Itsme is looking for an IT risk and compliance specialist whose mission will be to build and maintain the itsme® “ISMS” Information Security Management System based on an extended ISO:IEC 27001/2 framework, and assist the CISO / DPO and SOC team with expertise on security and privacy governance as well as security best practices and technology advice. You will closely work together with our Development and Operations Teams as well as business stakeholders to identify and address information security and personal data risk, fully understanding and aligning with the itsme business requirements.
Tasks and responsibilities
- Continuously raise the awareness within the organization, possibly with suppliers and partners on the topics of Information Security, as well as protection of personal data;
- Identify, analyse and assess Information Security Risks and non-compliances in collaboration with the CISO / DPO;
- Develop and elaborate the Information Security Policies as part of the ISMS;
- Integrate the required safeguards in operational processes, configuration baselines and overall Information Architecture;
- Follow up of the itsme ISMS implementation and the Safeguards listed in the SOA together with the different teams and stakeholders within the organisation;
- Maintain the registry of personal data processing activities (ROPA), develop and update the Data Protection Impact Assessments (DPIA) required;
- Assist in the response to information security incidents and/or data breaches.
Typical tasks that will regularly land in your agenda:
- Updating the different ISMS and GDPR compliance documents and dashboards
- Elaboration of topical policy documents
- Meeting with colleagues on different IT Security and privacy topics
- Creating the summary of findings from internal validations and meetings
- Elaborating mitigations, presenting them, and plan their implementation with the CISO / DPO & colleagues
- Contribute to the internal and external audit missions