytics tech team including backend engineers, data scientists and product managers. You are expected to be able to work with minimal guidance as lead research and JavaScript engineer. Since you will be working in a startup environment, passion and motivation are key to success and pleasure at work. Responsibilities Your key responsibilities will include: * Maintaining our FRS web SDKs * Driving the new (detection) capabilities of our SDK * Detecting and investigating fraud patterns & trends * Working closely with Threat Analysts and Product teams to enhance fraud detection * Exploring and experimenting with (new and upcoming) browser APIs * Researching how these APIs can be used to create new and novel detections mechanism What We Offer * A 12-month employment contract with the intention to extend. Subject to mutual satisfaction, this may lead to a permanent position. * A competitive salary that reflects your skills and experience with a salary range between:80.000,- to 100.000,- annually. * 25 Holidays per year * 8% holiday allowance (included in annual salary). * A Pension Scheme. * A stimulating and supportive work environment that encourages growth and development. * The opportunity to make a meaningful impactina rapidly growing tech company. * Flexible Remote / Hybrid work from home options to promote work-life balance. * Flexible working hours. * ActiveThreatFabric events and FitFabric bootcamps. * Active knowledge sharing huddles. YOUR PROFILE Skills and qualifications * 8+ years relevant experience in JavaScript and or framework development. * Familiar with Browser APIs including APIs needed for browser, mouse, keystroke, scroll dynamics. * Able to work with Open Source development workflow using git. * Excellent debugging and problem-solving skills. * Knowledge of Docker is a nice to-have. * Proficient English writing skills to document work and communicate project status. * Be a team player and feel comfortable communicating and collaborating with other team members. Creativity and Innovation: * Generates and implements creative, innovative solutions to complex problems. Problem-Solving: * Communicates solutions clearly and concisely. * Possesses a scale-up mentality where flexibility and adaptability are key. Communication and Interpersonal Skills: * Communicates technical concepts effectively to diverse audiences. * Thrives in collaborative environments, fostering teamwork and cooperation. * Demonstrates empathy and understanding in interpersonal interactions. Continuous Improvement: * Actively seeks opportunities to enhance workplace practices and product quality. * Embraces a mindset of ongoing learning and development to stay ahead of industry trends. Information Security, Business Continuity & Privacy: * Proactively engages in maintaining information security and privacy standards. WHY US? About ThreatFabric At ThreatFabric, we're not just shaping the future of cybersecurity - we're defining it. With our headquartered in the vibrant city of Amsterdam, ThreatFabric stands at the forefront of combating online fraud, mobile malware, and threat intelligence. Costly online scams, fraud and malware attacks are rampant. Victims’ life savings are stolen, but so are their confidence and trust. On top of this, financials' brand and reputation are damaged. Many lack online visibility to trigger prompt reaction, and the industry faces regulatory reimbursement pressure. This is why ThreatFabric provides web and mobile security: scam, fraud and malware detection and prevention, and threat intelligence to be proactive. We help the biggest financial brands protect their customers and their reputation in a world where attacks escalate, and trust erodes. Join Our Dynamic Team Ready to dive into the heart of innovation? Our team is a melting pot of talent, passion, and expertise from all corners of the globe. Behind ThreatFabric's success lies a diverse ensemble of technical experts, data scientists, and thought leaders united by a passion for innovation. With a global perspective and a collaborative spirit, our team leverages innovative technology and thousands of data points to deliver security solutions. As a scale-up, we embrace a scale-up mentality where flexibility, adaptability, and a dynamic approach are essential. Our Core Values At ThreatFabric, our culture is defined by three guiding principles: * One Team: Collaboration fuels our success as we work together to tackle complex challenges. * Continuous Excellence: We're committed to pushing boundaries and exceeding expectations in everything we do. * Customers at the Heart: Our customers are not just clients — they're partners. Their success is our priority. Interested? Are you as excited about this opportunity as we are? We can't wait to hear from you! Apply through the Personio link, and let's make innovation happen together! We aim to fill this vacancy in 2025. What's next? So, you've hit send - what happens now? First, we'll do a screening to ensure we're a good match. If all goes well, you'll be invited for an initial chat with us. Then, there's a second interview, and we may include an assessment to better understand your skills. Ready to take the plunge? Please note: Pre-employment screening is part of our selection proces, together with an technical assessment. We do not accept unsolicited resumes from recruiters or employment agencies.
About the AI Platform Team The AI Platform Team enables Awin teams to build, ship, and operate AI-powered products safely, consistently, and efficiently. We focus on the shared platform and enablement layer for AI development across the company. That includes reusable services, internal APIs and SDKs, platform patterns, observability, evaluation support, guardrails, cost visibility, and practical guidance that helps teams move from experimentation to production with confidence. This is a team for engineers who enjoy building internal platforms, creating paved roads for others, and raising the engineering quality bar for AI development across the organization. About the role We are looking for a Senior AI Platform Engineer - Security & Governance to join the AI Platform Team and help define and implement the guardrails, privacy patterns, governance mechanisms, and safe defaults that allow AI adoption to scale responsibly across Awin. In this role, you will work on the safety and control layer of AI development: AI security patterns, privacy and PII handling guidance, provider and model governance, reusable guardrails, and lightweight readiness mechanisms that improve safety without creating unnecessary process. This role is best suited to someone who combines strong engineering judgment with real practical experience in security, governance, privacy, or compliance for AI-powered systems. We care more about evidence of sound decision-making and pragmatic implementation than about titles or years in a specific niche. What youʼll do * Define and improve practical guardrails and safe defaults for AI-powered systems * Help shape Awinʼs approach to privacy, PII handling, and data-safe patterns for AI workflows * Contribute to approved provider and model guidance, including practical validation and usage expectations * Work with engineers to translate policy, risk, and governance needs into reusable platform patterns and engineering controls * Help define production-ready expectations for AI systems from a safety, governance, and risk perspective * Contribute to readiness checks, automated validations, and scalable governance mechanisms that reduce reliance on manual approval processes * Help improve logging, tracing, and observability practices so AI systems are auditable and safer to operate * Partner closely with Security, Legal, Architecture, and product engineering teams to ensure standards are practical and proportionate * Support teams in understanding AI-specific risks such as unsafe outputs, provider misuse, privacy exposure, and poor trace hygiene * Write clear documentation, patterns, and guidance that help teams apply standards consistently * Contribute to strong engineering practices across the team through clean code, testing, and collaboration * Mentor others and help raise the teamʼs overall maturity in AI safety, governance, and privacy-aware engineering Requirements * Strong software engineering fundamentals and experience working on production systems * Practical experience in security, governance, privacy, compliance, or risk-related engineering work * Clear hands-on experience applying those controls to AI- or LLM-powered systems * Strong understanding of AI-specific risks, including privacy exposure, PII handling, unsafe outputs, provider/model risk, and misuse or abuse patterns * Experience translating policy or risk requirements into practical engineering controls, patterns, or defaults * Good understanding of how to make AI systems observable, auditable, and safer to operate in production * Ability to work effectively with engineers, architects, and non-engineering stakeholders such as Security or Legal * Good practical experience with Python and/or JavaScript / TypeScript * Comfortable working across the lifecycle of a platform capability, from design and implementation to rollout and iteration * Good understanding of information security and how to design solutions with security in mind * Comfortable applying unit testing, continuous integration, and continuous deploymentStrong communication skills, both synchronous and asynchronous * Comfortable working through ambiguity and helping shape standards where the right balance between safety and speed is still evolving * Strong judgment and pragmatism, with an ability to improve safety without introducing excessive bureaucracy Nice to have * Experience designing or implementing guardrails for AI or LLM-powered systems * Experience with AI governance automation, readiness gates, policy checks, or preflight validation patterns * Familiarity with tracing, auditability, and logging standards for AI systems * Familiarity with evaluation workflows, regression checks, and production readiness practices for AI * Experience assessing third-party AI providers or model usage from a risk or governance perspective * Experience with privacy-by-design patterns in data-sensitive systems * Experience working in regulated or higher-risk environments * Experience writing clear developer guidance and turning repeated risk questions into reusable standards Tools and technologies you may work with: * Python * JavaScript / TypeScript * Azure / AWS * LLM APIs * CI/CD tooling * Observability and tracing tools * Policy and validation patterns * Internal platform services, standards, and governance tooling Working style We are looking for someone who enjoys building in a space that is evolving quickly, but who stays grounded in pragmatic engineering and long-term platform value. A strong fit for this role is someone who: * Thinks clearly about real-world AI risk, not just theoretical concerns * Can balance safety, speed, and developer experience * Communicates clearly and helps others understand trade-offs * Prefers reusable controls and automation over manual gatekeeping * Is comfortable collaborating across engineering, security, architecture, and legal boundaries * Writes clear, actionable guidance rather than vague policy language * Is proactive about identifying risk patterns early and turning them into scalable solutions * Enjoys helping other engineers build safer systems without slowing them down unnecessarily Our Offer * Flexi-Week: We prioritise your mental health and wellbeing by offering you a four-day Flexi-Week (with one lighter or completely disconnected day per week) at full pay, with no reduction to your annual holiday allowance. * Flexi-office: We offer an international culture and flexibility through our hybrid/remote working scheme which is designed to foster a culture of mutual trust and working flexibility. * Work Expense Contribution & Remote Working Furniture: You will receive a monthly allowance to cover part of your running costs, as well as a furniture package to support you in setting up a comfortable workspace when working from home. * Health and Wellbeing: With our support and access to various initiatives and sports offers, you can focus on your mental and physical wellbeing. * Development: We’ve built our extensive training suite, Awin Academy, to cover a wide range of skills that support your professional and personal growth, with trainings conveniently packaged to help your overall development. * Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer recognition programme. We are hiring in multiple countries for this role. Additional benefits, including health and wellbeing offerings, will be discussed during the initial interview. Established in 2000, Awin is proud of our dynamic, social and inclusive culture. Like all businesses, we’ve had to adapt and nurture our culture in a virtual environment. Our virtual ‘Life @ Awin’ hub brings our colleagues from across the globe together for various social activities. Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world’s leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know. Awin is part of the Axel Springer group. Learn more at axelspringer.com/en/, and explore the Axel Springer Essentials here: axelspringer.com/en/inside/the-essentials-what-we-have-adapted-and-why Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development. #LI-RS1