Policy Officer

Cyber Legal, Policy & Compliance Officer (Freelance)

We are looking for a strategic Lead Cyber Legal, Policy & Compliance Officer to join a long-term project. This role is pivotal in navigating the complex intersection of EU cybersecurity law, data protection, and operational risk management.

Project Overview

• Role: Lead Cyber Legal, Policy & Compliance Officer
• Type: Freelance / Contractor
• Duration: Long-term project
• Start Date: July 2026
• Capacity: 3 days per week
• Location: Luxembourg (EU Nationality Required)

Role Scope & Responsibilities

The successful candidate will serve as the primary authority on regulatory adherence, ensuring the organization meets all statutory obligations while fostering a culture of security awareness.

• Regulatory Oversight: Monitor and ensure full compliance with EU cybersecurity directives (e.g., NIS2) and data protection regulations.
• Risk Management: Drive the adoption of robust cybersecurity risk management measures across the organization.
• Reporting Obligations: Oversee mandatory incident reporting and formal information-sharing protocols with relevant authorities.
• GDPR Stewardship: Ensure comprehensive GDPR compliance for all processes involving personal data.
• Management Advisory: Inform senior leadership on matters of legal liability, compliance status, and mandatory training requirements.

Key Deliverables

1. Compliance Manual: A comprehensive guide detailing policies, procedures, and internal controls.
2. Compliance / Gap Analysis Report: Periodic assessments identifying misalignments with EU regulations and providing remediation roadmaps.
3. Data Protection Impact Assessment (DPIA): Detailed analysis for all high-risk data processing activities.
4. Cyber Incident Report: Legal and compliance-focused documentation for regulatory filing following an incident.

Required Qualifications & Skills

Mandatory Requirements:

• Expertise: Significant experience in EU cyber law, policy drafting, and regulatory compliance.

Relevant Certifications (minimum one):

• ISACA CDPSE (Certified Data Privacy Solutions Engineer)
• ISACA CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)

Technical & Soft Skills:

• Profound knowledge of GDPR and the evolving EU cybersecurity legislative landscape.
• Ability to translate complex legal requirements into actionable technical policies.
• Strong diplomatic and advisory skills for communicating liability risks to management.