
Governance Risk and Compliance Expert
Posted 14 hours ago

Posted 14 hours ago
This is a fully remote position, open to applicants in Poland.
• Ensure that IT operations adhere to data privacy and protection standards, laws, and regulations.
• Support the design, implementation, auditing, and compliance testing initiatives to guarantee data and privacy compliance.
• Identify, document, and recommend countermeasures for any compliance gaps that may arise.
• Provide guidance on data protection issues, particularly regarding the processing of personal data.
• Conduct assessments of privacy impact.
• Draft and/or review records of processing activities related to personal data for data controllers and privacy statements.
• Develop, sustain, communicate, and educate stakeholders on data privacy policies and procedures.
• Offer legal advice and direction on data privacy and protection standards, laws, and regulations.
• Promote and enforce the organization's data privacy and protection program.
• Ensure that data owners, holders, controllers, processors, subjects, and both internal and external partners are informed of their rights, obligations, and responsibilities regarding data protection.
• Serve as a point of contact for managing inquiries and complaints related to data processing.
• Oversee audits and training activities related to data protection.
• Collaborate and exchange information with authorities and professional organizations.
• Contribute to the formulation of the organization’s strategy, policies, and procedures.
• Develop and propose training for staff to enhance compliance and promote a culture of data protection within the organization.
• Manage the legal aspects of information security responsibilities and relationships with third parties.
• Master's degree coupled with 5 years of professional experience in a relevant IT field.
• At least 4 years of experience in a similar role.
• Minimum English language proficiency (CEFR): C1.
• A minimum of 3 certifications from the following (mandatory): CISA, CISM, GSNA, GCCC, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP, CRISC, CISSP-ISSMP, GIAC Certified ISO-27000 Specialist, or equivalent internationally recognized certification (subject to acceptance as a valid credential by the Contracting EU-I).
• A minimum of 5 years of experience in personal data protection compliance within an ICT, EU institutional, public-sector, or similarly technology-intensive environment.
• At least 3 years of hands-on experience in preparing, updating, or reviewing RoPAs, DPIAs, DPAs, TIAs, or related personal data protection documentation for actual systems or processing activities.
• At least 2 years of experience in analyzing and documenting technical arrangements pertinent to personal data protection, including access rights, privileged access, logs or SIEM/log exports, retention, hosting, data flows, support access, transfers, processors, or subprocessors.
• Employees have the option to work remotely.
UltraCon Consultoria
ZeOmega
Kitsch
Get handpicked remote jobs straight to your inbox weekly.