Information Security & Compliance Specialist

Summary

We are looking for a Security and Compliance Specialist to take ownership of our day-to-day security governance and compliance operations. This role supports ISO 27001, DORA readiness, the EU Data Act, customer security expectations, and our internal ISMS. You will work closely with IT and engineering but act as the primary coordinator and operator of our core security and compliance processes.

This position is ideal for someone with a strong foundation in information security or compliance who wants to grow into a broader role as the company scales.

Key Responsibilities

Security Governance

• Operate, maintain, and continuously improve the Information Security Management System (ISMS).

• Monitor and track risk assessments, treatment plans, and ongoing control performance.

• Coordinate internal audits, management reviews, and quarterly control checks.

• Assist with incident response preparation, documentation, communication flows, and tabletop exercises.

• Support IT with vulnerability management, follow-ups, remediation tracking, and reporting.

Compliance Operations

• Prepare, organize, and maintain security framework (CIS, ISO 27001, etc>) evidence; ensure all controls remain audit-ready.

• Coordinate external audits and certification activities.

• Help maintain security and privacy documentation (policies, standards, procedures, guidelines).

• Support GDPR responsibilities, including:

• Maintaining ROPA

• Assisting with DPIA reviews

• Tracking privacy risks and mitigation measures

• Ensuring data retention, access, and deletion procedures are well-implemented

• Support alignment with DORA and EU Data Act requirements as they evolve.

• Ensure documentation, evidence, and processes remain aligned with EU regulatory expectations.

Customer and Vendor Assurance

• Help complete customer security questionnaires, due-diligence requests, and technical security responses.
  
  

• Maintain and operate the vendor risk management lifecycle: intake, screening, reviews, assessments, approvals, and periodic recertifications.
  
  

• Track third-party contracts to ensure security, privacy, and data-processing terms remain compliant.
  
  

• Assist CIO and IT to validate data transfer mechanisms and subprocessors.
  
  

Data Governance

• Collaborate with IT to maintain data asset inventories and data flow records across environments.
  
  

• Support data governance documentation related to access, portability, transparency, and the data lifecycle.
  
  

• Assist with updates required by EU Data Act obligations (access rights, interoperability, data sharing).
  
  

• Support data classification efforts and help ensure data handling aligns with policy.
  
  

 

Cross-Team Collaboration

• Work with IT and engineering on corrective actions, findings, and continuous improvements.
  
  

• Act as a central coordination point for security-related projects, evidence gathering, and readiness activities.
  
  

• Provide support during customer escalations, compliance reviews, or security discussions.
  
  

• Help cultivate a strong internal culture of security and privacy awareness.

Profile

The successful candidate has:

• 3–5 years in information security, IT governance, risk management, compliance, or privacy.
• Hands-on exposure to CIS, ISO 27001, SOC 2, GDPR, or internal audit environments.
• Experience supporting or operating compliance frameworks in SaaS or technology companies.
• Strong communication skills and the ability to work with technical and business teams.
• High attention to detail, structured execution, and exceptional follow-through.
• Fluent in English.

Nice to have: 

• Certifications such as Security+, CIPP/E, CIPM, CEH, CC, CCSP, or similar.
• Experience with DORA, NIS2, or EU Data Act requirements.
• Prior involvement in audit preparation or security questionnaire programs.
• Familiarity with identity and access management, vulnerability management, or cloud security basics.
• Exposure to privacy engineering concepts or data governance tooling.

What Guardsquare offers you

• A full-time job with a competitive salary package
• You are provided with the tools & flexibility to develop yourself successfully 
• An international environment where you will interact with motivated & open colleagues from different backgrounds
• A workplace where you can share and implement your ideas
• A hybrid work policy, which helps guarantee an excellent work-life balance

At Guardsquare, we take pride in being a diverse and multicultural company with team members representing numerous nationalities. We value different perspectives and opinions throughout the business which has contributed to our being the market leader in mobile application security. 

You will be part of a dynamic team that strives for excellence and focuses on continuous education and enhancement in skills. We encourage & empower our trusted colleagues to share their opinions, actively collaborate, and continue to learn and grow.

So, what are you waiting for? Join us! 

You can apply for this opportunity by filling out the application form below! 

About Guardsquare

Guardsquare offers the most complete approach to mobile application security on the market. Built on the open source ProGuard technology, Guardsquare’s software integrates seamlessly across the development cycle. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication.

More than 900 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.

Guardsquare is based in Leuven (Belgium) with offices in Boston (USA) and Munich (Germany).