Governance Risk and Compliance Expert - (RoC 54)
- On-site
- Varsovia, Dolnośląskie, Poland
Job description
Key Responsibilities
Ensure that IT operations comply with applicable data privacy and data protection laws,
regulations, standards and internal policies.
Support the design, implementation, audit and compliance testing of privacy and
data-protection controls.
Identify, document and propose remediation measures for compliance gaps.
Advise stakeholders on personal-data processing, privacy obligations and legal
requirements.
Conduct privacy impact assessments and support Data Protection Impact Assessments
(DPIAs).
Prepare and review Records of Processing Activities (RoPAs), privacy statements and
related compliance documentation.
Develop, maintain and communicate privacy policies, procedures, guidance and
awareness materials.
Act as a contact point for queries and complaints related to personal-data processing.
Support audits, training activities and cooperation with competent authorities and
professional groups.
Contribute to organisational strategy, policy development and third-party
information-security governance.
Job requirements
Requirements
Minimum 5 years of IT-relevant professional experience and at least 4 years in a similar
role.
Minimum education level: Level 7; English language skills: C1 or above.
At least 3 relevant internationally recognised certifications, such as CISA, CISM, CRISC,
ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager,
CISSP-ISSMP or equivalent.
Excellent knowledge of EU data-protection legislation and regulatory requirements.
Excellent knowledge of privacy standards, policies, methodologies and governance
frameworks.
Strong understanding of IT operations, IT service delivery and technology-heavy
institutional environments.
Hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPAs, TIAs and
related documentation.
Experience analysing data flows, access rights, privileged access, logs, retention, hosting,
transfers, processors and subprocessors.
Ability to work with incomplete or inconsistent technical information and clearly
distinguish facts, assumptions, gaps and open questions.
Core Skills
Ability to translate legal, regulatory and standards-based requirements into practical
controls and operating procedures.
Strong analytical, documentation and stakeholder-management capabilities.
Ability to explain complex privacy topics to technical and non-technical audiences.
High ethical standards, attention to detail and ability to collaborate across business, legal,
cybersecurity and operations teams.
Security and Delivery Conditions
Personal security clearance is required; the screening procedure must be initiated within
the first 45 days of assignment.
Required clearance level: CONFIDENTIEL UE / EU CONFIDENTIAL.
Delivery model: off-site service provision with an estimated 40% intra-muros / 60%
extra-muros ratio.
Travel is not foreseen.
or
All done!
Your application has been successfully submitted!
You've already applied for this job
We appreciate your interest in this position. Unfortunately, you have already applied for this job.