Compliance Consultant

itsme® has fundamentally changed how people lead their digital lives in Belgium, but we are not stopping there! Do you want to be a driving force to help expand on this success story as part of a talented team that is making a positive impact on society? Then keep on reading, you’ll probably like what you’ll see.

We are itsme®, one of Europe’s fastest-growing scale-ups, with 115 team members and growing. Our mission: to provide a state-of-the-art digital identity solution for all people, enabling them to interact securely in the digital space. Now, only nine years after being founded, close to 8 million citizens use the itsme® app to identify themselves and sign documents online. Starting in Belgium, we successfully launched the itsme app in 32 European countries, with the ambition of becoming an internationally leading player.

We are looking for an ISMS / Compliance Consultant whose mission will be to build and maintain the itsme® “ISMS” Information Security Management System based on an extended ISO: IEC 27001/2 framework, and take a pivotal role in the Compliance, Risk and Audit department. He/she will assist the (Deputy-)CISO with expertise on security and privacy governance and recommend information security best practices.

You will work together with other teams throughout the organisation and business stakeholders to identify and address information security and personal data risk, aligning processes with the itsme business requirements. You will also assist in the regular audits, both internal and external, to provide transparency on our continued compliance.

The ISMS / Compliance Consultant will report to the Head of Risk & Compliance.

What your job looks like

• Manage the agenda throughout the year to keep our company in line with the most critical regulatory requirements applied to our market, mainly driven by ISO27001 and related frameworks

• Develop and elaborate the Information Security Policies as part of the ISMS

• Check-in with other teams to validate that policies & processes are in line with daily practice and identify with them the need for updates where relevant

• Elaborate policy statements and formalization of processes that will help other teams be more effective, efficient and at the same time act in compliance

• To a great extend take the lead in internal audits and assist the CISO for external audits

• Maintain the registry of personal data processing activities (ROPA), develop and update the Data Protection Impact Assessments (DPIA) required

• Continuously raise the awareness within the organization, possibly with suppliers and partners on the topics of Information Security, as well as protection of personal data;

• Summarize and follow-up on the summary of findings from internal validations, audits and meetings 

• A bachelor’s degree or equivalent experience.

• Holder of an ISO 27001 Lead Auditor/implementer or equivalent certification. Other certifications (ISACA CISM / CISA, BCM, GDPR DPO) will be a plus.

• Proven work experience of 5 years or more with Information Security risk, Compliance Assessments, Policy and Process implementations, or similar areas of expertise.

• Experience using Compliance Tools such as Vanta, Drata or similar.

• Keywords in your expertise of compliance matters include (m)any of the following: ISO 27001 and ISO 27002, GDPR, eIDAS, NIS2 or standards and regulations linked to them like DORA, CRA and others.

• Experience in environments where information security, personal data protection and business continuity and resilience are of utmost importance.

• Insights into information security technology applied across a broad spectrum, including Cloud technology and Cloud Security, Mobile App security, and Web application security.

• Knowledge of standards such as OWASP, NIST, and OpenID Connect is a plus.

• Knowledge of Cryptographic principles and/or Electronic Signatures are a plus.

• A strong and convincing communicator, you know how to deal with a multitude of stakeholders on different hierarchical levels both in and outside itsme®.

• Writing skills include the development of clear, concise and pragmatic guidelines in policies, procedures and instructions for colleagues & suppliers.

• Native Dutch or French with full professional English proficiency.

What we offer

• Being welcomed by an informal, enthusiastic, and ambitious team that is revolutionising how we safely manage our digital identity, in Belgium & beyond.

• Offices within walking distance from Brussels Central Station, with the possibility to work remotely 3 days a week.

• A contract of indefinite duration, with an attractive compensation package.

• An environment where we care a lot about our core values:

  • Integrity: being fair, honest & transparent so that we can be trusted.

  • Inclusiveness: being an open environment in which all team members' opinions are taken into account.

  • Innovation: building future-proof solutions by finding new ideas and methods to solve problems.