Senior Governance Risk and Compliance Expert (GRCE) - Data Protection Specialist
Remote
AI Summary
Lead data protection efforts, ensuring compliance with EU regulations. Conduct impact assessments, develop policies, and advise on data privacy. Requires 5+ years of relevant experience and C1 English.
Key Highlights
Ensure IT operations comply with data privacy and protection standards
Conduct privacy impact assessments and document processing activities
Develop, maintain, and communicate data privacy policies and procedures
Technical Skills Required
Benefits & Perks
475-495€/day NWH; 850-860€/day EWH
Estimated 220 days x4 years NWH; 10 days x4 years EWH
100% remote work
Job Description
Profile: Governance Risk and Compliance Expert (GRCE) in support of DIG personal data protection activities (Data Protection, Data Privacy, Personal Data). Advanced Level.
Place of performance: 100% remote.
Duration of the mission: 48 months.
Security Clearance: Confidential / EU Confidential.
Minimum level of education: Level 7.
Minimum English language skills: C1.
Minimum IT relevant experience: 5 years (4 years in relevant Governance Risk roles).
Award Criteria: 65% Price / 35% Quality.
Minimum required scoring for interview: 70%.
Rate: 475-495€/day NWH; 850-860€/day EWH.
- Estimated NWH: 220days x4 years.
- Estimated EWH: 10days x4 years.
At least 3 certification among:
- CISA (Certified Information Systems Auditor).
- CISM (Certified Information Security Manager).
- GSNA (GIAC Certified Systems and Network Auditor).
- GCCC (GIAC Certified Critical Controls).
- ISO 27001 Lead implementer.
- ISO 27001 Lead Auditor.
- ISO 27005 Risk Manager.
- CAP ((ISC)2 Certified Authorization Professional).
- CRISC (ISACA Certified in Risk and Information Systems Control).
- CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional).
- GIAC Certified ISO-27000 Specialist.
- Or equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I).
Interested in remote work opportunities in Development & Programming? Discover Development & Programming Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
- [01] Excellent knowledge and understanding of the EU data protection legislation and regulations.
- [02] Excellent knowledge of data protection standards, policies, methodologies and frameworks.
- [03] Excellent knowledge and understanding of legal, regulatory and legislative compliance requirements, recommendations and best practices.
- [04] Excellent knowledge and understanding of IT Operations and IT Services delivery.
- [05] Practical experience with privacy impact assessment standards, methodologies and frameworks.
- [06] Practical experience writing and reviewing records of processing activity on personal data for data controllers and privacy statements.
- [07] Comprehensive understanding of the IT business strategy and services and ability to factor into legal, regulatory and standards’ requirements.
- [08] Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organizational and IT processes.
- [09] Lead the development of appropriate standards and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties.
- [10] Explain and communicate data protection and privacy topics to different types of audience.
- [11] Understand, practice and adhere to ethical requirements and standards.
- [12] Understand legal framework modifications implications to the organisation’s data protection strategy and policies.
- [01] - PSF - At least 5 years of personal data protection compliance experience in an ICT, EU institutional, public-sector or similarly technology-heavy environment, including hands-on work with real systems, services or processing activities.
- [02] - PSF - At least 3 years of hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPA, TIA or related personal data protection documentation for real systems or processing activities, including data mapping and obtaining or validating input from system owners, technical owners, architects, operations, cybersecurity/SOC teams or vendors.
- [03] - PSF - At least 2 years of experience analysing and documenting technical arrangements relevant to personal data protection, including access rights, privileged access, logs or SIEM/log exports, retention, hosting, data flows, support access, transfers, processors or subprocessors.
- [04] - PSF - At least 2 years of experience analysing and documenting technical arrangements relevant to personal data protection, including data flows, access rights, privileged access, logs or SIEM/log exports, retention, hosting, support access, transfers, processors or subprocessors.
- [05] - INT - Ability to work with incomplete or inconsistent ICT-related information, distinguish confirmed facts, assumptions, open questions and missing evidence, identify gaps or contradictions between declared system behaviour and likely technical reality, and structure clear next steps or status for review or management follow-up.
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- Ensure compliance of IT operations with data privacy and data protection standards, laws and regulations.
- Assist in designing, implementing, auditing and compliance testing activities in order to Ensure data and privacy compliance.
- Identify, document and propose countermeasures to compliance gaps (if any).
- Advise on data protection matters, in particular in the context of personal data processing.
- Conduct privacy impact assessments.
- Write and/or review records of processing activity on personal data for data controllers and privacy statements.
- Develop, maintain, communicate and train upon the data privacy policies and procedures.
- Provide legal advice and guidance on data privacy and data protection standards, laws and regulations.
- Enforce and advocate organisation’s data privacy and protection program.
- Ensure that data owners, holders, controllers, processors, subjects, internal or external partners and entities are informed about their data protection rights, obligations and responsibilities.
- Act as a contact point to handle queries and complaints regarding data processing.
- Monitor audits and data protection related training activities.
- Cooperate and share information with authorities and professional groups.
- Contribute to the development of the organisation’s strategy, policy and procedures.
- Develop and propose staff awareness training to achieve compliance and foster a culture of data protection within the organization.
- Manage legal aspects of information security responsibilities and third-party relations.
- Nevertheless, Frontex may exceptionally request to carry out some services at other locations than Frontex Headquarters or other Contracting Authority’s premises.
Similar Jobs
Explore other opportunities that match your interests
Visa Sponsorship
Relocation
Remote
Job Type
Full-time
Experience Level
Mid-Senior level
OnTheGoSystems
Poland
Senior AI/LLM Engineer - Ruby on Rails
••••••
••••••
••••••
Job Type
••••••
Experience Level
••••••
OnTheGoSystems
Poland
Visa Sponsorship
Relocation
Remote
Job Type
Contract
Experience Level
Mid-Senior level
splendit
Poland