Implementation ServiceNow IRM module

start date: 01-12-2025
end date: 01-06-2026 - option to extend
number of hours: 32 hours
location: Arnhem - Tuesdays & Thursdays fixed office days - Hybrid
max rate: €139.50 incl MSP fee
zzp: No
submit CVs in Dutch
 

1. General project information

Objective of IRM implementation:

Our vision for GRC is focused on creating a decisive, agile and future-proof organization by:

• Risk management - Decision-makers have timely access to relevant risk information and opinions for informed, cost-conscious choices.
• Governance - A clear structure and clear ownership ensure that everyone contributes from their roles.
• Compliance - Structural compliance with laws and regulations strengthens trust and is essential for customer service.
• Data-driven work - Fast, informed insights and actions through efficient data sharing.
• Reliable operations - We are a stable partner for customers, suppliers and regulators.
• Assurance - Faster and better visibility into our "in control" status gives more grip on internal control.
• Automation - Less manual work, more efficiency and accuracy in controls.

The contractor is working with our Alliander ServiceNow team and the goal is to implement SN-IRM so that Alliander has a working system to achieve our vision.

Departments and stakeholders involved:

• Risk Management & Compliance
• Product Owner ServiceNow - Technical Platforms
• CISO
• VMK
• Digitization
• Architecture

2. Work to be performed.

What does Alliander itself do:

• Project leader role will be provided by Alliander itself.
• The technology IRM specialist is provided from within Alliander itself.
• Establish the standard risk process (scope: from risk identification, to control testing to action tracking.
• Define the data model for the IRM module, consider specification of fields in tables such as risk, control and issue, and the format for completion.
• Perform project management, including guiding the implementation process and managing the timeline and deliverables.
• Perform data cleaning current GRC application prior to migration.

In scope:

• Mapping the standard risk process to the functionality and setup of the IRM module.
• Implement Alliander specified workflows in ServiceNow IRM in collaboration with the Alliander ServiceNow Team.
• Establish a framework for roles, responsibilities, user roles and access rights related to ServiceNow IRM in collaboration with the Alliander ServiceNow Team. Setting up user roles and authorizations in IRM via Sailpoint (SID) in collaboration with the Alliander ServiceNow Team.
• Train Alliander ServiceNow IRM administrators so they can perform functional management independently.
• Preparation of manuals for the various users of ServiceNow IRM.
• Setting up the standard risk management processes in IRM, based on the Alliander methodology and data in collaboration with the Alliander ServiceNow Team.
• Setting up the standard risk and compliance processes in IRM, based on the Alliander methodology and data in collaboration with the Alliander ServiceNow Team.
• Setting up the standard control and management processes, based on the Alliander methodology and data in collaboration with the Alliander ServiceNow Team.
• Creation of a testing strategy, including test scripts and allocation of testing work to Alliander personnel (for all of the above processes).
• Support migrating the current Alliander control frameworks to ServiceNow IRM, in collaboration with the Alliander ServiceNow Team. This includes the Business Control Framework Finance, the Digitization Control Framework and ISO2K1 from CISO.
• Support migration of specific questionnaires from current ABS.
• Support migrating current risks, controls and actions from ABS to IRM

Customization is not part of this implementation. Only standard ServiceNow IRM will be implemented.

3. Desired Profile

To carry out this assignment, a project leader and an IRM technical specialist are available internally from Alliander. In addition, we would like to deploy one consultant. We are asking for the following profile to be filled:

Functional Consultant

• You have knowledge and experience with ServiceNow IRM and its implementation
• You have knowledge and experience in training the Business on IRM
• You have demonstrable work experience in the field of Internal Control Objectives and Risk Statements, in particular the development and implementation of these for the benefit of various processes
• You pay attention to details, but you also know how to keep an eye on the bigger picture and communicate it to stakeholders
• You will be responsible for requirements gathering, process design and configuration/customization of the ServiceNow IRM platform
• You will create high and low level process documents and collaborate on architecture design for implementation
• You can assess current IRM processes for maturity and automation on the ServiceNow platform
• Create and execute test plans and participate in UAT and production migration
• You have knowledge of frameworks such as ISO 27001 and NIS2.
• You have experience preparing dashboards and risk reports
• You keep an eye on using the platform out of the box and also dare to say no when customization is requested.
• Familiar with GRC (Governance, Risk & Compliance) processes and how they translate to ServiceNow IRM
• Familiarity with Agile/Scrum ways of working and tools such as Jira, Confluence
• Knowledge of process modeling techniques such as BPMN or similar
• Able to conduct stakeholder interviews and translate requirements into functional specifications

Skills:

• Certified ServiceNow IRM administrator
• Performed at least 2 ServiceNow IRM implementations