Aller au contenu
françaisfr
françaisfr
English

Governance Risk and Compliance Expert - Advanced

  • Remote, Hybrid
    • Warsaw, Poland

Job description

Knowledge:

  • Excellent knowledge and understanding of the EU data protection legislation and regulations.

  • Excellent knowledge of data protection standards, policies, methodologies and frameworks.

  • Excellent knowledge and understanding of IT Operations and IT Services delivery.

Skills: 

  • Comprehensive understanding of the IT business strategy and services and ability to factor into legal, regulatory and standards’ requirements.

  • Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organizational and IT processes.

  • Lead the development of appropriate standards and privacy policies and procedures.

  • Explain and communicate data protection and privacy topics to different types of audience.

Job requirements

Specific requirements:

  • At least 5 years of personal data protection compliance experience in an ICT, EU institutional, public-sector or similarly technology-heavy environment.

  • At least 3 years of hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPA, TIA.

  • At least 2 years of experience analyzing and documenting technical arrangements relevant to personal data protection, including access rights, privileged access, logs or SIEM/log exports, retention, hosting, data flows, support access, transfers, processors or sub processors

  • Ability to work with incomplete or inconsistent ICT-related information, distinguish confirmed facts, assumptions, open questions and missing evidence, identify gaps or contradictions between declared system behavior and likely technical reality, and structure clear next steps or status for review or management follow-up

Required certifications:

At least 3 certification among:
CISA (Certified Information Systems Auditor)
CISM (Certified Information Security Manager)
GSNA (GIAC Certified Systems and Network Auditor)
GCCC (GIAC Certified Critical Controls)
ISO 27001 Lead implementer
ISO 27001 Lead Auditor
ISO 27005 Risk Manager
CAP ((ISC)2 Certified Authorization Professional)
CRISC (ISACA Certified in Risk and Information Systems Control)
CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional)
GIAC Certified ISO-27000 Specialist
or equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I)

or

Remote, Hybrid
  • Warsaw, Poland
Sword Technologies N.V./S.A. logoPage d'accueil
Site web corporate de Sword GroupÀ propos de nousCarrièresPolitique de confidentialité