Compliance Officer (m/f). Luxemburgo

SUMMARY

The Compliance Officer will play a central role in aligning our services with regulatory obligations relating to inter

alia digital identities, qualified trust service providers (QTSPs), the European Digital Identity Wallet (EUDI Wallet)

,CSSF REGULATIONS and data protection.

As an internal reference point, the Compliance Officer will translate regulatory requirements into operational

practices and support as well as control all xxx teams in achieving end-to-end compliance.

Regulatory Monitoring

Conduct ongoing regulatory and legal watch, monitoring and analysis of eIDAS v2, GDPR, AML; ETSI

standards, ENISA guidance, relevant CSSF circulars, and other applicable national frameworks.

Identify and interpret the impact of new regulatory and normative obligations.

Anticipate future developments and prepare the organization for upcoming requirements

Compliance & Internal Control

Define and drive the eIDAS v2 compliance strategy.

Develop, update, and disseminate compliance policies, procedures, and registers.

Perform internal audits and controls to assess the effectiveness of measures implemented, both within

LuxTrust Group and across all subcontractors supporting trust services.

Prepare for and support external audits, certifications, and qualification processes (QTSP).

Monitoring & managing audit action plans as well as reporting: i.e. document requests & audit findings /

remediation status / feedback on management response for recommendations / tracking-progress

follow-up, etc.

Performs periodic reviews and compliance controls to ensure continuous adherence to LuxTrust policies

and applicable regulations.

Advisory role in projects to assess compliance requirements.

Management of AML procedures and controls

Risk Management

Identify, assess and monitor potential risks that could impact the LuxTrust's operation and reputation.

Define and oversee the implementation of remediation plans.

Work closely with relevant LuxTrust teams and the DPO to ensure a consistent and integrated

approach across teams.

Regularly update metrics, track remediation progress and control maturity and effectiveness.

Conducts third-party compliance assessments and documents gap analysis results.

Coordinates with data owners to ensure accuracy and completeness of sensitive Company information

Identify anomalies or suspicious patterns of activity.

Monitors compliance/security blogs, articles, and reports to keep up to date on the latest

compliance/security risks, threats, and technology trends and recommends ways to incorporates

information into processes, procedures, and audit preparedness activities.

Advisory & Support

Advice and support relevant internal teams to integrate compliance from the design phase

(“compliance by design”).

Provide expertise on trust services (electronic signature, seal, timestamping, eID, EUDI Wallet).

Design, promote and deliver internal training and awareness programs.

Reporting & Coordination

Produce clear and regular reports for senior management and, where required, supervisory authorities.

Support senior management in embedding a strong compliance and risk culture.

Continuously document and maintain evidence of compliance.

Manage complaints, breaches and regulatory filings in a timely manner.

Act as an interface between internal teams and regulators/supervisory authorities.

Carrying out other duties as assigned

REQUIRED SKILLS

Qualifications / diploma(s): Master's degree in Law, Compliance, or Risk or Digital-related Sciences, or

equivalent qualification.

Years of experience in the area:

- At least 5 years' experience in compliance, audit, governance or digital regulation.

- Previous experience in a highly regulated environment (banking, insurance, trust service provider,

public sector) is a strong asset. Experience in the following areas is preferred: PKI, audits, security,

risk assessments, information governance and privacy.

- Experience in developing, documenting and maintaining policies, processes, procedures and

standards.

- Knowledge of and experience in understanding documentation, and regulatory compliance

requirements

Technical competencies: Skills and knowledge of IT and Information security business with focus on PKI.

Languages: French and English fluent. Any other language is an asset. Ability to synthesize

Specific skills:

- Good knowledge of eIDAS v1/v2, GDPR, ETSI standards, and CSSF regulation.

- Good understanding of ETSI standards applicable to trust services.

- Familiarity with PKI models, digital identity governance, and certification/audit processes related to

QTSPs.

- Knowledge of supervisory practices (ILNAS, CSSF national and European authorities).

- Strong analytical and problem-solving skills, with the ability to anticipate strategic impacts and relate

them to appropriate controls.

- Strong writing and communication skills.

- Team-oriented positive mindset with the ability to foster collaboration around compliance topics.

- Proactive and adaptable with a focus on efficiency and solution driven.

Core competencies:

- Analytical mindset & decision making

- Organizational fluency

- Personal effectiveness

- Results-driven

- Client service mindset

- Strategic vision

- Leadership