Compliance Officer

---

Regulatory Monitoring

• Conduct ongoing regulatory and legal watch, monitoring and analysis of eIDAS v2, GDPR, AML; ETSI standards, ENISA guidance, relevant CSSF circulars, and other applicable national frameworks.
• Identify and interpret the impact of new regulatory and normative obligations.
• Anticipate future developments and prepare the organization for upcoming requirements.                                                                        

Compliance & Internal Control

• Define and drive the eIDAS v2 compliance strategy.
• Develop, update, and disseminate compliance policies, procedures, and registers.
• Perform internal audits and controls to assess the effectiveness of measures implemented, both within LuxTrust Group and across all subcontractors supporting trust services.
• Prepare for and support external audits, certifications, and qualification processes (QTSP).

· Monitoring & managing audit action plans as well as reporting: i.e. document requests & audit findings / remediation status / feedback on management response for recommendations / tracking-progress follow-up, etc.

· Performs periodic reviews and compliance controls to ensure continuous adherence to LuxTrust policies and applicable regulations.

· Advisory role in projects to assess compliance requirements.

· Management of AML procedures and controls.

Risk Management

• Identify, assess and monitor potential risks that could impact the LuxTrust’s operation and reputation.
• Define and oversee the implementation of remediation plans.
• Work closely with relevant LuxTrust teams and the DPO to ensure a consistent and integrated approach across teams.

· Regularly update metrics, track remediation progress and control maturity and effectiveness.

· Conducts third-party compliance assessments and documents gap analysis results.

· Coordinates with data owners to ensure accuracy and completeness of sensitive Company information

· Identify anomalies or suspicious patterns of activity.

· Monitors compliance/security blogs, articles, and reports to keep up to date on the latest compliance/security risks, threats, and technology trends and recommends ways to incorporates information into processes, procedures, and audit preparedness activities.

Advisory & Support

• Advice and support relevant internal teams to integrate compliance from the design phase (“compliance by design”).
• Provide expertise on trust services (electronic signature, seal, timestamping, eID, EUDI Wallet).
• Design, promote and deliver internal training and awareness programs.

Reporting & Coordination

• Produce clear and regular reports for senior management and, where required, supervisory authorities.
• Support senior management in embedding a strong compliance and risk culture.
• Continuously document and maintain evidence of compliance.
• Manage complaints, breaches and regulatory filings in a timely manner.
• Act as an interface between internal teams and regulators/supervisory authorities.

· Carrying out other duties as assigned

• Qualifications / diploma(s): Master’s degree in Law, Compliance, or Risk or Digital-related Sciences, or equivalent qualification.
• Years of experience in the area:

- At least 5 years’ experience in compliance, audit, governance or digital regulation.

- Previous experience in a highly regulated environment (banking, insurance, trust service provider, public sector) is a strong asset. Experience in the following areas is preferred: PKI, audits, security, risk assessments, information governance and privacy.

- Experience in developing, documenting and maintaining policies, processes, procedures and standards.

- Knowledge and experience in understanding documentation, and regulatory compliance requirements

• Technical competencies: Skills and knowledge of IT and Information security business with focus on PKI.
• Languages: French and English fluent. Any other language is an asset.
• Specific skills:

- Ability to synthesize

- Good knowledge of eIDAS v1/v2, GDPR, ETSI standards, and CSSF regulation.

- Good understanding of ETSI standards applicable to trust services.

- Familiarity with PKI models, digital identity governance, and certification/audit processes related to QTSPs.

- Knowledge of supervisory practices (ILNAS, CSSF national and European authorities).

- Strong analytical and problem-solving skills, with the ability to anticipate strategic impacts and relate them to appropriate controls.

- Strong writing and communication skills.

- Team-oriented positive mindset with the ability to foster collaboration around compliance topics.

- Proactive and adaptable with a focus on efficiency and solution driven.

Core competencies at LuxTrust:

• Analytical mindset & decision making
• Organizational fluency
• Personal effectiveness
• Results-driven
• Client service mindset
• Strategic vision
• Leadership

• A fixed-term of 12 months contract based in Capellen - Luxembourg
• A competitive salary, in accordance with your education and experience.
• Attractive benefits and advantages including an employee benefit plan, a gym, meal vouchers and additional holidays.
• A healthy work-life balance including flex work arrangements.
• Parking spaces for all employees.
• An open and transparent career path.
• Development and growth opportunities in a state-of-the art digital company.