Governance Risk and Compliance Expert

Governance Risk and Compliance Expert

📍 Location: Remote
📄 Contract: B2B
🗣 Language: English (C1+)
🏢 International Public Sector Environment

About the Role

We are looking for an experienced Governance Risk and Compliance Expert to support a large-scale international organization in ensuring compliance with data protection regulations, privacy standards, and governance frameworks across complex ICT environments.

This role combines expertise in GDPR compliance, privacy governance, risk management, information security, and regulatory advisory, working closely with legal, cybersecurity, IT operations, architecture, and business stakeholders.

Key Responsibilities

• Ensure compliance of IT operations with data protection laws, regulations, and privacy standards.

• Conduct and support privacy compliance assessments and audits.

• Perform and review DPIAs (Data Protection Impact Assessments), TIAs (Transfer Impact Assessments), DPA reviews, and Records of Processing Activities (RoPA).

• Analyse and document personal data processing activities, data flows, access controls, retention mechanisms, hosting arrangements, processors, and subprocessors.

• Identify compliance gaps and propose remediation measures.

• Develop, maintain, and improve privacy policies, procedures, standards, and governance frameworks.

• Provide expert guidance on GDPR and data protection matters across business and technical teams.

• Support privacy awareness initiatives, training programs, and compliance monitoring activities.

• Act as a key point of contact for privacy-related inquiries and regulatory matters.

• Collaborate with legal, cybersecurity, architecture, operations, and vendor management teams.

• Contribute to organizational privacy strategy and governance initiatives.

Required Experience

• Minimum 5 years of experience in data protection compliance within ICT, public sector, EU institutions, or similarly technology-driven environments.

• Minimum 3 years of hands-on experience preparing, reviewing, and maintaining:

  • DPIAs

  • TIAs

  • DPAs

  • RoPAs

  • Privacy notices and related documentation

• Experience working directly with:

  • System owners

  • Technical teams

  • Solution architects

  • Operations teams

  • Cybersecurity / SOC teams

  • External vendors

• Minimum 2 years of experience analysing technical controls relevant to personal data protection, including:

  • Access rights management

  • Privileged access

  • Logging and SIEM data

  • Data retention

  • Hosting environments

  • Data transfers

  • Processors and subprocessors

• Ability to assess incomplete or inconsistent technical information and provide structured recommendations.

Knowledge & Skills

Essential Knowledge

• EU Data Protection legislation and regulatory requirements.

• GDPR compliance frameworks and privacy governance.

• Data protection standards, methodologies, and best practices.

• Legal and regulatory compliance requirements.

• IT Operations and IT Service Management environments.

• Privacy Impact Assessment methodologies.

• Processing activities documentation and privacy statements.

Essential Skills

• Ability to translate legal and regulatory requirements into practical ICT controls.

• Strong understanding of privacy risks within organizational and technical processes.

• Experience developing privacy policies, standards, and procedures.

• Excellent communication skills across technical and non-technical audiences.

• Ability to interpret regulatory changes and assess their impact on organizational strategy.

• Strong stakeholder management and collaboration skills.

• High ethical standards and professional integrity.

Required Certifications

Candidates must hold at least 3 of the following certifications:

• CISA – Certified Information Systems Auditor

• CISM – Certified Information Security Manager

• GSNA – GIAC Certified Systems and Network Auditor

• GCCC – GIAC Certified Critical Controls

• ISO 27001 Lead Implementer

• ISO 27001 Lead Auditor

• ISO 27005 Risk Manager

• CAP – Certified Authorization Professional

• CRISC – Certified in Risk and Information Systems Control

• CISSP-ISSMP

• GIAC Certified ISO-27000 Specialist

Equivalent internationally recognized certifications may also be considered.

Nice to Have

• Experience within EU institutions or public sector organizations.

• Experience working in highly regulated environments.

• Background in information security governance, risk management, or compliance.

• Knowledge of NIS2, ISO 27001, ISO 27701, and related privacy frameworks.

• Experience supporting international audit and regulatory activities.

What We Offer

• Long-term international project.

• Opportunity to work within a highly regulated and complex ICT environment.

• Exposure to strategic privacy and data protection initiatives.

• Collaboration with multidisciplinary teams across Europe.

• Flexible working model and international environment.