The Role

As Leat grows, so does the complexity of our compliance obligations, client expectations around security, and the volume of legal and contractual work we handle. We are looking for a Security & Compliance Officer to take ownership of this domain — someone who can build and maintain our security governance program, handle legal and contractual matters, and act as the go-to person for compliance questions across the organisation.

This is a broad, impactful role with a lot of autonomy. You will work closely with our CTO and Head of Product, and interact with clients, partners, and vendors on a regular basis. The role suits someone who is equally comfortable reviewing a data processing agreement as they are running a security awareness training session or responding to a vendor assessment questionnaire.

Depending on your background and interests, this role can be shaped as part-time or full-time. We are open to the right candidate.

What You’ll Do

Security Governance

• Own and maintain Leat’s Information Security Policy (ISP) and related documentation, ensuring they remain accurate and up to date

• Manage and continuously improve our security awareness training program, including onboarding training and annual refreshers for all staff

• Coordinate and manage periodic penetration tests and vulnerability assessments, and track remediation of findings

• Own our Business Continuity Plan (BCP) and ensure it is kept current and tested

• Respond to vendor security assessments and due diligence questionnaires from (prospective) clients

• Drive Leat’s journey towards relevant certifications (e.g. ISO 27001) as the company scales

Legal & Contractual

• Review, draft, and manage contracts, Data Processing Agreements (DPAs), and vendor agreements

• Maintain and update Leat’s standard legal documentation including General Terms & Conditions, Privacy Policy, and SLA

• Ensure Leat’s continued compliance with GDPR and other applicable data protection legislation

• Act as a point of contact for clients and partners on legal and compliance matters

• Monitor relevant regulatory developments and advise the business on implications

Risk & Vendor Management

• Maintain an up-to-date register of subprocessors and ensure appropriate DPAs are in place

• Conduct periodic risk assessments and maintain a risk register

• Review the security posture of new and existing vendors handling personal data

Who you are

• 2–5 years of experience in a security, compliance, legal, or related role — ideally within a SaaS or tech company

• Solid understanding of GDPR and data protection principles

• Experience reviewing and drafting contracts and DPAs

• Familiarity with information security frameworks and standards (e.g. ISO 27001, SOC 2) — certification not required but a plus

• Comfortable working autonomously and taking ownership of a domain without a large team behind you

• Fluent in English and Dutch

• A practical, pragmatic mindset — we need someone who can get things done in a lean environment, not someone who builds frameworks for their own sake

What We Offer

• A broad, autonomous role with real impact in a young, energetic and collaborative team where your work is visible and valued

• An established Dutch tech company scaling up in Europe, the US and Australia

• An amazing office space between Utrecht and Amsterdam, easily reachable by both car and public transport (train station is right next door)

• The opportunity to build and shape the security and compliance function from the ground up

• Competitive salary in line with experience and hours

• 25 vacation days

• Business and travel expense reimbursement

• Pension scheme