Senior Governance Risk and Compliance Expert
Remote · Warsaw, Mazovia, Poland
Job Summary
Senior Governance Risk and Compliance Expert to join a public-sector client based in Warsaw, working remotely. You will ensure that IT operations comply with EU data protection laws, conduct privacy impact assessments (DPIAs) and maintain records of processing activities (RoPAs), identify compliance gaps and propose practical countermeasures, advise on data protection matters, develop and communicate data privacy policies and procedures, deliver staff awareness training, act as the contact point for queries related to data processing, and collaborate with authorities and third parties on information security considerations. You will manage legal aspects of information security and third-party relations, requiring strong knowledge of EU data protection legislation, regulatory frameworks, and privacy standards, with experience in documentation of data protection arrangements, data mapping, and risk-based improvement actions. English proficiency (C1) and multiple certifications from the listed programs are expected. Role may involve selection by QnR Group or its affiliates depending on the project.
Required Qualifications
- 5+ years of IT experience
- 4+ years in a Governance, Risk and Compliance (GRC) role
- Master’s degree in Computer Science, Engineering or a related technical field
- Hands-on data protection compliance experience in ICT, EU institutional, or public-sector environment
- Experience in preparing or reviewing RoPAs, DPIAs, Data Processing Agreements, and Transfer Impact Assessments including data mapping and input validation from technical owners
- Experience in documenting technical arrangements relevant to data protection: access rights, privileged access, logs/SIEM exports, retention, data flows, processors and subprocessors
- Deep knowledge of EU data protection legislation, regulatory frameworks, and privacy standards
- Ability to work with incomplete or inconsistent ICT information, distinguishing facts from assumptions, identifying gaps and following up
- Strong communication skills able to explain data protection topics to technical and non-technical audiences
- English at C1 level
- Certifications: CISA, CISM, GSNA, GCCC, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, CAP, CRISC, CISSP-ISSMP, GIAC ISO-27000 Specialist or internationally recognised equivalent
- Nice to have: prior experience in an EU institutional environment
- Familiarity with evolution of EU legal frameworks on data protection strategy
- Experience collaborating across cybersecurity, SOC, and architecture functions
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.