Governance Risk and Compliance Expert

At Quento, the ICT arm of the Qualco Group, we deliver comprehensive and innovative solutions across AI, Digital Engineering, Cloud, and Cybersecurity, helping businesses accelerate digital transformation. With a presence in Greece, Luxembourg, and Belgium, and backed by the expertise of the Qualco Group, we combine deep technical knowledge with strategic partnerships to support business growth.

• Master's degree
• Minimum 5 years of IT professional experience
• Minimum 4 years of experience in a similar position
• At least 5 years of personal data protection compliance experience in ICT, EU institutional, public-sector or similar environments
• At least 3 years of hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPA, TIA or related personal data protection documentation
• At least 2 years of experience analysing and documenting technical arrangements relevant to personal data protection
• Ability to work with incomplete or inconsistent ICT-related information and identify gaps or contradictions
• Comprehensive understanding of IT business strategy and services with legal, regulatory and standards requirements
• Lead development of standards and privacy policies ensuring acceptance and implementation
• Explain and communicate data protection topics to different audiences
• Understand legal framework modifications and adhere to ethical requirements
• Excellent knowledge of EU data protection legislation and regulations, data protection standards, policies, methodologies and frameworks, legal and regulatory compliance requirements, IT operations and IT services delivery
• Practical experience with privacy impact assessment standards and writing/reviewing records of processing activity
• At least 3 certifications among CISA, CISM, GSNA, GCCC, ISO 27001 Lead implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP, CRISC, CISSP-ISSMP, GIAC Certified ISO-27000 Specialist, or equivalent
• Very good knowledge of English language (C2)

• Ensure compliance of IT operations with data privacy and data protection standards, laws and regulations
• Assist in designing, implementing, auditing and compliance testing activities to ensure data and privacy compliance
• Identify, document and propose countermeasures to compliance gaps
• Advise on data protection matters, particularly in personal data processing
• Conduct privacy impact assessments
• Write and/or review records of processing activity on personal data and privacy statements
• Develop, maintain, communicate and train on data privacy policies and procedures
• Provide legal advice and guidance on data privacy and data protection standards, laws and regulations
• Enforce and advocate organisation’s data privacy and protection program
• Inform data owners, controllers, processors, and partners about their data protection rights and responsibilities
• Act as a contact point for queries and complaints regarding data processing
• Monitor audits and data protection related training activities
• Cooperate and share information with authorities and professional groups
• Contribute to the development of the organisation’s strategy, policy and procedures
• Develop and propose staff awareness training to foster a culture of data protection
• Manage legal aspects of information security responsibilities and third-party relations
• Ensure all activities comply with regulatory requirements and support the Group Anti-Bribery and Corruption Policy

• CV must be submitted in English
• Quento collects and processes personal data in accordance with the EU GDPR for recruitment purposes only
• Equal opportunity employer regardless of race, gender identity and expression, age, ethnicity or disability