P.H.W. (Paul) Willems RE CISA


16 april 1969

Huidige functie:

IT Auditor - Consultant - Tutor


Hogenakker 7


5438 AW








06 – 5312 8317



With a straight forward attitude and practical way of approaching and solving problems I am specialized in the field of ICT, information security and privacy. Within my former employers (e.g. ABN Amro Bank and Ernst & Young I had management responsibilities for several departments and audit teams. At this moment I am project manager and responsible for all kind of projects and audits, including certification assessments. It is my challenge to improve the awareness and level of information security and privacy in all kind of organisations


The last few years I conducted many assessments and projects for many clients and industries. Furthermore I am a tutor and developer of several training courses. I am specialized in all kind of projects and audits related to information security, privacy and management systems. I have a very deep knowledge about management systems especially ISO 27001, NEN7510, ISO20000 and ISO 9001. Besides my previous role as Sr. Lead Assessor I was Scheme Manager and Technical Reviewer ISO 27001 and NEN7510.


Think in opportunities!


> 20 years


·       Coaching

·       Strong communication skills

·       International experience

·       Business development

·       Commercial awareness

·       Innovation

·       Project management

·       Training


Executive Master EDP Auditing (RE)

Certified Information Security Auditor (CISA)

Prince II

Heao-ce (Bachelor degree)


·      Lead Assessor Course ISO 9001 and ISO 27001 (tutor)

·      Several trainings about management skills and leadership

·      Prince II (Project Management)

·      Lean / Six Sigma

Member of

Nederlandse Orde van Register EDP Auditors (Norea)


Project group NTA7515 (NEN)

President of a local football club

Referee of a local football club


'“Your app signature is more distinctive than your DNA”: Privacy Protection and Human Rights in the Age of Big Data' to be published during the Texas A&M University Conference in February 2016.

'Certificering van en in de Cloud' published in "Efficiënt Automatiseren", Praktijkvisies op Cloud Computing (2). April 2014 and published in 'Informatie' September 2015.

Several articles about several subjects which were published in e.g. LRQA's newsletter.

‘Houd de achterdeur gesloten; beveiliging van uw TCP/IP omgeving op de AS/400’, published in Info/400, February 2000



Dutch:               native

English:             good

German:            good

PiWi Consultancy B.V. 2015 - present

IT Auditor - consultant - tutor

Restart of my company with a strong focus on improving information security and privacy within organisations.


Lloyd's Register Quality Assurance B.V.  Rotterdam (2010-2015)

Sr. Lead Assessor / Project Leader and scheme manager ISO 27001 / NEN7510

Lead Assessor

Team co-ordinator for several for first class technology clients like Telco’s, datacenters, broad band internet, VOIP, Medical Centers. (ISO 9001 / ISO 27001 / NEN7510 / ISO2000).

Besides these clients I conducted assessments for e.g. production companies, Healthcare organisations, Accounting firms (Big 4), Employment Agencies and the Port of Rotterdam.


Project Leader (some examples:)

Entrepreneur of Information Security and Privacy projects within LRQA. Development of marketing strategy, responsible for sales activities (visiting prospects, writhing proposals and project plans and follow up of proposals). Also team member of several tender projects.

Several IT Risk Management project with several industries.

Testing new ERP system and delivering training in different languages.

Coaching of staff of clients to implement a management system

Development of several training sessions and workshops about different subjects and delivered these trainings to clients and to colleagues (e.g. Internal Audit ISO27001 - NEN7510 and Reporting for Assessors)

Development seal: Veilig HR Systeem (Seal for HR software developers)

Development DigiD audits (business development)

Development IT audit standards for software development in order of Ministry of Defence

Member of several project groups to develop new standards like Cloud Computing and NEN 7510

Scheme manager ISO 27001 and NEN7510

Coaching and monitoring assessors to facilitate them and give them the opportunity to develop oneself.

Support and coach assessors and answer their (many) questions about these schemes and ICT.

Responsible for Technical Review of assessment reports and make certificate decisions.

Support Sales with their sales activities about these schemes.


Tutor of several internal and external courses like Internal Auditing ISO27001, Internal Auditing NEN7510 and several bespoke courses.

2007 – 2010: PiWi Consultancy B.V.


Project Manager and team leader (5 team members - final responsibility) about implementation IT SOX controls for a first class Dutch insurance company with branches in Germany, UK and Belgium.

Consultant for Schuitema (retail) and Cordares (pension fund)

Compliance Officer (ING Assurantiekantoren B.V.)

IT auditor WPS Parking Solutions


2004 – 2007: ABN-Amro Bank: Manager Group Audit Zuid Nederland

Final responsibility for a department of 35 employees.

Supporting and coaching of employees

Project Leader and member of several global projects

Responsible for fraud investigation

1998 – 2004: Ernst & Young: Audit Manager

Audit- and Project Leader of many audits and project with many clients in all kind of industries


Tutor for several courses

1992 – 2003: Several Employers:


System engineer

Sales Representative


Download  mijn CV

Download my CV English