Security Officer

It’s holiday season at Tony’s! 🎁🍫 We’re a bit slower on replies right now, but your application is important to us, and we’ll get back to you as soon as we can. We appreciate your patience and wish you a lovely holiday season! ✨

Why we are here  
Tony’s Chocolonely is committed to ending exploitation in cocoa. We are an impact company that makes chocolate, not a chocolate company that makes impact. With damn tasty chocolate, we lead by example, demonstrating that ethical practices and success can go hand in hand. Through Tony's Open Chain (TOC), mission allies like Albert Heijn, Waitrose, Ben & Jerry's, Feastables and Jokolade, have embraced a fairer, more transparent supply chain for their chocolate too. 
 
 

What you will do  
Ready to keep Tony’s safe while we shake up the chocolate industry? We’re on the hunt for a Security Officer who’s passionate about ensuring both online and offline security across our global operations. In this role, you’ll design and run a measurable, risk-based security program that aligns with EU and US regulatory frameworks — think NIS2, GDPR, NIST and ISO/IEC 27001:2022 — while embedding Zero Trust principles into our Microsoft and Okta environments. Your mission? To make sure our systems are secure, compliant, and ready to support Tony’s growth across North America, Europe and West Africa. 

You’ll be the go-to guardian for all things security, translating complex regulations into practical solutions that protect our people and data without slowing us down. From monitoring risks to driving continuous improvement, you’ll combine sharp technical skills with a collaborative mindset. You’ll work closely with teams to embed security into everything we do, across both IT and OT, making this a unique and diverse opportunity. If you’re excited to create a culture of safety and resilience while helping Tony’s scale globally, this is your chance to make an impact. You will join our Homebase team in Amsterdam and report to our Head of IT. 

All wrapped up, you will 

• Champion compliance and governance: Implement NIS2 risk management measures and incident reporting workflows, ensure GDPR compliance with privacy by design, and keep our ISMS aligned to ISO/IEC 27001:2022—because security starts with solid foundations. 

• Get us certification-ready: Drive ISO 27001 and NIS2 QM20 readiness and nail that certification within 12 months. 

• Shape the big picture: Define a bold 3-year global (cyber)security roadmap that aligns with EU, UK and US priorities, integrating frameworks like ECSF and Cybersecurity Act schemes. 

• Architect for trust: Deploy Zero Trust principles across Microsoft 365/Azure and Okta, harden endpoints and identities with Intune, Defender and conditional access, and make sure all of privileged access runs on JIT and MFA. 

• Keep vendors in check: Perform third-party risk and vendor security assessments so our partners are as secure as we are. 

• Be ready for anything: Create playbooks for cyber incidents and GDPR breaches, align business continuity with ISO 22301, and run at least one cyber simulation per year—because practice makes perfect. 

• Spread the security love: Drive global security awareness programs and role-based training, implement supplier assurance controls per NIS2 and CIS Controls, and report on our security posture to leadership. 

• Raise the bar: Ensure 100% of critical vendors meet CIS IG1 baseline and keep our security culture strong across every corner of Tony’s. 

Our new flavor:   

• Significant previous work experience in the security space, both online and offline, preferably with multi-region exposure covering EU, UK, and/or US. 

• Proven experience in and maturity to translate global (cyber)security developments into actionable steps, clear business terms and trade-offs for Tony’s, ensuring compliance and resilience across multiple regions and informing and influencing stakeholders with confidence and clarity. 

• Hands-on experience with NIST CSF 2.0 for structuring programs and ISO/IEC 27001 for ISMS assurance. 

• Regulatory understanding: You operationalize GDPR like a pro, implement NIS2 risk management measures, and keep Tony’s ahead of evolving EU, UK and US regulations. 

• Deep knowledge of identity management, endpoint protection, and modern cloud security practices. Knowledge of and experience with Microsoft security environment and OKTA IAM is a plus!  

• Previous experience in building or upgrading an ISO 27001:2022 ISMS to certification and delivering Zero Trust adoption patterns using Okta and Microsoft tools.  

• Experience in risk management, threat intelligence and incident response, having led GDPR breach handling and NIS2 readiness with clear executive reporting. 

• CISSP, CCISO or similar certification is a big plus! 

• Strong business understanding and strategic mindset - ability to see the big picture, but not afraid to roll up your sleeves to ensure brilliant execution.  

• Eagerness to work in a fast-paced scaleup environment, bringing clarity and cohesion across diverse teams.  

• Excellent stakeholder management, collaboration and communication skills in English. 

• We are all about being more in person than apart; this means we offer flexibility but see each other in the Amsterdam office on average 3 days a week. More is fine too!  

• Believe wholeheartedly in Tony’s purpose. You live our core values: outspoken, in it together, entrepreneurial, raise the bar and makes you smile. 

Our benefits (the icing on the cake) 

At Tony's you will get the opportunity to be part of something extraordinary; first and foremost, by making real impact in the world but also enjoying the nice benefits we provide as you help us succeed. We’re dedicated to enabling all Tonys to grow and develop their careers and therefore we offer training programs, regular feedback cycles, coaching and a generous L&D budget. We also offer a wide range of additional benefits, including a luxurious (vega) lunch, company bonus, minimum of 28 holidays, inspirational team updates, unforgettable events and unlimited chocolate. But we also know chocolate won’t cover the bills, so we’ve made sure your salary is just as rewarding, for this role that means an annual salary in the range of 65-89k, including holiday pay.  

Sounds like you?  

Are you passionate about making a difference in the world? Look no further! If you're ready to take the chocolate industry to new heights with us, we'd love to hear from you! Please send your direct application, no agencies. We can't wait to hear from you!  

At Tony's we are convinced that diversity of thought, background and perspectives will make us stronger (...just like the different flavors of our chocolate assortment). Our mission is founded on principles of equity and justice, and we are actively seeking candidates who bring new perspectives and life experiences, especially from underrepresented groups. We look forward to your application!