Compliance Consultant

itsme® has fundamentally changed how people lead their digital lives in Belgium, but we are not stopping there! Do you want to be a driving force to help expand on this success story as part of a talented team that is making a positive impact on society? Then keep on reading, you’ll probably like what you’ll see.

We are itsme®, one of Europe’s fastest-growing scale-ups, with 115 team members and growing. Our mission: to provide a state-of-the-art digital identity solution for all people, enabling them to interact securely in the digital space. Now, only nine years after being founded, close to 8 million citizens use the itsme® app to identify themselves and sign documents online. Starting in Belgium, we successfully launched the itsme app in 32 European countries, with the ambition of becoming an internationally leading player.

We are looking for an ISMS / Compliance Consultant whose mission will be to build and maintain the itsme® “ISMS” Information Security Management System based on an extended ISO: IEC 27001/2 framework, and take a pivotal role in the Compliance, Risk and Audit department. He/she will assist the (Deputy-)CISO with expertise on security and privacy governance and recommend information security best practices.

You will work together with other teams throughout the organisation and business stakeholders to identify and address information security and personal data risk, aligning processes with the itsme business requirements. You will also assist in the regular audits, both internal and external, to provide transparency on our continued compliance.

The ISMS / Compliance Consultant will report to the Head of Risk & Compliance.

• Manage the agenda throughout the year to keep our company in line with the most critical regulatory requirements applied to our market, mainly driven by ISO27001 and related frameworks

• Develop and elaborate the Information Security Policies as part of the ISMS

• Check-in with other teams to validate that policies & processes are in line with daily practice and identify with them the need for updates where relevant

• Elaborate policy statements and formalization of processes that will help other teams be more effective, efficient and at the same time act in compliance

• To a great extend take the lead in internal audits and assist the CISO for external audits

• Maintain the registry of personal data processing activities (ROPA), develop and update the Data Protection Impact Assessments (DPIA) required

• Continuously raise the awareness within the organization, possibly with suppliers and partners on the topics of Information Security, as well as protection of personal data;

• Summarize and follow-up on the summary of findings from internal validations, audits and meetings