Senior Governance Risk and Compliance Expert

SquareDev is a member of the QnR Group, a leading technology organization specializing in end-to-end custom software solutions, Artificial Intelligence, Cybersecurity, SAP S/4HANA, SAP Business One, ServiceNow, and FinTech solutions. SquareDev participates in research projects across Europe, collaborating with top universities and enterprises on AI, Data, and Cloud.

• At least 5+ years of IT experience and 4+ years in a GRC role.
• Master’s degree in Computer Science, Engineering or a related technical field.
• Hands-on data protection compliance experience in an ICT, EU institutional, or public-sector environment.
• Experience in preparing or reviewing RoPAs, DPIAs, Data Processing Agreements, and Transfer Impact Assessments, including data mapping and input validation from technical owners.
• Experience in documenting technical arrangements relevant to data protection: access rights, privileged access, logs/SIEM exports, retention, data flows, processors and subprocessors.
• Deep knowledge of EU data protection legislation, regulatory frameworks, and privacy standards.
• Ability to work with incomplete or inconsistent ICT information, distinguishing facts from assumptions, identifying gaps and structuring clear follow-up.
• Strong communication skills, able to explain data protection topics to both technical and non-technical audiences.
• English C1 level certification.
• At least 3 certifications from the following: CISA, CISM, GSNA, GCCC, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP, CRISC, CISSP-ISSMP, GIAC Certified ISO-27000 Specialist, or internationally recognised equivalent.

Nice to have:

• Prior experience in an EU institutional environment.
• Familiarity with the practical implications of evolving EU legal frameworks on organisational data protection strategy.
• Experience collaborating across multidisciplinary teams including cybersecurity, SOC, and architecture functions.

• Ensuring IT operations comply with data privacy laws, regulations and standards.
• Conducting privacy impact assessments (DPIAs) and maintaining records of processing activities (RoPAs).
• Identifying compliance gaps and proposing practical countermeasures.
• Advising on data protection matters, particularly around personal data processing.
• Developing, maintaining and communicating data privacy policies and procedures.
• Delivering staff awareness training to foster a culture of data protection.
• Acting as the contact point for queries and complaints related to data processing.
• Cooperating with authorities and professional groups on data protection matters.
• Managing legal aspects of information security and third-party relations.