Michiel
van Es

Group Product Manager

bol · Utrecht, NL · Hybrid

Responsible for the user experience of Security Insights. Set strategy and vision alongside product teams and managers, kept it aligned to company strategy, and made sure stakeholder input actually fed back into the roadmap.

Team Lead & Product Manager

bol

Led the team and acted as Product Owner for the IT security team building the tooling that shows colleagues how they're tracking against their security KPIs. Advised on IT compliance strategy as an internal expert.

Team Lead, Product Owner & IT Compliance Officer

bol · The Randstad, NL

Led a team of 5 engineers focused on SecOps — scalable security monitoring, vulnerability scanning, dashboarding, and reviewing what scrum teams were shipping. Also led a mixed team of developers and IT auditors to build solutions for the IT compliance programme. As Compliance Officer, kept the company aligned to AVG/GDPR, financial audit, and PCI-DSS requirements — pragmatically, using an in-house control framework.

IT Compliance Officer & Project Lead, GDPR and Cloud

bol.com · Papendorp

Focused on GDPR, SOX/ICFR, PCI-DSS and ACM8 — and built an automation tool that let IT managers, control owners, risk managers, and engineers stay in control of compliance and risk with minimal friction. Led the GDPR and Cloud projects: audit readiness on one side, secure cloud provisioning on the other. Supported Ahold/Delhaize audits at bol.com.

• Pragmatic IT compliance & controls automation
• Disaster recovery
• Patch management
• 3rd-party library scanning in the build pipeline
• GDPR PII inventory

IT Compliance Officer

Booking.com · The Randstad, NL

Kept Booking.com compliant with SOX and PCI-DSS, working directly with engineers, developers, team leads, and auditors to find the balance between compliance and velocity — without losing the culture along the way.

IT Security Lead

bol.com · The Randstad, NL

Owned security for bol.com's environment end to end: BIA/risk analysis across all sites and applications, a security baseline for the new data center, a full PCI-DSS v3.0 SAQ, automated vulnerability scanning, and a monitoring & alerting platform — plus the reporting and stakeholder buy-in needed to actually get it all implemented.

Security Engineer

Sanoma Media · Amsterdam, NL

Secured the online environment behind 172 Sanoma Digital Netherlands websites and 500+ servers — vulnerability scanning against OWASP Top 10 and OSSTM, external audit coordination, ISO 27001/27002 policy work, and the ongoing dialogue with legal on Dutch and EU data law (WBP).

Security Engineer

TomTom · The Randstad, NL

Split between tier-2 system administration across 700+ servers in up to 3 data centers, and security engineering: vulnerability scanning, WAF administration, hardening procedures, AAA setup, and firewall rules — plus a standing seat in CAB meetings to keep releases stable.

Senior System Administrator / Engineer & Security Officer

Info.nl

Built the security foundation from the ground up using ISO 27002 as the target framework. Stood up 802.1X network access control, vulnerability scanning with OpenVAS/Nikto/Acunetix, two-factor authentication and external pentests for a major Dutch financial institution, and patch management across 500+ servers via Spacewalk.

System Administrator

Interswitch BV

Where it started: supporting 100 users at one of the Netherlands' biggest telcos on Novell Netware, NT and Windows 2000, alongside a Lucent ISDN phone central. First lessons in keeping a system stable for people who just need it to work.