ISMS / GRC -implementator @ itsme
AMV04372
Functie
Your mission is to build and maintain the itsme® Information Security Management System (ISMS) based on an extended ISO: IEC 27001/2 framework. You will take a pivotal role in the Compliance, Risk, and Audit department, assisting the (Deputy-)CISO with expertise on security and privacy governance while recommending information security best practices. Working closely with various teams and business stakeholders across the organization, you will identify and address information security and personal data risks, aligning processes with itsme's business requirements. Furthermore, you will assist in regular internal and external audits to provide transparency regarding continued compliance.
Tasks and responsibilities
- Compliance agenda: Manage the agenda throughout the year to keep the company in line with critical regulatory requirements applied to the market, mainly driven by ISO 27001 and related frameworks.
- Policy development: Develop and elaborate Information Security Policies as an integral part of the ISMS.
- Process validation:Â Check-in with other teams to validate that policies & processes are in line with daily practice and identify with them the need for updates where relevant.
- Efficiency & compliance: Elaborate policy statements and formalization of processes that will help other teams be more effective, efficient and at the same time act in compliance
- Audit leadership: Take a lead role in internal audits and assist the CISO with external audit coordination.
- Data protection: Maintain the registry of personal data processing activities (ROPA), develop and update the Data Protection Impact Assessments (DPIA) required.
- Awareness: Continuously raise awareness within the organization and among partners regarding Information Security and personal data protection.
- Finding follow-up: Summarize and follow-up on the summary of findings from internal validations, audits and meetings.
Profiel
Background and experience
- A bachelor’s degree or equivalent experience
- Holder of an ISO 27001 Lead Auditor/implementer or equivalent certification. Other certifications (ISACA CISM / CISA, BCM, GDPR DPO …) will be a plus
- Proven work experience of 3 years or more with Information Security risk, Compliance Assessments, Policy and Process implementations, or similar areas of expertise
- Experience using Compliance Tools such as Vanta, Drata or similar
- Keywords in your expertise of compliance matters include (m)any of the following: ISO 27001 and ISO 27002, GDPR, eIDAS, NIS2 or standards and regulations linked to them like DORA, CRA and others
- Experience in environments where information security, personal data protection and business continuity and resilience are of utmost importance.
- Insights in information security technology applied across a broad spectrum, including Cloud technology and Cloud Security, Mobile App security, Web application security, …
- Knowledge of standards such as OWASP, NIST, OpenID Connect, … are a plus
- Knowledge of Cryptographic principles and/or Electronic Signatures are a plus
Competences
- A strong and convincing communicator who can deal with stakeholders at different hierarchical levels.
- Ability to develop clear, concise, and pragmatic guidelines in policies and procedures.
- Capable of collaborating across the organization to align processes with business needs.
Languages
- Native Dutch or French with full professional English proficiency.
Aanbod
- Work for a product that is essential to the digital identity of millions of citizens.
- You can implement your recommendations and see their real impact on policies.
- The company encourages substantial horizontal growth, allowing individuals to diversify their skills and responsibilities.
- An ambitious scale-up environment where integrity, inclusiveness, and innovation are core values.
- Modern offices in Brussels with flexibility for a 3-day remote work policy, with Monday as a fixed office day.
- A fixed contract, with an attractive compensation package
- Be a part of their national and international growth
Â
Amon is the exclusive recruitment partner for this position.
If interested, please do not hesitate to contact Micha Van De Vijver, mvd@amon.be
ISMS / GRC -implementator @ itsme
Belgian Mobile ID, known for the innovative itsme® app, is one of Europe's fastest-growing scale-ups. In 2017, itsme was founded through a unique collaboration of seven Belgian market leaders from the banking and telecommunications sectors with a clear mission: to offer a state-of-the-art digital identity solution to everyone, enabling secure and seamless interaction in the digital space.
itsme® has fundamentally changed digital interaction in Belgium and has grown into the country's official mobile identity. With the itsme® app, citizens can securely identify themselves, approve transactions, and even digitally sign official documents, without the need for card readers, passwords, or tokens. Today, this results in overwhelming success, with usage by close to 8 million citizens (more than 80% of the adult population in Belgium). More than 1 million actions are performed daily, and the app has been successfully launched in 17 European countries with the ambition to become an international leader.
The itsme® solution guarantees the highest security through the unique combination of the app, the mobile phone, and biometric or PIN identification. The service is recognized with the Level of Assurance 'High' e-identification means and as a 'qualified' provider of trust services for electronic signatures in the eIDAS regulation, which ensures the strictest security requirements and legal validity.
Whatsapp op jouw computer?
