Information Security & Compliance Expert

Information Security & Compliance Expert has the role to take full ownership of our Information Security Management System (ISMS) and drive compliance across multiple frameworks including GDPR ISO 27001 ISO 62443 NIS2 the Cyber Resilience Act (CRA) and other relevant regulations existing or emerging in the future.

Your tasks & responsibilities:

ISMS Ownership & Governance

• Lead and maintain the full ISMS lifecycle: policies processes documentation reporting and continual improvement.
• Ensure alignment with GDPR ISO 27001 ISO 62443 NIS2 CRA and other applicable standards or regulatory requirements.
• Coordinate internal stakeholders to ensure all security controls are implemented maintained and evidenced.
• Maintain an up-to-date ISMS roadmap maturity plan and compliance dashboard.
• Provide support as necessary during other company audits such as ISO 9001.

Audit & Certification Management

• Plan prepare and coordinate internal and external audits (surveillance and recertification).
• Serve as the primary point of contact for auditors and certification bodies.
• Track audit findings monitor corrective action plans and ensure closure within deadlines.

Risk Management

• Facilitate regular risk assessments workshops and reviews.
• Maintain the risk register and ensure mitigation actions are assigned followed up and reported.
• Provide structured risk reports and recommendations to leadership.

Reporting & Governance Support

• Provide regular updates to senior management and the board regarding ISMS status risks compliance posture and performance indicators.
• Prepare management review materials required by applicable standards.

Supplier & Third-Party Security

• Manage supplier security requirements including due-diligence processes risk assessments and evidence reviews.
• Support procurement with security-related contractual clauses and compliance obligations.

Customer & Market Requirements

• Respond to customer security questionnaires RFPs and compliance inquiries.
• Maintain standardized responses and evidence packages to streamline customer interactions.

Regulatory and Legal Collaboration

• Work closely with the legal team to evaluate security-related contract clauses and regulatory requirements.
• Interpret new regulations (e.g. NIS2 CRA) and translate them into internal action plans and policies.

Cross-Functional Coordination

• Track and coordinate implementation of security controls by IT R&D After-Sales operations HR and other teams.
• Ensure that owners understand their obligations and deliver on them.
• Act as the internal glue that holds the ISMS together across departments.

Communication Coordination

• Acts as the single point of contact (SPOC) for all matters related to information security and compliance. Owns and drives regular proactive communication to the organization regarding security and compliance changes improvements risks incidents and issues ensuring transparency awareness and alignment across all departments.

Qualifications :

Required Skills & Experience

• Strong understanding of ISO 27001 ISO 62443 NIS2 CRA or similar security and compliance frameworks.
• Experience managing an ISMS or similar governance/compliance program.
• Capable of leading structured audits assessments and meetings.
• Excellent communicatorclear confident and able to work with all levels of the organization.
• Comfortable coordinating and influencing others without direct authority.
• Strong documentation organizational and project-management skills.
• Ability to interpret requirements and translate them into actionable steps.
• No technical background required but familiarity with typical IT/security concepts is helpful.

Personal Qualities

• Structured and reliable; keeps processes and people on track.
• Diplomatic but firm when enforcing compliance requirements.
• Detail-oriented thorough and documentation-focused.
• Proactive anticipates issues and drives continuous improvement.
• Comfortable handling deadlines multiple tasks and external scrutiny (auditors customers regulators).

Additional Information :

Unsolicited representations by third parties (recruitment agencies headhunters ...) of CVs via mail and/or telephone for our vacancies are considered as direct applications where no compensation is provided to the third party. 
Any T&Cs from these third parties will not be accepted unless upon signature of the T&Cs by a person in charge of HR.
Candidates remain registered in the system for 12 months and cannot be proposed again during this period.

Remote Work :

No

Employment Type :

Full-time