Data Protection Compliance Expert

This is a fully remote position, open to applicants in Poland.

📋 Description

• Ensure that IT operations comply with data privacy and protection standards, laws, and regulations.

• Support the design, implementation, auditing, and compliance testing activities to maintain data and privacy compliance.

• Provide advice on matters related to data protection, particularly concerning personal data processing.

• Perform privacy impact assessments.

• Draft and/or review records of processing activities related to personal data for data controllers and prepare privacy statements.

• Create, update, and communicate data privacy policies and procedures, along with training staff on these topics.

• Offer legal advice and guidance regarding data privacy and protection standards, laws, and regulations.

• Promote and enforce the organization's data privacy and protection program.

• Ensure that data owners, holders, controllers, processors, subjects, and both internal and external partners are aware of their rights, obligations, and responsibilities concerning data protection.

• Oversee audits and training activities related to data protection.

• Develop and suggest staff awareness training programs to ensure compliance and cultivate a culture of data protection within the organization.

⛳️ Requirements

• A Master's degree in a relevant field along with a minimum of 5 years of professional experience in IT, including 4 years in a similar role.

• At least 5 years of experience in personal data protection compliance within an ICT, EU institutional, public-sector, or similarly technology-intensive environment, with practical involvement in real systems, services, or processing activities.

• A minimum of 3 years of hands-on experience in preparing, updating, or reviewing Records of Processing Activities (RoPAs), Data Protection Impact Assessments (DPIAs), Data Processing Agreements (DPAs), Transfer Impact Assessments (TIAs), or similar documentation for actual systems or processing activities, including data mapping and collaboration with system owners, technical owners, architects, operations, cybersecurity/SOC teams, or vendors.

• At least 2 years of experience in analyzing and documenting technical arrangements pertinent to personal data protection, covering access rights, privileged access, logs or SIEM/log exports, retention, hosting, data flows, support access, transfers, processors, or subprocessors.

• Strong knowledge and understanding of EU data protection legislation and regulations.

• In-depth knowledge of data protection standards, policies, methodologies, and frameworks.

• Comprehensive understanding of legal, regulatory, and legislative compliance requirements, recommendations, and best practices.

• Excellent knowledge of IT Operations and IT Service delivery.

• Practical experience with privacy impact assessment standards, methodologies, and frameworks.

• Proven experience in writing and reviewing records of processing activities for data controllers and privacy statements.

• Required certifications: at least 3 from the following: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), GSNA (GIAC Certified Systems and Network Auditor), GCCC (GIAC Certified Critical Controls), ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP ((ISC)2 Certified Authorization Professional), CRISC (ISACA Certified in Risk and Information Systems Control), CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional), GIAC Certified ISO-27000 Specialist, or an equivalent internationally recognized certification.

• Excellent proficiency in spoken and written English (C1 level).

🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Opportunities for professional development and career advancement.

• Comprehensive health and wellness benefits.

• Flexible working hours and remote work options.

• Supportive and inclusive work environment.