EU Data protection officer

Knowledge:

• Excellent knowledge and understanding of the EU data protection legislation and regulations.

• Excellent knowledge of data protection standards, policies, methodologies and frameworks.

• Excellent knowledge and understanding of IT Operations and IT Services delivery.

Skills: 

• Comprehensive understanding of the IT business strategy and services and ability to factor into legal, regulatory and standards’ requirements.

• Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organizational and IT processes.

• Lead the development of appropriate standards and privacy policies and procedures.

• Explain and communicate data protection and privacy topics to different types of audience.

Specific requirements:

[01] - PSF - At least 5 years of personal data protection compliance experience in an ICT, EU institutional, public-sector or similarly technology-heavy environment, including hands-on work with real systems, services or processing activities

[02] - PSF - At least 3 years of hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPA, TIA or related personal data protection documentation for real systems or processing activities, including data mapping and obtaining or validating input from system owners, technical owners, architects, operations, cybersecurity/SOC teams or vendors.

[03] - PSF - At least 2 years of experience analysing and documenting technical arrangements relevant to personal data protection, including access rights, privileged access, logs or SIEM/log exports, retention, hosting, data flows, support access, transfers, processors or subprocessors

[04] - PSF - At least 2 years of experience coordinating multiple concurrent personal data protection work items and driving them to closure, including prioritisation, ownership and deadline tracking, follow-up, escalation, closure evidence and version control.

[05] - INT - Ability to work with incomplete or inconsistent ICT-related information, distinguish confirmed facts, assumptions, open questions and missing evidence, identify gaps or contradictions between declared system behaviour and likely technical reality, and structure clear next steps or status for review or management follow-up"

Required certifications:

At least 3 certification among:

At least 3 certifications among:
[1] CISA (ISACA Certified Information Systems Auditor)
[2] CISM (ISACA Certified Information Security Manager)
[3] CRISC (ISACA Certified in Risk and Information Systems Control)
[4] CISSP (ISC2 Certified Information Systems Security Professional)
[5] CGRC (ISC2 Certified in Governance, Risk and Compliance)
[6] CSSLP (ISC2 Certified Secure Software Lifecycle Professional)
[7] CCSP (ISC2 Certified Cloud Security Professional)
[8] CISSP-ISSMP (ISC2 Certified Information Systems Security Management Professional)
[9] GSNA (GIAC Certified Systems and Network Auditor)
[10] GCCC (GIAC Certified Critical Controls)
[11] GIAC Certified ISO-27000 Specialist
[12] ISO 27001 Lead implementer
[13] ISO 27001 Lead Auditor
[14] ISO 27005 Risk Manager

or for any listed above, an equivalent alternative certification recognized internationally (subject to acceptance as a valid credential by the Contracting Authority)