Governance Risk and Compliance Expert

Currently, for one of our Partners, we are looking for a Governance Risk and Compliance Expert experienced to support a long‑term project delivered for a European Union organization based in Warsaw.

• Excellent knowledge and understanding of EU data protection legislation and regulations
• Excellent knowledge of data protection standards, policies, methodologies and frameworks
• Excellent knowledge and understanding of legal, regulatory and legislative compliance requirements, recommendations and best practices
• Excellent knowledge and understanding of IT Operations and IT Services delivery
• Practical experience with privacy impact assessment standards, methodologies and frameworks
• Practical experience writing and reviewing records of processing activity on personal data for data controllers and privacy statements
• Comprehensive understanding of IT business strategy and services and ability to factor into legal, regulatory and standards’ requirements
• Ability to carry out working-life practices of data protection and privacy issues in organizational and IT processes
• Ability to lead development of standards and privacy policies and procedures and ensure their acceptance and implementation
• Ability to explain and communicate data protection and privacy topics to different audiences
• Understanding and adherence to ethical requirements and standards
• Understanding of legal framework modifications implications to data protection strategy and policies
• Collaboration skills with team members and colleagues
• At least 5 years of personal data protection compliance experience in ICT, EU institutional, public-sector or similar technology-heavy environment
• At least 3 years of hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPA, TIA or related personal data protection documentation
• At least 2 years of experience analysing and documenting technical arrangements relevant to personal data protection including access rights, logs, retention, hosting, data flows, support access, transfers, processors or subprocessors
• Ability to work with incomplete or inconsistent ICT-related information and identify gaps or contradictions
• Required certifications (at least 3 among): CISA, CISM, GSNA, GCCC, ISO 27001 Lead implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP, CRISC, CISSP-ISSMP, GIAC Certified ISO-27000 Specialist, or equivalent internationally recognized certification

• Ensure compliance of IT operations with data privacy and data protection standards, laws and regulations
• Assist in designing, implementing, auditing and compliance testing activities to ensure data and privacy compliance
• Identify, document and propose countermeasures to compliance gaps
• Advise on data protection matters, particularly in personal data processing
• Conduct privacy impact assessments
• Write and/or review records of processing activity on personal data for data controllers and privacy statements
• Develop, maintain, communicate and train upon data privacy policies and procedures
• Provide legal advice and guidance on data privacy and data protection standards, laws and regulations
• Enforce and advocate organisation’s data privacy and protection program
• Ensure that data owners, holders, controllers, processors, subjects, internal or external partners and entities are informed about their data protection rights, obligations and responsibilities
• Act as a contact point to handle queries and complaints regarding data processing
• Monitor audits and data protection related training activities
• Cooperate and share information with authorities and professional groups
• Contribute to the development of the organisation’s strategy, policy and procedures
• Develop and propose staff awareness training to achieve compliance and foster a culture of data protection within the organization
• Manage legal aspects of information security responsibilities and third-party relations