Cybersecurity Governance Risk and Compliance Consultant (Warsaw, 70% remote) – EU Public Organisations
Cybersecurity GRC Consultant for EU Public Organisations in Warsaw — 70% remote. 9+ years, 4+ certs, shape risk management, policy, and compliance for a high‑impact mission.
Cybersecurity Governance Risk and Compliance Consultant (Warsaw, 70% remote) – EU Public Organisations
Profile: Cybersecurity Governance Risk and Compliance Consultant - Level Advanced.
Securiy Clearance: Is required (security screening procedure must be initiated within first 45 days of assignment) - RESTREINT UE/EU RESTRICTED.
Place of performance: Frontex Headquarters in Warsaw. 70% remote + 30% on-site.
Travel: Not foreseen.
Minimum required scoring for interview (%): 70%.
Duration of the mission: 48 months.
Award criteria: 35% Price / 65% Quality.
Minimum level of education: Level 7.
Minimum English language skills (CEFR): C1.
Minimum IT relevant professional experience (years): 9 years.
Minimum experience at similar position (years): 8 years in relevant IT roles.
Rate: 460-488€/day NWH; 610-634€/day EWH; 12,70€/hour OnC.
· NWH: 230days x4 years.
Required certificates
At least 4 certifications among:
· CISA (ISACA Certified Information Systems Auditor).
· CISM (ISACA Certified Information Security Manager).
· CRISC (ISACA Certified in Risk and Information Systems Control).
· CISSP (ISC2 Certified Information Systems Security Professional).
· CGRC (ISC2 Certified in Governance, Risk and Compliance).
· CSSLP (ISC2 Certified Secure Software Lifecycle Professional).
· CCSP (ISC2 Certified Cloud Security Professional).
· CISSP-ISSMP (ISC2 Certified Information Systems Security Management Professional).
· GSNA (GIAC Certified Systems and Network Auditor).
· GCCC (GIAC Certified Critical Controls).
· GIAC Certified ISO-27000 Specialist.
· ISO 27001 Lead implementer or equivalent.
· ISO 27001 Lead Auditor or equivalent.
· ISO 27005 Risk Manager or equivalent.
· or for any listed above, an equivalent alternative certification recognized internationally (subject to acceptance as a valid credential by the Contracting Authority).
Knowledge and skills Knowledge:
· Cybersecurity related laws, regulations and legislations.
· Cybersecurity standards, methodologies and frameworks.
· Cybersecurity policies.
· Legal, regulatory and legislative compliance requirements, recommendations and best practices.
· Privacy impact assessment standards, methodologies and frameworks.
Skills:
· Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements.
· Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organisational processes, finance and business strategy.
· Lead the development of appropriate cybersecurity and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties.
· Conduct, monitor and review privacy impact assessments using standards, frameworks, acknowledged methodologies and tools.
· Explain and communicate data protection and privacy topics to stakeholders and users
· Understand, practice and adhere to ethical requirements and standards.
· Understand legal framework modifications implications to the organisation’s cybersecurity and data protection strategy and policies.
· Collaborate with other team members and colleagues.
Specific requirements:
· Minimum 5+ years of experience in cybersecurity GRC, with clear focus on cybersecurity risk management.
· Proven experience in designing or operatiationalising a cyber risk management framework.
· Hands-on experience in using ServiceNow GRC (IRM / Risk / Policy and Compliance modules).
· Demonstrated experience maintaining and managing a cybersecurity risk register.
· Experience integrating risk management with: Vulnerability management, Incident management, Cloud risk, Third-party risk.
· Experience contributing to cybersecurity maturity improvement programmes.
Typical tasks and responsibilities
· Ensure compliance with and provide legal advice and guidance on data privacy and data protection standards, laws and regulations.
· Identify and document compliance gaps.
· Conduct privacy impact assessments and develop, maintain, communicate and train upon the privacy policies, procedures.
· Enforce and advocate organisation’s data privacy and protection program.
· Ensure that data owners, holders, controllers, processors, subjects, internal or external partners and entities are informed about their data protection rights, obligations and responsibilities.
· Act as a key contact point to handle queries and complaints regarding data processing.
· Assist in designing, implementing, auditing and compliance testing activities in order to ensure cybersecurity and privacy compliance.
· Monitor audits and data protection related training activities.
· Cooperate and share information with authorities and professional groups.
· Contribute to the development of the organisation’s cybersecurity strategy, policy and procedures.
· Develop and propose staff awareness training to achieve compliance and foster a culture of data protection within the organization.
· Manage legal aspects of information security responsibilities and third-party relations.
- Departamento
- IT
- Puesto
- CONSULTOR/A
- Ubicaciones
- Warsaw
¿Qué ofrecemos?
-
Horarios
TheWhiteam ofrece horarios flexibles. Esto se debe a que buscamos cumplir objetivos, no llegar a una cantidad de horas.
-
Tecnologias
Las tecnologías más punteras, para estar actualizados a los cambios del momento.
-
Modalidad de Trabajo
Dada la situación TheWhiteam da la posibilidad de una modalidad de trabajo presencial, teletrabajo o mixta.
-
Ubicaciones
TheWhiteam da la posibilidad de trabajar en ubicaciones situadas por todo el mundo.
Lugar de trabajo
Formar parte de THEWHITEAM es colaborar con una empresa formada por profesionales con una dilatada experiencia en consultoría tecnológica.
Creemos firmemente que las empresas y clientes marcan el camino a seguir en el sector, pero éste lo construyen las personas. Consideramos de vital importancia que nuestra organización se fundamente en nuestro mejor activo y marca de valor añadido que es nuestro equipo humano.
Acerca de The White Team
Fundada en 2012 por consultores experimentados The Whiteam nace como consultora tecnológica de calidad con una misión clara; ayudar a las compañías de todo el mundo a optimizar su rentabilidad empresarial a través de un uso eficiente de las tecnologías de la información.