Governance Risk and Compliance Expert (Cybersecurity)

TL;DR

Governance Risk and Compliance Expert (Cybersecurity): Ensuring compliance of IT operations with data privacy and protection standards with an accent on auditing, risk assessment, and legal guidance. Focus on conducting privacy impact assessments, managing records of processing activity (RoPAs), and enforcing the organization's data protection program.

Location: Warsaw, Poland

Company

Specialist in managing complex public sector IT projects and systems integration, currently part of Accenture.

What you will do

• Ensure IT operations comply with data privacy laws and protection standards.
• Design and implement auditing and compliance testing activities to identify and mitigate gaps.
• Conduct privacy impact assessments (DPIAs) and maintain records of processing activity (RoPAs).
• Provide legal advice and guidance on data protection regulations and standards.
• Develop, communicate, and train staff on data privacy policies and procedures.
• Manage legal aspects of information security responsibilities and third-party relations.

Requirements

• Master's degree with at least 5 years of IT professional experience.
• Minimum 4 years of experience in a similar GRC position.
• English: C1 level required.
• At least 3 mandatory certifications among CISA, CISM, GSNA, GCCC, ISO 27001, ISO 27005, CAP, CRISC, CISSP-ISSMP, or equivalent.
• At least 5 years of personal data protection compliance experience in ICT or public-sector environments.
• Proven experience preparing and reviewing RoPAs, DPIAs, and DPAs for real systems and processing activities.