Cybersecurity Governance Risk and Compliance Consultant

At Ayesa Digital, we grow with you!

Every professional in our company is vital to us. Thanks to their talent, we continue to expand; today, we are a global team of over 11,000 people working toward a common goal.

Ayesa Digital is currently participating in high-impact European Union projects designed to address major European challenges and drive science and innovation. These are strategic technological projects based on collaborative initiatives that stand out for their international focus and a strong commitment to socially-oriented results.

We are seeking a highly skilled Cybersecurity Governance Risk and Compliance Consultant based in Warsaw.

What You Will Do (Responsibilities):

• Ensure compliance with and provide legal advice and guidance on data privacy and data protection standards, laws and regulations
• Identify and document compliance gaps
• Conduct privacy impact assessments and develop, maintain, communicate and train upon the privacy policies, procedures
• Enforce and advocate organisation’s data privacy and protection program
• Ensure that data owners, holders, controllers, processors, subjects, internal or external partners and entities are informed about their data protection rights, obligations and responsibilities
• Act as a key contact point to handle queries and complaints regarding data processing
• Assist in designing, implementing, auditing and compliance testing activities in order to ensure cybersecurity and privacy compliance
• Monitor audits and data protection related training activities
• Cooperate and share information with authorities and professional groups
• Contribute to the development of the organisation’s cybersecurity strategy, policy and procedures
• Develop and propose staff awareness training to achieve compliance and foster a culture of data protection within the organization
• Manage legal aspects of information security responsibilities and third-party relations

What We Are Looking For (Requirements):

Location & Language:

• Availability: Candidates must be currently residing in or willing to relocate to Warsaw, Poland.
• Language: Professional working proficiency in English (B2 level or higher). Knowledge of Polish is an advantage for local coordination.

Experience & Education:

• Cybersecurity related laws, regulations and legislations
• Cybersecurity standards, methodologies and frameworks
• Cybersecurity policies
• Legal, regulatory and legislative compliance requirements, recommendations and best practices
• Privacy impact assessment standards, methodologies and frameworks
• Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements
• Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organisational processes, finance and business strategy
• Lead the development of appropriate cybersecurity and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties
• Conduct, monitor and review privacy impact assessments using standards, frameworks, acknowledged methodologies and tools
• Explain and communicate data protection and privacy topics to stakeholders and users
• Understand, practice and adhere to ethical requirements and standards
• Understand legal framework modifications implications to the organisation’s cybersecurity and data protection strategy and policies
• Collaborate with other team members and colleagues

• Education: Secondary education (Level 4) or higher (IT-related degree preferred).

Certificacions:

At least 4 certifications among:

• CISSP (Certified Information Systems Security Professional)

• CISA (Certified Information Systems Auditor)

• CISM (Certified Information Security Manager)

• GSNA (GIAC Certified Systems and Network Auditor)

• GCCC (GIAC Certified Critical Controls

• ISO 27001 Lead implementer

• ISO 27001 Lead Auditor

• ISO 27005 Risk Manager

• CAP ((ISC)2 Certified Authorization Professional)

• CRISC (ISACA Certified in Risk and Information Systems Control)

• CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional)

• GIAC Certified ISO-27000 Specialist or equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I)

What We Offer:

• Prestigious projects within European institutions.
• International, innovative, and multicultural environments.
• Continuous support from a team of experts in EU projects.

If you are ambitious, enthusiastic, and seeking a new professional challenge in international projects with real-world impact, this is the place for you!

In accordance with Organic Law 3/2007 of March 22, the company is committed to promoting the defense and effective application of the principle of equality between men and women, preventing any type of labor discrimination based on sex, and guaranteeing equal entry opportunities. Furthermore, we promote diversity and reject any discrimination based on race, gender, functional diversity, religion, sexual orientation, gender identity, or any other personal or social condition, striving to build an inclusive and enriching environment.